Skip to content
Embeds secrets in a git repository using deterministic encryption. Store your ssl priv keys in the same repo as your nginx config, without needing to trust your git host.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gopath/src
ext/blake2b
tools
.gitignore
.gitmodules
README.md
TODO
bench-aes256_blake2256_test.go
bench-aes256_keccak256_test.go
bench-aes256_sha256_test.go
bench-blowfish448_blake2512_test.go
bench-blowfish448_sha256_test.go
benchutil_test.go
crypto.go
crypto_test.go
goad
key.go
main.go
phrase.go
phrase_windows.go

README.md

grypt is a tool that allows one to store secrets in a git repository.

Getting Started

Here's an example to start a repository using grypt, assuming you're inside a repository.

If you want a random key: % grypt keygen .git/key

If you want to derive a key from a passphrase (perhaps for easy sharing later): % grypt phrase .git/key

Note: run keygen or phrase, not both.

% grypt init .git/key

grypt will print out a suggestion on what to enter in the repository's .gitattributes file. For more information, see gitattributes(5).

grypt help will display some online help.

How It Works

grypt uses deterministic encryption and enciphers/deciphers data as it is written to the git object store. If a repository is not configured to use grypt, the encrypted blob is displayed. git's filter support is used for this, see git-config(1) for more information.

You can’t perform that action at this time.