git-crypt VS nixpkgs

Compare git-crypt vs nixpkgs and see what are their differences.

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
git-crypt nixpkgs
50 986
8,108 16,610
- 3.3%
0.0 10.0
about 2 months ago about 1 hour ago
C++ Nix
GNU General Public License v3.0 only MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

git-crypt

Posts with mentions or reviews of git-crypt. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-04-11.
  • Why Can't My Mom Email Me?
    2 projects | news.ycombinator.com | 11 Apr 2024
    https://github.com/AGWA/git-crypt

    And occasionally to encrypt files, or receive encrypted files.

    These are practical things which are non-theoretical.

    > Using multiple keys don't offer added security or secrecy.

    Depends on how careful you are or want to be, with your private key. My house key isn't the same as my car key isn't the same as my bike key.

    > This is nothing like data harvesting

    Alright fair, bad example. What I was grumbling about was more the lack of any clear communication that you've been auto-opted-in to a feature on protonmail, with no user interface signal indicating so, leading to confusion for a couple months like in TFA. I definitely wasn't casting shade on the opengpg keyserver, nor protonmail. It's the "hey! I didn't check a box for this, and it's not mentioned anywhere in the protonmail docs" hidden functionality which could do with some clarification.

    I'm a forgetful creature. If I intentionally put my key on a keyserver, because I'm playing around and learning about PGP, will I make the connection between it and protonmail a few months down the line if I move my email account to them? Unlikely.

    It's a nice automated feature. Protonmail-to-protonmail e2e encryption makes a lot of sense. I just think protonmail-to-non-protonmail e2e needs a tooltip in the UI, and the option to opt out, potentially with the ability to opt out for specific email addresses. I wouldn't at all assume it would be on by default even IF I've been actively using PGP in my email clients, because it's something you usually have to manually set up yourself, very explicitly. That, and 99.9% of emails are plaintext.

    Anyhoo, one thing I forgot which kind of negates the "what if I have multiple encryption keys tied to my email" is the fact that the opengpg keyserver does tie 1 email address to 1 key so you can't publish multiple encryption keys, fair enough. Git-crypt and file encryption, I set my associated email address to use +tags eg [email protected], so as far as protonmail etc are concerned there's only one key per logical email address.

  • Is it safe to commit a Terraform file to GitHub?
    4 projects | /r/Terraform | 24 Jun 2023
    Apart from a few exceptions (like ansible for example, which supports native encryption), we moved away from encrypted secrets in git repos and use external things, depending on the platform (like parameter store / secrets manager for AWS or keyvault for Azure - both of these do track changes, btw), so I haven't looked for quite a while. Back in ye olden days we used https://github.com/AGWA/git-crypt which worked quite nicely, but the key management is cumbersome and it's based on GPG, which in itself is a bit of a light redish flag these days.
  • GitHub Private Repos Considered Private-­Ish
    3 projects | news.ycombinator.com | 4 Jun 2023
    How about encryption?

    https://github.com/AGWA/git-crypt has been solid for me

  • Codeship jet alternative
    1 project | /r/webdev | 18 May 2023
    You might want to check out git-crypt. It allows you to encrypt and decrypt files in a git repo without needing an external account, and supports .env files. That said, trying your hand at making one as a personal project could be a fun and rewarding experience!
  • Ask HN: Privacy-Conscious GitHub?
    1 project | news.ycombinator.com | 1 Apr 2023
    I hesitate to append this but one option I have seen thrown around and also debated is git-crypt [1] There are many caveats to doing this as any integrations that would need to read the file contents would also need to be able to decrypt the files so this may not be entirely useful and may add many levels of complexity and fragility.

    [1] - https://github.com/AGWA/git-crypt

  • Vaults vs. Cryptomator? Security, Cloud syncing, integration?
    2 projects | /r/kde | 30 Mar 2023
    The most interesting approach I've seen for this is https://github.com/AGWA/git-crypt
  • How can I Make this binary statically-linked?
    1 project | /r/learnprogramming | 9 Feb 2023
    Here is the Makefile.
    1 project | /r/cpp_questions | 8 Feb 2023
    I use git-crypt to encrypt files in git repositories quite a lot and I find that it doesn't work on RHEL-based distros because of some missing or out-of-date library. I need to build a statically linked binary.
  • How to Deploy and Scale Strapi on a Kubernetes Cluster 1/2
    13 projects | dev.to | 3 Feb 2023
    Store the Secrets in a repo using gitcrypt or another encryption tool.
  • I moved all my input files to a private repo and used it as a submodule
    4 projects | /r/adventofcode | 17 Jan 2023
    Consider using git-crypt for transparent encryption instead.

nixpkgs

Posts with mentions or reviews of nixpkgs. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-07-17.
  • NVIDIA Transitions Fully Towards Open-Source GPU Kernel Modules
    5 projects | news.ycombinator.com | 17 Jul 2024
  • Zed on Linux Is Here
    16 projects | news.ycombinator.com | 10 Jul 2024
    Am I missing something? NixOS has had it since April https://github.com/NixOS/nixpkgs/commits/nixos-unstable/pkgs...
  • Meta LLM Compiler: neural optimizer and disassembler
    1 project | news.ycombinator.com | 28 Jun 2024
    NixOS with its nixpkgs [0] and cache [1] would also not work if compilers weren't reproducible. Though they won't use something like PGO or some specific optimization flags as these would very likely lead to unreproducible builds. For example most distros ship a PGO optimized build of Python while nixos does not.

    [0] https://github.com/nixos/nixpkgs

    [1] https://cache.nixos.org/

  • The Pre-Scheme Restoration project is now underway
    6 projects | news.ycombinator.com | 21 Jun 2024
  • I've compared nearly all Rust crates.io crates to contents of their Git repos
    4 projects | news.ycombinator.com | 16 Jun 2024
    That's what nixpkgs does for Nix/NixOS. The package set is continuously built by a CI system and made publicly available: https://github.com/NixOS/nixpkgs#continuous-integration-and-...
  • Show HN: Brioche – A new Nix-like package manager
    6 projects | news.ycombinator.com | 3 Jun 2024
    Agreed. NixOS is a marvel of engineering to me, and kind of hard to go back from once you get used to it. Automatic snapshotting on every configuration change, the entire system state being configurable through text files and therefore never being ambiguous, being able to temporarily install stuff without it polluting your path for forever by using nix-shells, clearly being able to see and define stuff like boot parameters and kernel modules are just insanely wonderful things, all while still using (I think) a vanilla kernel and really no runtime overhead, allowing you to make an insanely lean system without ever being unsure if you're missing something. In my mind about as close to an "objectively better" way to handle an OS (at least for people who are technical). I have no desire to go back to any other distro for my server.

    But the Nix language itself is really quite annoying. I mean, I've more or less gotten used to its annoyances, and I do think that some of the DSLs it has are excellent (I really like the Nginx and systemd configuration stuff, for example), and a lot of the configs are just `services.myservice.enable = true` which is fine, but a lot of the time I'm kind of confused about what syntax is allowed and how loops work and the like. It's not horrible or anything, just a bit annoying because I'll occasionally have to do a nixos-rebuild like three or four times because I messed up some subtle syntax, and it's especially annoying if I have to go dig at the root Nix package to find out what I did wrong [1].

    I think decentralizing stuff in the form of flakes might be able to help with this, if for no other reason the area in which you'd be forced to look for configuration stuff could be reduced, but I do think NixOS would benefit from some rearchitecture.

    [1] Which happened yesterday with an ethernet card configuration: https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modu...

  • Linux virtual machines, with a focus on running containers
    9 projects | news.ycombinator.com | 27 May 2024
    I agree NixOS + docker/podman-compose is a good compromise but one has to be aware NixOS still run podman as root (1) [0]. What is very scary and defeat the purpose of rootless container.

    - [0] https://github.com/NixOS/nixpkgs/issues/259770

  • Enlightenmentware
    22 projects | news.ycombinator.com | 20 May 2024
    I don't think there's a right way to do it, you are correct in that learning NixOS is pretty tedious.

    Re: flakes, my personal opinion is to use flakes. While Flakes are imperfect, they still provide a lot of functionality that Nix doesn't otherwise have. In my mind, it's like Nix's equivalent of "Go modules" or something like that. I do feel like people who do not like flakes make many valid points (the boilerplate, the fact that the top-level flake expression is a subset of Nix for some reason, etc.) but the argument isn't that those problems shouldn't be solved, it's that flakes are a sub-optimal design. Since they're so proliferated throughout the ecosystem though, it is quite unlikely that Nix or any prominent fork will outright drop flakes support any time in the near future. For better or worse, Flakes are part of the Nix ecosystem for the foreseeable future. In my opinion, one may as well take advantage of that.

    If you haven't already, I'd get your feet wet with installing Nix on a non-NixOS machine first, and please feel free to ask questions about Nix in the NixOS Discourse "Help" section.

    I have some recommendations:

    1. https://github.com/nix-community/nix-direnv - Since Nix derivations usually wrap around other build systems, the entire derivation is recomputed when any file in it changes; using direnv, you can just get your normal dev tools upon cd'ing into your project directories. This gives you a lot of the benefits of Nix during local development, but with your normal stack, and without needing to globally install anything.

    2. If you are trying to build something, chances are you can find inspiration in Nixpkgs. Are you curious how you might package a Bevy game? No problem: literally search "bevy" on the Nixpkgs GitHub repo and see what comes up. I found a derivation that does: https://github.com/NixOS/nixpkgs/blob/master/pkgs/games/jump...

    3. If you use flakes, you should keep the flake "schema" handy. There are a lot of different kinds of flake outputs and there are different ways to specify the same thing, which is somewhat needlessly confusing; keeping the flake schema handy will make it easier to understand what Nix is looking for in a flake, which might make it easier to see what's going on (especially if it's obfuscated.) The most important takeaway here: A command like `nix run flake#attr` will try multiple different attributes. https://nixos.wiki/wiki/flakes#Flake_schema

    4. Likewise, I really recommend reading up on what NixOS modules are. NixOS modules are the basis for configurations on NixOS, and having a clear understanding of what is even going on with them is a good idea. For example, you should understand the difference between the Nix language's `import` directive, and using the NixOS modules `imports` attribute to import other NixOS modules. Understanding how the configuration merge works saves a lot of headache, makes it easier to understand how people's configurations works, and also makes it easier to modularize your own NixOS configurations, too. https://nixos.wiki/wiki/NixOS_modules

    Unfortunately though, there's just no way to make it "click", and I can't guarantee that it's worth all of the effort. For me, I felt it was, but yes, there's no one correct way to do it.

    But please feel free to ask questions if anything seems confusing.

  • Tracexec: TUI for tracing execve and pre-exec behavior
    5 projects | news.ycombinator.com | 8 May 2024
    This will drop you into a shell where `tracexec` is installed.

    [1]: https://github.com/NixOS/nixpkgs/pull/310158

  • Nix: The Breaking Point
    3 projects | news.ycombinator.com | 29 Apr 2024
    I don't think so. The article is probably intended for the Nix community, so the author doesn't need to convince HN that something is going on. If as an outsider you are interested then you need to look into it yourself, the community has no obligation to make their internal conflicts legible to the outside world.

    As an outsider myself, it certainly looks like something is going on as more than 20 Nixpkg maintainers left in a week: https://github.com/NixOS/nixpkgs/issues?q=label%3A%228.has%3...

What are some alternatives?

When comparing git-crypt and nixpkgs you can also consider the following projects:

git-secrets - Commit files with sensitive information like environment secrets safely encrypted in GitHub

asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more

sops - Simple and flexible tool for managing secrets

Home Manager using Nix - Manage a user environment using Nix [maintainer=@rycee]

sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets

git-lfs - Git extension for versioning large files

age - A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

easyeffects - Limiter, compressor, convolver, equalizer and auto volume and many other plugins for PipeWire applications

dendron - The personal knowledge management (PKM) tool that grows as you do!

spack - A flexible package manager that supports multiple versions, configurations, platforms, and compilers.

helm-secrets - A helm plugin that help manage secrets with Git workflow and store them anywhere

waydroid - Waydroid uses a container-based approach to boot a full Android system on a regular GNU/Linux system like Ubuntu.

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

Did you konow that C++ is
the 6th most popular programming language
based on number of metions?