We use similiar gpg-based one in our Configuration Management infrastructure, works really well.
The data files are encrypted with keys of the CM main servers and other admins, GIt has history in case something that should not get removed got removed and if you want you can also force that the data will always be signed with certain keys on server side git hooks if you want to have more accountability than just git logs.
With little config even git diff/git log work showing unencrypted (if you have right key) content.
The data files are encrypted with keys of the CM main servers and other admins, GIt has history in case something that should not get removed got removed and if you want you can also force that the data will always be signed with certain keys on server side git hooks if you want to have more accountability than just git logs.
With little config even git diff/git log work showing unencrypted (if you have right key) content.