Jenkins External Filter Failing build

I have a Jenkinsfile which uses a great 3rd party tool called git-crypt to decrypt secret data from a git repository. The pipeline looks like this:

pipeline {
  environment {
    GIT_GRYPT_GPG_KEY = credentials("git_crypt_gpg_key")
  agent {
    docker {
      alwaysPull true
  stages {
    stage("Unlock repository") {
      steps {
        sh 'git-crypt unlock $GIT_GRYPT_GPG_KEY'
... Do stuff with unlocked files...

When I rebuilt our jenkins box and tried to re-run this job, it failed with the following error:
GitHub has been notified of this commit’s build result

hudson.plugins.git.GitException: Command "git checkout -f 6dc0ebd6d65ab66b7f7433a9972438d84fdeeeaa" returned status code 128:
stderr: "git-crypt" clean: 1: "git-crypt" clean: git-crypt: not found
error: external filter "git-crypt" clean failed -1
error: external filter "git-crypt" clean failed
fatal: secret-file.yaml clean filter 'git-crypt' failed

The job would not run successfully until I manually installed the tool git-crypt on the jenkins box with apt-get install.

If the tool git-crypt IS installed inside of the docker container, and is not called outside of that container, why is jenkins throwing this error?? What does “error: external filter” failed mean?? This looks to me like the pipeline is expecting the tools used inside of the container in the pipeline to exist on the box outside of the container, which seems completely unnecessary to me.

Help appreciated!!