Git-agecrypt – transparent file-level encryption for Git

Name: Git-agecrypt – transparent file-level encryption for Git
Availability: InStock
Author: bartei81

by bartei81·Apr 27, 2026·7 points·0 comments

Visit Project View on HN

AI Analysis

●●SolidNiche GemShip It

Git-crypt replacement using age with YubiKey plugin support and deterministic ciphertext.

Strengths

•Age plugin ecosystem enables hardware key recipients like YubiKey PIV without GPG complexity.
•Blake3 sidecar ensures stable ciphertext—unchanged plaintext doesn't churn encrypted blobs.
•Per-path encryption policies in committed toml file, different recipients per sensitive file.

Weaknesses

•Fork of unmaintained project rather than original implementation, limited differentiation from git-crypt.
•Crowded category with SOPS, git-crypt, and Sealed Secrets already solving secret management.

Post Description

Greetings HN! I've forked the excellent work done by [vlaci/git-agecrypt](https://github.com/vlaci/git-agecrypt), looks like the original project has not been maintained for a while, so I decided to pick it up, update all the dependencies and add some thorough testing.

I like the ability to store sensitive data in public repositories, it's especially useful when bootstrapping new IaC repositories, you don't have anything at the beginning of a new project so there is no place yet to store secrets, this is "a way" of doing it.

I know you can use tools like SOPS but I think the transparent approach offered by tools like this one or git-crypt really shine for many use cases.

Looking forward to hear your feedback!