git-crypt alternatives

Looking for an alternative tool to replace git-crypt? During the review of git-crypt we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. git-secrets (prevent secrets ending up in Git)
  2. jak (git encryption)
  3. Cryptomator (client-side encryption for cloud services)

These tools are ranked as the best alternatives to git-crypt.

Alternatives (by score)

60

git-secrets

Introduction

You would most likely use git-secrets in development teams or as an individual developer. The primary goal is to prevent accidentally submitting authentication details or otherwise sensitive information to your software repositories.

Project details

git-secrets is written in shell script.

Strengths and weaknesses

  • + The source code of this software is available

    Typical usage

    • Data leak prevention
    • Information leak prevention

    git-secrets review

    60

    jak

    Introduction

    Typically developers may want to store some secrets, like authentication details, in in their repository. With jak this can happen in a slightly more secure way, by encrypting the data.

    Project details

    jak is written in Python.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • Data encryption

      jak review

      100

      Cryptomator

      Introduction

      Cryptomator is a multi-platform tool for transparent client-side encryption of your files. It is used together with cloud services to ensure you are the only one who can access the data.

      Project details

      Cryptomator is written in Java.

      Strengths and weaknesses

      • + More than 10 contributors
      • + More than 2000 GitHub stars
      • + Many releases available

        Typical usage

        • Data encryption

        Cryptomator review

        97

        OpenSSL

        Introduction

        This popular toolkit is used by many systems. It provides options like encryption and hashing of data, integrity testing, and digital certificates and signatures. Many software applications use the toolkit to provide support for these functions. OpenSSL also has a client utility that can be used on the command line to test, decrypt and encrypt data, and create certificates.

        Project details

        OpenSSL is written in C.

        Strengths and weaknesses

        • + The source code of this software is available
        • + Well-known library
        • - Major vulnerabilities in the past

        Typical usage

        • Certificate management
        • Data encryption

        OpenSSL review

        59

        socat

        Introduction

        Socat is a tool to share data between systems. It can leverage an existing connection, or set up a new channel between two systems. This can be useful to relay traffic, do a quick data transfer, or test other systems. Another option is to use it on the local system to add an encrypted channel.

        Project details

        socat is written in C.

        Strengths and weaknesses

        • + The source code of this software is available
        • + Well-known tool

          Typical usage

          • Data encryption
          • Data transfers

          socat review

          64

          DET

          Introduction

          This tool can be used to identify possible DLP failures. It uses different data exfiltration techniques, which could (or not) trigger a DLP solution.

          Project details

          DET is written in Python.

          Strengths and weaknesses

          • + The source code of this software is available
          • - No releases on GitHub available

          Typical usage

          • Learning
          • Penetration testing

          DET review

          74

          gauntlt

          Introduction

          Gauntlt allows you to run different attacks on your code with the goal to build better software and withstand the biggest threats in existence.

          Project details

          gauntlt is written in Ruby.

          Strengths and weaknesses

          • + More than 10 contributors
          • + More than 500 GitHub stars
          • + The source code of this software is available

            Typical usage

            • Code analysis

            gauntlt review

            85

            BlackBox

            Introduction

            Typically you do not want to store any secrets in a software repository or version control system repository. However when there is still a need to give people access to sensitive parts, then BlackBox helps to do this in a more secure way.

            Project details

            BlackBox is written in shell script.

            Strengths and weaknesses

            • + More than 50 contributors
            • + More than 4000 GitHub stars
            • + The source code of this software is available

              Typical usage

              • Password management
              • Secure storage

              BlackBox review

              56

              AESKeyFinder

              Introduction

              AESKeyFinder uses various algorithms to perform entropy tests and filter out blocks that are not AES keys. The remaining blocks are then displayed as possible AES keys.

              Project details

              Strengths and weaknesses

              • + The source code of this software is available
              • - No proper description on website
              • - No updates for a while

              Typical usage

              • Data extraction

              AESKeyFinder review

              74

              pick

              Introduction

              Tools like pick are used to store passwords and secrets safely.

              Project details

              pick is written in Golang.

              Strengths and weaknesses

              • + Very low number of dependencies
              • + The source code of this software is available

                Typical usage

                • Data security
                • Secure storage

                pick review

                97

                testssl.sh

                Introduction

                Key features of testssl.sh include:

                • Clear output: you can tell easily whether anything is good or bad
                • Ease of installation: It works for Linux, Darwin, FreeBSD, NetBSD and MSYS2/Cygwin out of the box: no need to install or configure something, no gems, CPAN, pip or the like.
                • Flexibility: You can test any SSL/TLS enabled and STARTTLS service, not only webservers at port 443
                • Toolbox: Several command line options help you to run YOUR test and configure YOUR output
                • Reliability: features are tested thoroughly
                • Verbosity: If a particular check cannot be performed because of a missing capability on your client side, you'll get a warning
                • Privacy: It's only you who sees the result, not a third party
                • Freedom: It's 100% open source. You can look at the code, see what's going on and you can change it.

                Project details

                testssl.sh is written in shell script.

                Strengths and weaknesses

                • + Used language is shell script
                • + The source code of this software is available

                  Typical usage

                  • Application testing
                  • Configuration audit

                  testssl.sh review

                  85

                  gitleaks

                  Introduction

                  Gitleaks scans the repository, including history, for secrets and other sensitive data. This can be useful for both developers as security professionals to discover any leaks.

                  Project details

                  gitleaks is written in Golang.

                  Strengths and weaknesses

                  • + More than 10 contributors
                  • + More than 3000 GitHub stars
                  • + The source code of this software is available

                    Typical usage

                    • Security assessment

                    gitleaks review

                    60

                    GitMiner

                    Introduction

                    GitMiner is a tool to scan for sensitive data that is leaked via software repositories. Examples of sensitive data are authentication details such as passwords or connection settings.

                    Project details

                    GitMiner is written in Python.

                    Strengths and weaknesses

                    • + More than 1000 GitHub stars
                    • + The source code of this software is available

                      Typical usage

                      • Asset discovery
                      • Discovery of sensitive information
                      • Information leak detection

                      GitMiner review

                      60

                      Gitrob

                      Introduction

                      Especially open source developers may share their code in a public repository like GitHub. This is a great way to collaborate between the developer(s) and the community. The risk of sharing code is that sensitive data is part of the repository and uploaded by accident. GitRob helps to detect this kind of accidental leaks.

                      Project details

                      Gitrob is written in Ruby.

                      Strengths and weaknesses

                      • + More than 1000 GitHub stars
                      • + The source code of this software is available

                        Typical usage

                        • Data leak prevention
                        • Information gathering
                        • Penetration testing
                        • Security assessment

                        Gitrob review

                        64

                        Aletheia

                        Introduction

                        Aletheia is a project to manage secrets in Google Cloud with CloudKMS and Cloud Storage. It can be used to store sensitive data like authentication details.

                        Project details

                        Aletheia is written in Python.

                        Strengths and weaknesses

                        • + The source code of this software is available
                        • - Minimal or no documentation available
                        • - No releases on GitHub available

                        Typical usage

                        • Data security
                        • Secure storage

                        Aletheia review

                        100

                        Buttercup for desktop

                        Introduction

                        The typical users have at least a multitude of ten when it comes to passwords. Ensuring that every website has a unique password and remembering, is almost impossible. Passwords managers like Buttercup help with the generation and secure storage of these secrets. It is freely available and open source, making it a good alternative for commercial options.

                        Project details

                        Buttercup for desktop is written in Node.js.

                        Strengths and weaknesses

                        • + More than 10 contributors
                        • + More than 1000 GitHub stars
                        • + The source code of this software is available

                          Typical usage

                          • Password management

                          Buttercup for desktop review

                          74

                          Confidant

                          Introduction

                          Most applications with a connection to a database or other software component, need some form of authentication. Often the related credentials are stored in a configuration file. A secret manager like Confidant will provide an alternative, by storing the details in a database. Only applications that need to access the secrets are allowed to obtain them. Often system administrators are denied access to them.

                          Project details

                          Confidant is written in Python.

                          Strengths and weaknesses

                          • + More than 1000 GitHub stars
                          • + The source code of this software is available
                          • + Supported by a large company

                            Typical usage

                            • Secrets management
                            • Secure storage

                            Confidant review

                            100

                            KeeWeb

                            Introduction

                            Password managers help to store sensitive data. This may include passwords, secret questions with their answers, or other private information.

                            Project details

                            KeeWeb is written in JavaScript.

                            Strengths and weaknesses

                            • + More than 25 contributors
                            • + More than 6000 GitHub stars
                            • + Many releases available
                            • + The source code of this software is available
                            • - Full name of author is unknown

                            Typical usage

                            • Password management

                            KeeWeb review

                            64

                            TeamVault

                            Introduction

                            Storing passwords within a team security can be a challenging task. TeamVault is a password manager with the goal to be easy to use, flexible, and adhering to several security principles. These include a solid base for the data encryption, support for folders, and role-based access control (RBAC).

                            Project details

                            TeamVault is written in Python.

                            Strengths and weaknesses

                            • + The source code of this software is available
                            • - No releases on GitHub available

                            Typical usage

                            • Password management
                            • Secrets management

                            TeamVault review

                            89

                            Vault

                            Introduction

                            Vault is a secret management tool created by HashiCorp. It allows storing secrets, such as key/value pairs, AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH credentials, and other sensitive details. These secrets are typically used by software components and scripts. The benefit of using a secret management tool is that they no longer need to be stored in configuration files. Main features include leasing, key revocation, key rolling, and auditing.

                            Project details

                            Vault is written in Golang.

                            Strengths and weaknesses

                            • + More than 500 contributors
                            • + More than 9000 stars
                            • + The source code of this software is available

                              Typical usage

                              • Password management
                              • Secrets management
                              • Secure storage

                              Vault review

                              Some relevant tool missing as an alternative to git-crypt? Please contact us with your suggestion.