macOS
brew install git-cryptlocal Homebrew formula metadata
sudo port install git-cryptMacPorts ports tree · devel/git-crypt/Portfile · Quelle: api.github.com
brew
Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für git-crypt in AI-Agent-Workflows.
Installation
brew install git-cryptlocal Homebrew formula metadata
sudo port install git-cryptMacPorts ports tree · devel/git-crypt/Portfile · Quelle: api.github.com
sudo apk add git-cryptAlpine Linux edge package indexes · git-crypt · Quelle: dl-cdn.alpinelinux.org
sudo apt install git-cryptDebian stable package indexes · git-crypt · Quelle: deb.debian.org
sudo dnf install git-cryptFedora Rawhide package metadata · git-crypt · Quelle: dl.fedoraproject.org
nix profile install nixpkgs#git-cryptnixpkgs package indexes · pkgs/by-name/gi/git-crypt/package.nix · Quelle: api.github.com
sudo pacman -S git-cryptArch Linux sync databases · git-crypt · Quelle: geo.mirror.pkgbuild.com
sudo zypper install git-cryptopenSUSE Tumbleweed package metadata · git-crypt · Quelle: download.opensuse.org
scoop install main/git-cryptScoop official bucket manifest trees · bucket/git-crypt.json · Quelle: api.github.com
Überblick
Enable transparent encryption/decryption of files in a git repo
Verlauf
git-crypt is Andrew Ayer's transparent encryption tool for selected files in a Git repository. It uses Git filters so protected files are encrypted in commits and decrypted in a working tree after the repository is unlocked.
The Git history starts in July 2012, and the first release, 0.1, followed in November 2012. The author's project page explains the motivation: protecting secret material in a configuration-management repository while still letting other people inspect and contribute to the non-secret parts.
Version 0.4 in 2014 was a major workflow release: it added optional GPG support, stored the symmetric key inside `.git`, added multiple-key support, introduced `git-crypt status`, and began experimental Windows support. Version 0.5 in 2015 added the man page and improved lock and unlock performance with newer Git versions.
Later releases were maintenance-oriented. Version 0.6 in 2017 added OpenSSL 1.1 support, switched to C++11, honored Git configuration such as `gpg.program`, and added `git-crypt.repoStateDir`. Version 0.7 in 2022 addressed macOS argument-list issues, and version 0.8 in 2025 adjusted OpenSSL support and avoided problematic short GPG key IDs.
git-crypt became a common answer for repositories that are mostly public or shareable but contain a small number of encrypted secrets. Its README and project page stress graceful degradation: contributors without the key can clone and commit, but cannot read encrypted file contents.
Package-manager adoption is broad for a niche security tool, with packages across Homebrew, Debian and Ubuntu, Fedora-family distributions, MacPorts, Nix, Arch-family repositories, Scoop, and others in the input metadata. That breadth reflects stable CLI demand rather than a large framework ecosystem.
Users initialize a repository with `git-crypt init`, mark protected paths in `.gitattributes` with `filter=git-crypt diff=git-crypt`, and unlock after cloning with either GPG keys or an exported symmetric key.
Practitioners use it for secrets that belong beside source or infrastructure code, such as private keys, passwords, API credentials, or environment-specific files. The documentation is explicit about limits: file names, commit messages, symlink targets, and other metadata are not encrypted, and access revocation is not solved for old history.
git-crypt is significant because it turns Git's filter machinery into a packaging-friendly secrets workflow without requiring a service, a custom remote, or a separate encrypted repository. That simplicity made it attractive to developers who wanted secrets-in-repo ergonomics with ordinary Git hosting.
It also has the classic maintainer tradeoffs of a security CLI: OpenSSL compatibility, GPG behavior, Git filter semantics, deterministic encryption constraints, and clear documentation of what is not protected.
Sicherheitslage
broad file, network, media, or database tool signal.
blue Risiko · mittel Konfidenz · tool
Prüfe vor unbeaufsichtigter Agent-Nutzung, ob das Tool Klartext-Credentials liest, Remote-Zustand schreibt, Artefakte veröffentlicht oder Plugins ausführt.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
.gitattributes.git-crypt/Executables
| Befehl | Art | Sichtbarkeit | Hinweis |
|---|---|---|---|
git-crypt | cli | globales Executable |
Aktualität
Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.
https://www.agwa.name/projects/git-crypt/
Installationsmetadaten
| Paketschlüssel | brew:git-crypt |
|---|---|
| Version | 0.8.0 |
| Paketmanager | Homebrew |
| Paketmanager-Seite | https://formulae.brew.sh/formula/git-crypt |
| Homepage | https://www.agwa.name/projects/git-crypt/ |
| Repository | https://github.com/AGWA/git-crypt |
| Upstream-Dokumentation | https://github.com/AGWA/git-crypt#readme |
| Lizenz | GPL-3.0-or-later |
| Quellarchiv | https://www.agwa.name/projects/git-crypt/downloads/git-crypt-0.8.0.tar.gz |
| Zuletzt aktualisiert | 2026-05-25T16:07:30Z |
| Pulse | updated |
| Abhängigkeiten | openssl@4 |
| Build-Abhängigkeiten | docbook, docbook-xsl |
| Bottle | verfügbar (auf arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | nicht definiert |
| Dienst | keiner deklariert |
Registry-Fakten
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | git-crypt |
| Version Scheme | 0 |
| Revision | 1 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
Source-Datenbank-Treffer
Treffer stammen aus externen Paketmanager-Indizes und bleiben von lokalen Automic-Vault-Paketlinks getrennt.
git-crypt 0.7.0-0.1+b1
Transparent file encryption in git
https://www.agwa.name/projects/git-crypt
sudo apt install git-cryptgit-crypt
nix profile install nixpkgs#git-cryptgit-crypt 0.7.0-0.1build3
Transparent file encryption in git
https://www.agwa.name/projects/git-crypt
sudo apt install git-cryptgit-crypt 0.7.0-r0
Transparent file encryption in git
https://www.agwa.name/projects/git-crypt
sudo apk add git-cryptgit-crypt-doc 0.7.0-r0
Transparent file encryption in git (documentation)
https://www.agwa.name/projects/git-crypt
sudo apk add git-crypt-docgit-crypt 0.8.0-2.fc44
Transparent file encryption in git
https://www.agwa.name/projects/git-crypt
sudo dnf install git-cryptgit-crypt 0.8.0-1
Transparent file encryption in Git
https://www.agwa.name/projects/git-crypt
sudo pacman -S git-cryptgit-crypt 0.8.0-1.2
Transparent file encryption in git
https://www.agwa.name/projects/git-crypt/
sudo zypper install git-cryptgit-crypt
sudo port install git-cryptmain/git-crypt
scoop install main/git-cryptQuellspur
Diese Seite wird von av-web aus dem privaten Paket-SQLite-Artefakt bereitgestellt, das scripts/generate-pkg-sqlite.py erstellt.
View the package source record on GitHub.