diff --git a/.gitattributes b/.gitattributes
index 91e7c4bb873..4d361af8b85 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1 +1 @@
-groups/client_id.json   filter=git-crypt diff=git-crypt
+groups/*.json   filter=git-crypt diff=git-crypt
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 1c5dea92af6..00000000000
--- a/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-/groups/token.json
diff --git a/groups/client_id.json b/groups/client_id.json
deleted file mode 100644
index 625ba132bcc..00000000000
Binary files a/groups/client_id.json and /dev/null differ
diff --git a/groups/k8s-infra-test-project-1896690daeb3.json b/groups/k8s-infra-test-project-1896690daeb3.json
new file mode 100644
index 00000000000..8a47d0fae4a
Binary files /dev/null and b/groups/k8s-infra-test-project-1896690daeb3.json differ
diff --git a/groups/reconcile.go b/groups/reconcile.go
index 5fc9823058d..b57bad85fed 100644
--- a/groups/reconcile.go
+++ b/groups/reconcile.go
@@ -76,21 +76,24 @@ func saveToken(path string, token *oauth2.Token) {
 }
 
 func main() {
-	b, err := ioutil.ReadFile("client_id.json")
+	jsonCredentials, err := ioutil.ReadFile("k8s-infra-test-project-1896690daeb3.json")
 	if err != nil {
-		log.Fatalf("Unable to read client secret file: %v", err)
+		panic(fmt.Sprintf("error reading credentials from file: %v", err))
 	}
 
-	// If modifying these scopes, delete your previously saved token.json.
-	config, err := google.ConfigFromJSON(b, admin.AdminDirectoryUserReadonlyScope,
+	config, err := google.JWTConfigFromJSON(jsonCredentials, admin.AdminDirectoryUserReadonlyScope,
 		admin.AdminDirectoryGroupScope,
 		admin.AdminDirectoryGroupMemberScope,
 		groupssettings.AppsGroupsSettingsScope)
 	if err != nil {
-		log.Fatalf("Unable to parse client secret file to config: %v", err)
+		panic(fmt.Sprintf("Unable to parse client secret file to config: %v\n. " +
+			"Please run 'git-crypt unlock'", err))
 	}
-	client := getClient(config)
+	config.Subject = "wg-k8s-infra-api-test@kubernetes.io"
 
+	ctx := context.Background()
+
+	client := config.Client(ctx)
 	srv, err := admin.New(client)
 	if err != nil {
 		log.Fatalf("Unable to retrieve directory Client %v", err)