Distributed symmetric key management

[Boris Bilješković]

I have various directories that I need to keep in sync on various
machines.  To do so, I would like to, say, once a week, tar the
directories, encrypt them and push them on the internet.  On other
machines I'd pull accordingly.  This process itself is quite simple.  I
can come up with some bash magic for that.

Here's the tricky part:

Each directory has a key attached to it.  My main machine, which pushes
all changes, has 'access' to all keys.  My other machines just 'have' a
subset of all keys.  I do not think asymmetric encryption makes much
sense here.  Rather than that, I'd use symmetric encryption using keys
generated with 'gpg2 --gen-random 2'.  When I am setting up a new
machine, I can distribute the keys that I need on that machine using a
safe exchange medium.

Here's basically what I have:

Machine A (main machine):
keys: project-a key, project-b key, private-stuff key
directory project-a
directory project-b
directory private-stuff

Machine B:
keys: project-a key, project-b key
directory project-a
directory project-b

Machine C:
keys: private-stuff key
directory private-stuff

Machine A pushes project-a, project-b and private-stuff, encrypting
with the according keys.  Machine B pulls project-a and project-b,
decrypting with the keys it 'has', Machine C pulls private-stuff.

So, here is the problem.  How can I keep track of the keys?  I do not
like having them as plain text files laying in some directory.  Does
gpg-agent have some way of keeping them in a keyring?  If not, I am also
using gnome-keyring which can store passwords.  Is there any method to
forward keys from gnome-keyring to gpg2?