[thomasingalls]

If a key gets compromised, the encrypted secrets are compromised forever, since you can't be sure all the git clones everywhere can be updated with a new encryption key. Not to mention how fiddly it is to edit git history.

[dvtkrlbs]

I would assume if you are committing encrypted secrets you would make sure they are rotatable

[NewJazz]

But you can and should be rotating those secrets on some schedule regardless, and if you find out a key has been compromised you can immediately rotate the secrets.