{"id":13621234,"url":"https://github.com/nathants/git-remote-aws","last_synced_at":"2026-01-23T14:07:28.933Z","repository":{"id":59045744,"uuid":"531287076","full_name":"nathants/git-remote-aws","owner":"nathants","description":"encrypted git on s3","archived":false,"fork":false,"pushed_at":"2025-12-18T04:18:09.000Z","size":121,"stargazers_count":172,"open_issues_count":0,"forks_count":6,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-12-21T13:49:34.821Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nathants.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"license.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-08-31T23:02:45.000Z","updated_at":"2025-12-18T04:18:13.000Z","dependencies_parsed_at":"2023-02-17T11:35:21.191Z","dependency_job_id":"258a4d12-2603-42b2-9c7a-28ea1b7d8b30","html_url":"https://github.com/nathants/git-remote-aws","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/nathants/git-remote-aws","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nathants%2Fgit-remote-aws","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nathants%2Fgit-remote-aws/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nathants%2Fgit-remote-aws/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nathants%2Fgit-remote-aws/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nathants","download_url":"https://codeload.github.com/nathants/git-remote-aws/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nathants%2Fgit-remote-aws/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28693554,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-23T11:01:27.039Z","status":"ssl_error","status_checked_at":"2026-01-23T11:00:26.909Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T21:01:03.824Z","updated_at":"2026-01-23T14:07:28.913Z","avatar_url":"https://github.com/nathants.png","language":"Go","funding_links":[],"categories":["Go","\u003ca name=\"git\"\u003e\u003c/a\u003eGit and accessories"],"sub_categories":[],"readme":"# Git-Remote-AWS\n\n## Why\n\nEncrypted Git hosting should be easy.\n\n## How\n\nEncrypted Git [bundles](https://git-scm.com/docs/git-bundle) are stored in S3.\n\nCompare and swap against DynamoDB updates an ordered list of bundles. This enables multiple writers to safely collaborate on a single remote.\n\nEach remote can hold one and only one branch.\n\nBundles in S3 are immutable, and force push is not allowed.\n\nBundles are encrypted with Libsodium [secretstream](https://doc.libsodium.org/secret-key_cryptography/secretstream). User keys are Libsodium box [keypairs](https://doc.libsodium.org/public-key_cryptography/authenticated_encryption#key-pair-generation). Authorized user public keys are added to a `.publickeys` file in the Git repository. To add or remove authorized users, update the `.publickeys` file, then create and push to a new remote or delete S3 data and recreate an existing remote.\n\nMetadata is stored unencrypted:\n- Branch name\n- Remote name\n- Git hash for the start and end of each bundle\n\nData is stored encrypted:\n- Git bundles\n\nBoth Git SHA1 and SHA256 hashing algorithms are supported.\n\nPrivate S3 buckets and DynamoDB tables are created ondemand if they do not already exist.\n\n## What\n\nA custom Git remote adding support for remotes like:\n\n`git remote add origin aws://${s3_bucket}+${dynamo_table}/${remote_name}`\n\nThe Git remote binary provides a keygen for Libsodium box [keypairs](https://doc.libsodium.org/public-key_cryptography/authenticated_encryption#key-pair-generation):\n\n`git-remote-aws --keygen ~/.git-remote-aws/publickey ~/.git-remote-aws/secretkey`\n\nThe default path for your secret key is `~/.git-remote-aws/secretkey`. This can be changed via environment variable `GIT_REMOTE_AWS_SECRETKEY`.\n\n## Install\n\nInstall Go and Libsodium from your package manager:\n\n```bash\nbrew install         go     libsodium     # homebrew\nsudo pacman -S       go     libsodium     # arch\nsudo apk add         go     libsodium-dev # alpine\nsudo apt-get install golang libsodium-dev # ubuntu/debian\n```\n\nInstall the binary and update PATH:\n\n```bash\ngo install github.com/nathants/git-remote-aws@latest\n\nexport PATH=$PATH:$(go env GOPATH)/bin\n```\n\n## Usage\n\n```bash\n\u003e\u003e git init\n\n\u003e\u003e git remote add origin aws://${bucket}+${table}/myrepo\n\n\u003e\u003e mkdir -p ~/.git-remote-aws\n\n\u003e\u003e git-remote-aws --keygen ~/.git-remote-aws/publickey ~/.git-remote-aws/secretkey\n\n\u003e\u003e cat ~/.git-remote-aws/publickey \u003e\u003e .publickeys\n\n\u003e\u003e git add .\n\n\u003e\u003e git commit -m init\n\n\u003e\u003e git push -u origin master\n\ncreating private s3 bucket: $bucket\nlib/s3.go:329: created bucket: $bucket\nlib/s3.go:367: created bucket tags for: $bucket\nlib/s3.go:415: created public access block for $bucket: private\nlib/s3.go:657: created encryption for $bucket: true\nlib/s3.go:688: put bucket metrics for: $bucket\ncreated private s3 bucket: $bucket\ncreating private dynamodb table: $table\nlib/dynamodb.go:481: created table: $table\nlib/dynamodb.go:974: waiting for table active: $table\nlib/dynamodb.go:974: waiting for table active: $table\ncreated private dynamodb table: $table\nget dynamodb://$table/$bucket/myrepo\nget dynamodb://$table/$bucket/myrepo\nget s3://$bucket/\ngit bundle: 0000000000000000000000000000000000000000..daf8ea23a2aa082a3eeffacbdda04917d14916cc\nput s3://$bucket/myrepo/0000000000000000000000000000000000000000..daf8ea23a2aa082a3eeffacbdda04917d14916cc\nput s3://$bucket/myrepo/bundles_daf8ea23a2aa082a3eeffacbdda04917d14916cc\nput dynamodb://$table/$bucket/myrepo\nTo aws://$bucket+$table/myrepo\n * [new branch]      master -\u003e master\n\n\u003e\u003e libaws s3-ls $bucket/ -r\n\n770 myrepo/0000000000000000000000000000000000000000..daf8ea23a2aa082a3eeffacbdda04917d14916cc\n 82 myrepo/bundles_daf8ea23a2aa082a3eeffacbdda04917d14916cc\n\n\u003e\u003e libaws dynamodb-item-scan $table | jq .\n\n{\n  \"branch\": \"master\",\n  \"bundles\": \"myrepo/bundles_daf8ea23a2aa082a3eeffacbdda04917d14916cc\",\n  \"id\": \"$bucket/myrepo\",\n  \"uid\": null,\n  \"unix\": 0\n}\n\n\u003e\u003e cd $(mktemp -d)\n\n\u003e\u003e git clone aws://${bucket}+${table}/myrepo\n\nCloning into 'myrepo'...\nget dynamodb://$table/$bucket/myrepo\nget s3://$bucket/myrepo/bundles_daf8ea23a2aa082a3eeffacbdda04917d14916cc\nget dynamodb://$table/$bucket/myrepo\nget s3://$bucket/myrepo/bundles_daf8ea23a2aa082a3eeffacbdda04917d14916cc\nget s3://$bucket/myrepo/0000000000000000000000000000000000000000..daf8ea23a2aa082a3eeffacbdda04917d14916cc\ngit unbundle: 0000000000000000000000000000000000000000..daf8ea23a2aa082a3eeffacbdda04917d14916cc\nget dynamodb://$table/$bucket/myrepo\nget s3://$bucket/myrepo/bundles_daf8ea23a2aa082a3eeffacbdda04917d14916cc\n\n```\n\nGeneral encryption and decryption usage:\n\n```bash\n\u003e\u003e git-remote-aws --keygen ~/.git-remote-aws/publickey ~/.git-remote-aws/secretkey\n\n\u003e\u003e echo hello | git-remote-aws --encrypt \u003e ciphertext\n\n\u003e\u003e cat ciphertext | git-remote-aws --decrypt\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnathants%2Fgit-remote-aws","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnathants%2Fgit-remote-aws","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnathants%2Fgit-remote-aws/lists"}