To support multiple gpg keys added with --add-key, propellor should
- When it encrypts the privdata after a change, encrypt it to all keys
listed in
privdata/keyring.gpg. See this post explaining why and how encryption with multiple recipients work. - When --add-key adds a new key, it should re-encrypt the privdata, so that this new key can access it.
- When --add-key on behalf of another user, do not modify the signing key for
local git. This entails either splitting this command in two,
--add-keyand--set-signing-key, or adding another command--add-foreign-key, or perhaps determining if the key being added has a known secret key.