init with a pre-existing key file

[vraravam]

Great tool! I wanted to recreate my git repo - and so, I would like to initialize the git-crypt with the previously generated key file. Is this possible?

[dcerisano]

Full instructions here.

You need to export the key file from the original encrypted repo: git-crypt export ~/crypt.key (email this to yourself as an attachment so you always have it)

Now for every new clone your encrypted remote just do the following: git-crypt unlock ~/crypt.key

Note that you only have to git-crypt init once to get a key you can use for all repos. Just add your .gitattributes to an unencrypted repo and run: git-crypt unlock ~/crypt.key (this encrypts and unlocks your files) git-crypt status -f (this stages your encrypted files) Commit&Push (done!)

[srghma]

Tnx @dcerisano, I was able to make nix derivation that decrypts repo that was downloaded without .git dir

  git-crypt-unlock-src = key: src: stdenv.mkDerivation {
    name = "decrypted-source";
    inherit src;
    buildInputs = [ git-crypt git ];
    phases = [ "installPhase" ];
    installPhase = ''
      set -e

      mkdir -p $out

      # copy content of folder to $out
      cp -r $src/. $out

      cd $out

      # git crypt requires git
      git init

      # set only for this repo
      git config user.email "you@example.com"
      git config user.name "Your Name"

      git add --all
      git commit --quiet -m "foo"

      # prevent "error: unable to unlink old... permission denied"
      # see https://stackoverflow.com/questions/11774397/git-push-error-unable-to-unlink-old-permission-denied/11774432

      chmod -R +w $out

      git-crypt unlock ${key}

      rm -rfd .git
    '';
  };

  decrypted_my_src = git-crypt-unlock-src ./secrets/my.key my_src;