SaaSHub helps you find the best software and product alternatives Learn more →
Git-crypt Alternatives
Similar projects and alternatives to git-crypt
-
-
InfluxDB
InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
-
age
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
-
-
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
-
-
-
rage
A simple, secure and modern file encryption tool (and Rust library) with small explicit keys, no config options, and UNIX-style composability.
-
-
-
List-of-Dirty-Naughty-Obscene-and-Otherwise-Bad-Words
List of Dirty, Naughty, Obscene, and Otherwise Bad Words
-
-
-
-
-
-
typage
A TypeScript implementation of the age file encryption format, available as an npm package or as a bundled .js file.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
git-crypt discussion
git-crypt reviews and mentions
-
Git-crypt – transparent file encryption in Git
Git-crypt is a dead product with numerous unresolved issues and drawbacks.
Newer versions of git cause git to crash when invoking git-crypt[0].
It doesn’t scale with users: Off-boarding a key is a commit in git. Since it is trivially easy to rewind a git repo before the revocation commit and then decrypt with the revoked key, this means you need to rotate every key under management when any revoke is performed.
It provides the illusion of asymmetric key encryption, but your asymmetric key wraps a shared symmetric key used to encrypt the entire repository. This also means a user could roll the repository back before a key was revoked and steal the symmetric key used to protect the repository and then use that key to decrypt the repository any time in the future.
It doesn’t scale with the number of files under management. As a result of how it’s implemented, every invocation is a separate process launch. This means every file triggers an asymmetric unwrap of the symmetric key. If you’re protecting your GPG key with hardware keyfob, decrypting the repository will take a long time.
This product was cool for a while but is flawed… do yourself a favor: Mozilla’s SOPS is better when coupled with something like AWS KMS.
[0] https://github.com/AGWA/git-crypt/issues/273
-
Ask HN: How do you share and sync .env files and secrets with your team
Years ago, before going full on Vault, I was using git-crypt, a git plugin that uses gpg to encrypt files before committing them to the repo.
Not sure if it’s still fine, I see their last release is 2 years old nowadays.
https://github.com/AGWA/git-crypt
- Age is a simple, modern and secure file encryption tool, format, and Go library
- Why Can't My Mom Email Me?
-
Is it safe to commit a Terraform file to GitHub?
Apart from a few exceptions (like ansible for example, which supports native encryption), we moved away from encrypted secrets in git repos and use external things, depending on the platform (like parameter store / secrets manager for AWS or keyvault for Azure - both of these do track changes, btw), so I haven't looked for quite a while. Back in ye olden days we used https://github.com/AGWA/git-crypt which worked quite nicely, but the key management is cumbersome and it's based on GPG, which in itself is a bit of a light redish flag these days.
-
GitHub Private Repos Considered Private-Ish
How about encryption?
https://github.com/AGWA/git-crypt has been solid for me
-
Codeship jet alternative
You might want to check out git-crypt. It allows you to encrypt and decrypt files in a git repo without needing an external account, and supports .env files. That said, trying your hand at making one as a personal project could be a fun and rewarding experience!
-
Ask HN: Privacy-Conscious GitHub?
I hesitate to append this but one option I have seen thrown around and also debated is git-crypt [1] There are many caveats to doing this as any integrations that would need to read the file contents would also need to be able to decrypt the files so this may not be entirely useful and may add many levels of complexity and fragility.
[1] - https://github.com/AGWA/git-crypt
-
Vaults vs. Cryptomator? Security, Cloud syncing, integration?
The most interesting approach I've seen for this is https://github.com/AGWA/git-crypt
-
How can I Make this binary statically-linked?
Here is the Makefile.
-
A note from our sponsor - SaaSHub
www.saashub.com | 21 May 2025
Stats
AGWA/git-crypt is an open source project licensed under GNU General Public License v3.0 only which is an OSI approved license.
The primary programming language of git-crypt is C++.