Skip to content

Fix git-crypt in linked worktrees (per-worktree fallback)#333

Open
thebino wants to merge 2 commits into
AGWA:masterfrom
thebino:fix/worktree-keys-per-worktree
Open

Fix git-crypt in linked worktrees (per-worktree fallback)#333
thebino wants to merge 2 commits into
AGWA:masterfrom
thebino:fix/worktree-keys-per-worktree

Conversation

@thebino

@thebino thebino commented Jul 1, 2026

Copy link
Copy Markdown

Running git worktree add inside a git-crypt repository fails in the smudge filter:

git-crypt: Error: Unable to open key file - have you unlocked/initialized this repository yet?
error: external filter '"git-crypt" smudge' failed
fatal: <file>: smudge filter git-crypt failed

git-crypt resolves its internal state directory (.git/git-crypt, which holds the symmetric keys) from git rev-parse --git-dir. In a linked worktree that returns .git/worktrees/<name>, which never contains the keys — they only ever live in the shared common dir. So checkout of an encrypted file in the new worktree aborts.


This PR resolves the state directory per-worktree when it is already provisioned, and otherwise fall back to git rev-parse --git-common-dir:

  • Main worktree: unchanged (per-worktree dir == common dir).
  • Linked worktree with no local state: falls back to the shared key, so a fresh
    git worktree add checks out decrypted.
  • Linked worktree with its own provisioned state: keeps using it.

Because the per-worktree location still wins when present, this composes with
setups that keep the git-crypt filter config per-worktree
(extensions.worktreeConfig), giving independent per-worktree lock state
without duplicating the key
.


This is the minimal, shared-key approach. See companion #334 for a variant that preserves per-worktree lock state via a fallback. They touch the same function and are mutually exclusive — pick whichever fits.

Fixes #105

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

git worktree add in repo with encrypted commited file made encrypted fails.

1 participant