Git-Crypt

Review tl;dr

Viable command line tool for encrypting items in git repos. A little more straightforward to use than some of the others because git filters means you get a native "git experience".

Product Summary

Another command line tools for encrypting data in a git repo using filters. Encryption is done via GPG. According to the site, repos that are public or mixed secret and non secret content are the sweet spot for git-crypt:

As such, git-crypt is not the best tool for encrypting most or all of the files in a repository. Where git-crypt really shines is where most of your repository is public, but you have a few files (perhaps private keys named *.key, or a file with API credentials) which you need to encrypt"

Evaluation

Strengths

  • Simple workflow
  • Can use key pairs for encryption / decryption
  • Lock / unlock adds filtering to diff, so you can use tig or git diff work as usual

Weaknesses

  • Basically no integrations other than git.
  • Very little provisioning support
  • Tight coupling with git makes it so that you have to operate in a git world. For example, you can't export the repo or the unlock simply won't work.

Ratings

  • Ease of setup: poor
  • Easy of use: fair
  • Cloud readiness: good
  • Datacenter readiness: good
  • Automation / pipeline readiness: fair
  • Product maturity: fair
  • Developer friendliness: good
  • Documentation: fair
  • Stability: good
  • Auditability: poor
Written on September 24, 2015