{"id":48470197,"url":"https://github.com/schiele/git-incrypt","last_synced_at":"2026-04-07T06:03:02.680Z","repository":{"id":280131848,"uuid":"940764859","full_name":"schiele/git-incrypt","owner":"schiele","description":"A git remote helper to encrypt git repositories incrementally","archived":false,"fork":false,"pushed_at":"2026-03-15T14:39:38.000Z","size":202,"stargazers_count":4,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-03-16T03:45:24.118Z","etag":null,"topics":["encryption","git","gnupg","gnupg2","gpg","incremental","libgit2","pygit2","repository"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/schiele.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-02-28T18:45:49.000Z","updated_at":"2026-03-04T06:36:28.000Z","dependencies_parsed_at":"2025-03-03T17:22:21.650Z","dependency_job_id":"29c032aa-5488-426d-bdbb-ba62db1ae4c4","html_url":"https://github.com/schiele/git-incrypt","commit_stats":null,"previous_names":["schiele/git-fastcrypt","schiele/git-incrypt"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/schiele/git-incrypt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schiele%2Fgit-incrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schiele%2Fgit-incrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schiele%2Fgit-incrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schiele%2Fgit-incrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/schiele","download_url":"https://codeload.github.com/schiele/git-incrypt/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schiele%2Fgit-incrypt/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31501903,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-07T03:10:19.677Z","status":"ssl_error","status_checked_at":"2026-04-07T03:10:13.982Z","response_time":105,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["encryption","git","gnupg","gnupg2","gpg","incremental","libgit2","pygit2","repository"],"created_at":"2026-04-07T06:03:01.877Z","updated_at":"2026-04-07T06:03:02.667Z","avatar_url":"https://github.com/schiele.png","language":"Python","readme":"# git-incrypt\n\nThis is a git remote helper that allows for full transparent encryption of git\nrepositories on unsecure remote locations.\n\n## Experimental Disclaimer Warning\n\nThis is still experimental. Encryption format is still not stable, which might\nrequire you to re-encrypt your data if you update to a future version.\n\nSo use at your own risk and expect some weird errors. Because of this state\nthe installation is also a bit more nerdy than what you might expect.\n\n## Issues and Contributions\n\nIf you see issues with the installation or usage, feel free to open an issue\nat https://github.com/schiele/git-incrypt/issues. Be aware that this is a\nhobby project of mine, so read the issues from other people first that might\nbe related to your problem, be polite, and provide all information necessary\nto properly understand your problem, including what you intended to do, what\ncommand you invoked and what was the output the tool produced.\n\nIf you have suggestions on how to improve things, feel free to provide them as\nwell. Optimally you provide even a pull request but just opening an issue is\nalso welcome.\n\n## Installation\n\nTo make this work you first need to install pygit2. Either use your\ndistribution's package manager or alternatively invoke:\n\n```\npip install pygit2\n```\n\nNext you either need to put this directoy inside your system search path or\nlink or copy the files `git-incrypt` and `git-remote-incrypt` to some\ndirectory that is in the system search path.\n\nI recommend you configure GPG to use an agent and it is likely not a good idea\nto receive password prompts during git operations.\n\nOptionally, you may also build the man page by invoking `make`. This will\ngenerate a man page into `man1`, which you can install into a directory that\nis in yout MANPATH.\n\n## Usage\n\nUse the following command to create a new encrypted repository:\n\n```\ngit incrypt init $URL $GPG_KEY_ID\n```\n\nwhere `$URL` is the URL of the remote repository prefixed with `incrypt::` to\nbe initialized and `$GPG_KEY_ID` is one or multiple GPG key IDs to be used to\nencrypt the data in the repository.\n\nIf needed you can later add additional keys using the `git incrypt add`\ncommand.\n\nFrom now on you can just use the regular git commands to communicate with the\nencrypted remote repository. They all should work in the ususal way but\nwhenever you need to supply the remote URL to the encrypted repository you\nneed to prefix it with `incrypt::`, for example when your remote storage place\nis:\n\n```\ngit@github.com:schiele/git-incrypt-crypted.git\n```\n\nyou provide instead:\n\n```\nincrypt::git@github.com:schiele/git-incrypt-crypted.git\n```\n\nFor a fresh clone of the encrypted repository this would be for example:\n\n```\ngit clone incrypt::git@github.com:schiele/git-incrypt-crypted.git\n```\n\nTo add an encrypted remote to an existing repository this would be something\nlike:\n\n```\ngit remote add crypted incrypt::git@github.com:schiele/git-incrypt-crypted.git\n```\n\nWithin the repositories you can use commands like `git pull`, `git fetch`, or\n`git push` without special considerations.\n\n## Concept and Discussion\n\nA sketch of the repository format can be found in [`FORMAT.md`](FORMAT.md).\n\nThe approach we take here is to completely encrypt every single git object.\nWith this approach no filters need to get applied as with\nhttps://www.agwa.name/projects/git-crypt/ but all action happens when fetching\nor pushing data to the remote.\n\nThere is https://github.com/spwhitton/git-remote-gcrypt that operate as a\nremote helper, similar to this one but they compress the complete pack files,\nmaking incremental changes on arbitrary git URLs expensive since this\npotentially requires re-transmitting large pack files.\n\nOur approach has advantages and disadvantages compared to those other\napproaches:\n\nCompared with the first project above we do not need any particular filter\nconfiguration we could get wrong and might leak data by accident. For sure\nthis comes with the downside that we either encrypt the whole repository or we\ndon't. There is no partial encryption possible. On the other hand our approach\nallows pushing the same git repository to an unencrypted remote in a secure\nlocation, like a local server and duplicate the same on an encrypted remote in\npublic space to exchange the code with other trusted parties.\n\nCompared with the second approach we can perform incremental changes to the\ngit repository in a more efficient way. If there is only a small change on the\nunencrypted repository, this causes only a small change to the encrypted\nrepository, while the other approach might require large transfers of the pack\nfiles changed. On the other side our approach does reveal more information\nabout the repository structure in the sense that a potential attacker can\ncount the amount of branches or tags that do exist and can count the amount of\ncommits in each branch and their structural relationships to each other. An\nattacker could not see who created them or when they were created.\n\nSince we encrypt each object separately we also pay a price by a space\nincrease of the overall repository of a bit less than a ten-fold increase.\nThis is caused by the fact that the delta algorithm in git can no longer\ndetect similarities between the individual encrypted objects. Since in a\ntypical workflow changes to the repository are of small increments though the\nspeed increase is likely worth it. Also the initial encryption of an already\nvery large repository can take quite some time. Encrypting the complete source\nrepository of git takes about 45 minutes on my current laptop. The performance\npenalty seems only relevant though for the expensive initial encryption. ---\nAnd after all most users will have significantly smaller repositories compared\nto the repository of git itself.\n\nThe way we encrypt individual objects might reveal data that an attacker could\nuse to undermine the encryption, though I tried to mitigate the risks wherever\nI saw one. A more detailed analysis and discussion should follow in the future\nin this document. Should you identify a problem, I am for sure interested in\nlearning about it.\n\nAt the moment the implementation is still quite experimental with bad error\nhandling and a lot of technical debt in the code.\n\nBut you are free to already look around here and play with the tool. Further\ndocumentation will follow.\n\nYou can also find an encrypted version of this repository at\nhttps://github.com/schiele/git-incrypt-crypted/ for you to see how things look\nlike on the ecrypted side.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fschiele%2Fgit-incrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fschiele%2Fgit-incrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fschiele%2Fgit-incrypt/lists"}