git-age logo

git-age prskr

age cli encryption git
Use this command to install git-age:
winget install --id=prskr.git-age -e

git-age is a smudge/clean filter to encrypt/decrypt files in a git repository transparently

README

git-age

Go Report Card Go

Disclaimer

This project is based on age. I'm in no way affiliated with the original project.

A big shoutout to Filippo Valsorda for creating age and making it available to the public.

Introduction

Install

See INSTALL.md.

Getting started

Install hooks in global git config

git age install

This will add the git-age clean and smudge filters to your global git config.

Init repository to share secret files

git age init

# or if you want to add some comment to the generated key
git age init -c "My comment"

Add another user to an already prepared repository

Remarks: The repository has to be in a clean state i.e. no changes files.

Alice wants to share the secrets stored in her Git repository with Bob.

  1. Bob installs git-age on his machine and configures his global git config
git age install
  1. Bob generates a new key pair
git age gen-key

# or if you want to add some comment to the generated key
git age gen-key -c "My comment"

the generated private key will be stored automatically in your keys.txt

  1. Bob sends his public key to Alice
  2. Alice adds Bob's public key to her repository
git age add-recipient 

# or if you want to add some comment to the added key

git age add-recipient -c "My comment"

git age add-recipient will:

  1. add the public key to the repository (.agerecipients file)
  2. re-encrypt all files with the new set of recipients
  3. commit the changes

As soon as Alice pushed the changes to the remote repository, Bob can pull the changes and decrypt the files.

Tips and tricks

Diff of text files

Set the diff.age.textconv git config to cat to see plain text diffs of encrypted files.

git config --global diff.age.textconv cat

Configuration

For now git-age is configured either via environment variables or CLI flags. The most interesting part is where it reads and writes the private keys from. This can be configured via the GIT_AGE_KEYS environment variable or the --keys flag. By default git-age will store the private keys in $XDG_CONFIG_HOME/git-age/keys.txt.

PlatformConfig path
Linux$XDG_CONFIG_HOME/git-age/keys.txt i.e. $HOME/.config/git-age.keys.txt
macOS$HOME/Library/Application Support/git-age/keys.txt
Windows%LOCALAPPDATA%\git-age\keys.txt

Alternatives

  • git-crypt - based on GPG
  • git-private - not a Git clean/smudge filter but encrypts/decrypts on demand

Development

Required Tools

Install husky

Ensure golangci-lint and other checks are executed before commit.

go tool husky init
Versions
0.2.4
0.2.3
0.2.1
0.1.11
0.1.10
Website
github.com
License