git-crypt VS git-secret

Compare git-crypt vs git-secret and see what are their differences.

git-secret

:busts_in_silhouette: A bash-tool to store your private data inside a git repository. (by sobolevn)
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
git-crypt git-secret
50 22
8,115 3,679
- -
0.0 6.1
about 2 months ago 11 days ago
C++ Shell
GNU General Public License v3.0 only MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

git-crypt

Posts with mentions or reviews of git-crypt. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-04-11.
  • Why Can't My Mom Email Me?
    2 projects | news.ycombinator.com | 11 Apr 2024
    https://github.com/AGWA/git-crypt

    And occasionally to encrypt files, or receive encrypted files.

    These are practical things which are non-theoretical.

    > Using multiple keys don't offer added security or secrecy.

    Depends on how careful you are or want to be, with your private key. My house key isn't the same as my car key isn't the same as my bike key.

    > This is nothing like data harvesting

    Alright fair, bad example. What I was grumbling about was more the lack of any clear communication that you've been auto-opted-in to a feature on protonmail, with no user interface signal indicating so, leading to confusion for a couple months like in TFA. I definitely wasn't casting shade on the opengpg keyserver, nor protonmail. It's the "hey! I didn't check a box for this, and it's not mentioned anywhere in the protonmail docs" hidden functionality which could do with some clarification.

    I'm a forgetful creature. If I intentionally put my key on a keyserver, because I'm playing around and learning about PGP, will I make the connection between it and protonmail a few months down the line if I move my email account to them? Unlikely.

    It's a nice automated feature. Protonmail-to-protonmail e2e encryption makes a lot of sense. I just think protonmail-to-non-protonmail e2e needs a tooltip in the UI, and the option to opt out, potentially with the ability to opt out for specific email addresses. I wouldn't at all assume it would be on by default even IF I've been actively using PGP in my email clients, because it's something you usually have to manually set up yourself, very explicitly. That, and 99.9% of emails are plaintext.

    Anyhoo, one thing I forgot which kind of negates the "what if I have multiple encryption keys tied to my email" is the fact that the opengpg keyserver does tie 1 email address to 1 key so you can't publish multiple encryption keys, fair enough. Git-crypt and file encryption, I set my associated email address to use +tags eg [email protected], so as far as protonmail etc are concerned there's only one key per logical email address.

  • Is it safe to commit a Terraform file to GitHub?
    4 projects | /r/Terraform | 24 Jun 2023
    Apart from a few exceptions (like ansible for example, which supports native encryption), we moved away from encrypted secrets in git repos and use external things, depending on the platform (like parameter store / secrets manager for AWS or keyvault for Azure - both of these do track changes, btw), so I haven't looked for quite a while. Back in ye olden days we used https://github.com/AGWA/git-crypt which worked quite nicely, but the key management is cumbersome and it's based on GPG, which in itself is a bit of a light redish flag these days.
  • GitHub Private Repos Considered Private-­Ish
    3 projects | news.ycombinator.com | 4 Jun 2023
    How about encryption?

    https://github.com/AGWA/git-crypt has been solid for me

  • Codeship jet alternative
    1 project | /r/webdev | 18 May 2023
    You might want to check out git-crypt. It allows you to encrypt and decrypt files in a git repo without needing an external account, and supports .env files. That said, trying your hand at making one as a personal project could be a fun and rewarding experience!
  • Ask HN: Privacy-Conscious GitHub?
    1 project | news.ycombinator.com | 1 Apr 2023
    I hesitate to append this but one option I have seen thrown around and also debated is git-crypt [1] There are many caveats to doing this as any integrations that would need to read the file contents would also need to be able to decrypt the files so this may not be entirely useful and may add many levels of complexity and fragility.

    [1] - https://github.com/AGWA/git-crypt

  • Vaults vs. Cryptomator? Security, Cloud syncing, integration?
    2 projects | /r/kde | 30 Mar 2023
    The most interesting approach I've seen for this is https://github.com/AGWA/git-crypt
  • How can I Make this binary statically-linked?
    1 project | /r/learnprogramming | 9 Feb 2023
    Here is the Makefile.
    1 project | /r/cpp_questions | 8 Feb 2023
    I use git-crypt to encrypt files in git repositories quite a lot and I find that it doesn't work on RHEL-based distros because of some missing or out-of-date library. I need to build a statically linked binary.
  • How to Deploy and Scale Strapi on a Kubernetes Cluster 1/2
    13 projects | dev.to | 3 Feb 2023
    Store the Secrets in a repo using gitcrypt or another encryption tool.
  • I moved all my input files to a private repo and used it as a submodule
    4 projects | /r/adventofcode | 17 Jan 2023
    Consider using git-crypt for transparent encryption instead.

git-secret

Posts with mentions or reviews of git-secret. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-10-24.
  • Gittuf – a security layer for Git using some concepts introduced by TUF
    5 projects | news.ycombinator.com | 24 Oct 2023
    I've happily been using git-secret (https://sobolevn.me/git-secret/) for encrypting non-critical (i.e. non-production) secrets for a while now. It sounds like Gittuf will do a lot more than git-secret, but for the use case of encrypted files specifically, is there a significant different about with the approach that Gittuf has taken?
  • Ansible-based dotfiles with fancy nvchad-based neovim + tmux setup
    4 projects | /r/dotfiles | 23 Oct 2023
    Secrets inside the repo. All the credentials, ssh keys, VPN configs can be stored directly in the repo with support of the git secret. gpg key is optional: config works fine if it is not provided and secrets are not decrypted.
  • Modern Perl Catalyst: Docker Setup
    5 projects | dev.to | 2 Aug 2023
    You might notice that some of the environmental variables have funky values that look more like template placeholders. For example "SESSION_STORAGE_SECRET=${SESSION_STORAGE_SECRET}". That's because there's a .env file that contains those (you can see it in the root of the GitHub repository page. As a good practice I try to isolate anything that needs to be secret right off the top. So even though this is a development setup and would need work to turn it into a something suitable for production let's try to start off right not doing the wrong thing by hardcoding all our secrets into various files. At least now there's just one file to secure. And later on if you move to something really secure like Hashicorp's Vault product, or even something open source like git secret you won't have to hunt all over the place for the secrets to keep. Lets now look at the rest of the Catalyst application setup:
  • Terraform - How do you handle secrets?
    3 projects | /r/devops | 12 Jan 2023
    Checkout git-secret. https://git-secret.io/
  • [2022][Friendly Reminder] Don't commit your input files to Git
    9 projects | /r/adventofcode | 9 Dec 2022
    There‘s plugins like https://github.com/AGWA/git-crypt or https://git-secret.io that you can use to encrypt the files for yourself, so that they are available on multiple machines to you
  • how to automate the sharing .env file with the team?
    2 projects | /r/node | 16 Oct 2022
  • How to hide changes in GitHub repository from the public?
    2 projects | /r/github | 10 Oct 2022
    If you really want to have private repositories in GitHub, you will need to set up something like https://git-secret.io on top of git.
  • Using GNU Stow to manage your dotfiles (2012)
    9 projects | news.ycombinator.com | 27 Jul 2022
  • Would it be worth using a secrets management system?
    4 projects | /r/devops | 26 Jul 2022
    If you want a low config solution and not scared of gpg, https://git-secret.io/
  • git-secret vs Mozilla SOPS?
    2 projects | /r/selfhosted | 17 Jul 2022
    Hey guys, so I'm using git-secret as of now. Just stumbled across Mozilla SOPS today and finding it interesting. Which one you guys recommend and why? Advantages and disadvantages of each? I think SOPS is more robust and stable since it is being maintained by a large organization? Please correct me if I'm wrong. Help is appreciated.

What are some alternatives?

When comparing git-crypt and git-secret you can also consider the following projects:

git-secrets - Commit files with sensitive information like environment secrets safely encrypted in GitHub

sops - Simple and flexible tool for managing secrets

vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs

sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets

secret - Share Secrets securily

age - A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

passff - Read-only mirror of https://codeberg.org/PassFF/passff Pull requests and issues on GitHub cannot be accepted and will be automatically closed.

dendron - The personal knowledge management (PKM) tool that grows as you do!

Blackbox - Safely store secrets in Git/Mercurial/Subversion

helm-secrets - A helm plugin that help manage secrets with Git workflow and store them anywhere

passff-host - Read-only mirror of https://codeberg.org/PassFF/passff-host Pull requests and issues on GitHub cannot be accepted and will be automatically closed.

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

Did you konow that C++ is
the 6th most popular programming language
based on number of metions?