{"id":29269732,"url":"https://github.com/zackiles/git-vault","last_synced_at":"2026-05-16T12:31:22.601Z","repository":{"id":292870187,"uuid":"982199307","full_name":"zackiles/git-vault","owner":"zackiles","description":"Commit your secrets! Zero hassle encryption for Git. 1Password supported. Transparently encrypts files or folder on commit, decrypts on checkout","archived":false,"fork":false,"pushed_at":"2025-06-05T09:30:58.000Z","size":2254,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-29T00:26:16.448Z","etag":null,"topics":["developer-tools","git","gpg","secrets","vault"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zackiles.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-12T14:16:28.000Z","updated_at":"2025-06-05T09:31:00.000Z","dependencies_parsed_at":"2025-05-12T15:57:10.080Z","dependency_job_id":"864ef296-5ad6-45e7-8297-59fa48ba571c","html_url":"https://github.com/zackiles/git-vault","commit_stats":null,"previous_names":["zackiles/git-vault"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/zackiles/git-vault","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zackiles%2Fgit-vault","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zackiles%2Fgit-vault/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zackiles%2Fgit-vault/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zackiles%2Fgit-vault/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zackiles","download_url":"https://codeload.github.com/zackiles/git-vault/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zackiles%2Fgit-vault/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33102737,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-16T04:41:52.686Z","status":"ssl_error","status_checked_at":"2026-05-16T04:41:52.009Z","response_time":115,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["developer-tools","git","gpg","secrets","vault"],"created_at":"2025-07-04T21:09:37.452Z","updated_at":"2026-05-16T12:31:22.584Z","avatar_url":"https://github.com/zackiles.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"logo.png\" alt=\"Git-Vault Logo\" style=\"max-width: 100%; max-height: 200px;\"\u003e\n  \u003cdiv align=\"center\"\u003e\n    \u003cb\u003eStore sensitive files and folders in git\u003c/b\u003e\n  \u003c/div\u003e\n  \u003cp\u003e\n    \u003ca href=\"https://github.com/zackiles/git-vault/actions/workflows/release-github.yml\"\u003e\n      \u003cimg src=\"https://github.com/zackiles/git-vault/actions/workflows/release-github.yml/badge.svg\" alt=\"Release\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://chocolatey.org/packages/git-vault\"\u003e\n      \u003cimg src=\"https://img.shields.io/chocolatey/v/git-vault\" alt=\"Chocolatey Version\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://github.com/zackiles/homebrew-git-vault\"\u003e\n      \u003cimg src=\"https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/zackiles/homebrew-git-vault/main/version.json\" alt=\"Homebrew Version\"\u003e\n    \u003c/a\u003e\n  \u003c/p\u003e\n\u003c/div\u003e\n\n## Why\n\n`gv /path/to/thing`... and everything is handled for you seamlessly. Files/folders/blobs, big and small. Seals and unseals itself. Doesn't get easier than that.\n\n## How\n\nGit hooks and GPG transparently encrypt and decrypt resources within your repository into `.vault`, sealing them remotely and unsealing locally. Works on all **platforms**, **dummy-proof**, and **secure**! Optionally supports and configures Git LFS, 1Password, and more automatically.\n\n- **Encryption (`pre-commit`):** Seals items to `.vault/storage/`\n- **Decryption (`post-checkout`, `post-merge`):** Unseals items back to their original locations\n- **Passwords:** Read from `.vault/*.pw` files or fetched from 1Password (`op` CLI), per `.vault/config.json`\n\n\u003e [!TIP]\n\u003e Checkout some examples of [When To Use It](#when-to-use-it).\n\n## Installation\n\nInstall git-vault with a single command or via package managers.\n\n### Manual Installation\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/zackiles/git-vault/main/install.sh | bash\n```\n\n### Package Managers\n\n**Homebrew (macOS/Linux):**\n\n```bash\nbrew tap zackiles/git-vault\nbrew install git-vault\n```\n\n**Chocolatey (Windows):**\n\n```powershell\nchoco install gv\n```\n\nThe installer downloads the correct binary, checks dependencies (git, gpg), sets up your repository, and can optionally install `gv` globally.\n\nThe process creates `.vault/` for configuration/storage, an empty `.vault/config.json`, installs Git hooks, updates `.gitignore`, and can configure Git LFS or 1Password.\n\n\u003e [!NOTE]\n\u003e GPG must be installed; this is verified during initialization.\n\n## Uninstallation\n\nAssuming you no longer have repositories that gv manages secrets for and you'd like to remove it globally from your system can do so by running:\n\n```bash\ngv uninstall\n```\n\nThis will determine how it was installed and use the appropriate uninstaller if you used a package manager like Brew or Chocolatey (or it falls back to manually removing itself).\n\n\u003e [!NOTE]\n\u003e To remove git-vault from a specific project without uninstalling the CLI:\n\u003e\n\u003e - Run `gv remove-all`\n\u003e - Remove gv-related entries from `.gitignore`\n\n## Usage\n\n**Add a file or folder to the vault:**\n\n```bash\ngv \u003cpath/to/your/secret\u003e\n```\n\nThe command encrypts and stores your file in `.vault/storage/`, updates `.gitignore`, and manages the password (local file or 1Password). Easy peasy!\n\n**Remove from vault:**\n\n```bash\ngv remove \u003cpath/to/your/secret\u003e\n```\n\nVerifies password, removes archive/manifest entry, cleans up password.\n\n**List vaulted items:**\n\n```bash\ngv list\n```\n\nDisplays managed files/directories, status, and archive sizes.\n\n**Manually encrypt all managed files:**\n\n```bash\ngv encrypt [path/to/file]\n```\n\nThis command is automatically called by git hooks before commits, but can be run manually to ensure all managed files are encrypted. If a specific file path is provided, only that file will be encrypted (if it's managed by git-vault).\n\n**Manually decrypt all managed files:**\n\n```bash\ngv decrypt [path/to/file]\n```\n\nThis command is automatically called by git hooks after checkout/merge, but can be run manually to decrypt all managed files. If a specific file path is provided, only that file will be decrypted (if it's managed by git-vault).\n\n**Password management options:**\n\nThe CLI supports providing passwords directly for CI/CD and automation scenarios:\n\n```bash\n# Use a password from command line (skips interactive prompt)\ngv add .env --password mypassword\n\n# Decrypt with a specific password and save it to storage\ngv decrypt --password mypassword --write\n\n# Encrypt with a different password (overrides stored password)  \ngv encrypt --password newpassword\n```\n\nThe `--write` flag can be used with `--password` to save the provided password to storage after successful decryption. This is useful for password recovery scenarios where you know the correct password but the stored password file is missing or corrupted.\n\n\u003e [!IMPORTANT]\n\u003e Your .gitignore will be automatically updated to ignore the password files and you're safe to commit everything else including `.vault/storage/` and `.vault/config.json`)\n\n## Git LFS Integration\n\nManages large encrypted archives efficiently with Git LFS. Files over a threshold (default 5MB) are tracked via LFS if available. Make sure you have Git LFS installed: [Install Git LFS](https://git-lfs.github.com/). You can change the default LFS threshold in `.vault/config.json`\n\n## 1Password Integration\n\nUses 1Password CLI (`op`) for password management instead of local `.pw` files.\n\n**Requirements:**\n\n- [1Password CLI (`op`)](https://1password.com/downloads/command-line/) installed and configured.\n- Signed into 1Password via CLI (`op signin`).\n\n**Process:**\n\n1. **Setup:** If `op` is detected at init, choose to use it. Select/specify a 1Password vault (default: \"Git-Vault\"). You can change it later if you want in `.vault/config.json`.\n2. **Adding Files (`gv add`):** Creates a Secure Note in 1Password (title: `git-vault-\u003cproject\u003e-\u003chash\u003e`) with password, path, status.\n3. **Removing Files:** It'll keep your 1Password password there but will mark the item status to \"removed\"\n\n## When To Use It\n\n- Share sensitive build artifacts with maintainers/CI/CD.\n- Provide context to AI agents in AI-native codebases.\n- Manage mixed data access in data/research-heavy repos.\n- Secure files in inner-source projects with departmental firewalls.\n- Encrypt large binaries (images, videos, datasets), especially with Git LFS.\n- Need a simple, single-command solution for secure Git file storage.\n\n## Troubleshooting\n\n### Installation Issues\n\nIf the installation script exits early or fails unexpectedly when using the curl command, you can enable debug mode to see detailed information about where the installation is failing:\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/zackiles/git-vault/main/install.sh | bash -s -- --debug\n```\n\nThis will provide verbose output showing each step of the installation process, including dependency checks, platform detection, and version fetching, which helps identify the exact point of failure.\n\n## License\n\nMIT License - see the [LICENSE](LICENSE) file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzackiles%2Fgit-vault","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzackiles%2Fgit-vault","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzackiles%2Fgit-vault/lists"}