encrypten

A git-crypt compatible encryption tool written in Go with full worktree support.

Note: This project is not affiliated with or endorsed by git-crypt.

Features

git-crypt compatible — encrypts and decrypts files using the same format (AES-256-CTR + HMAC-SHA1)
Full worktree support — lock/unlock worktrees independently without affecting other worktrees
Static binary — single binary with no runtime dependencies (CGO_ENABLED=0)
Go stdlib crypto only — no external cryptographic dependencies
Cross-platform — Linux, macOS, and Windows

Installation

From source

go install github.com/keiritz/encrypten/cmd/encrypten@latest

From release binaries

Download pre-built binaries from the Releases page.

Quick Start

# Generate a key
encrypten keygen my-key

# Initialize encryption in a repository
cd my-repo
encrypten init

# Define files to encrypt in .gitattributes
echo 'secrets/** filter=git-crypt diff=git-crypt' >> .gitattributes

# Unlock (decrypt) files with a key
encrypten unlock my-key

# Lock (encrypt) files
encrypten lock

# Check encryption status
encrypten status

Commands

Command	Description
`init`	Initialize encryption in a repository (generates key, sets up filters)
`unlock <KEY_FILE>`	Decrypt files using the specified key file
`lock`	Encrypt files
`status`	Show encryption status of tracked files
`keygen <FILE>`	Generate a new encryption key
`export-key <FILE\|->`	Export the current key to a file or stdout
`clean`	Git clean filter (encrypts on commit)
`smudge`	Git smudge filter (decrypts on checkout)
`diff`	Git diff textconv filter
`version`	Display version

Flags

lock --force / lock -f — Lock even with uncommitted changes
unlock --force / unlock -f — Unlock even with uncommitted changes

Worktree Support

encrypten supports git worktrees natively. Each worktree can be locked/unlocked independently:

# Main worktree
encrypten unlock my-key

# Create a worktree
git worktree add ../my-feature feature-branch

# Unlock the worktree (uses the shared key automatically)
cd ../my-feature
encrypten unlock

# Lock this worktree without affecting main
encrypten lock

Differences from git-crypt

	encrypten	git-crypt
Worktree support	Full per-worktree lock/unlock	Not supported
Language	Go	C++
Binary	Static, single file	Requires OpenSSL
GPG key sharing	Not supported	Supported
Crypto	Go stdlib only	OpenSSL

License

MIT

Name		Name	Last commit message	Last commit date
Latest commit History 18 Commits
.github		.github
cmd/encrypten		cmd/encrypten
e2e		e2e
internal		internal
testdata		testdata
.gitattributes		.gitattributes
.gitignore		.gitignore
.golangci.yml		.golangci.yml
.goreleaser.yaml		.goreleaser.yaml
CHANGELOG.md		CHANGELOG.md
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE		LICENSE
README.md		README.md
go.mod		go.mod
go.sum		go.sum

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

encrypten

Features

Installation

From source

From release binaries

Quick Start

Commands

Flags

Worktree Support

Differences from git-crypt

License

About

Uh oh!

Releases 2

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

encrypten

Features

Installation

From source

From release binaries

Quick Start

Commands

Flags

Worktree Support

Differences from git-crypt

License

About

Topics

Resources

License

Contributing

Uh oh!

Stars

Watchers

Forks

Releases 2

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages