git-crypt alternatives

Looking for an alternative tool to replace git-crypt? During the review of git-crypt we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. git-secrets (prevent secrets ending up in Git)
  2. jak (git encryption)
  3. Cryptomator (client-side encryption for cloud services)

These tools are ranked as the best alternatives to git-crypt.

Alternatives (by score)

60

git-secrets

Introduction

You would most likely use git-secrets in development teams or as an individual developer. The primary goal is to prevent accidentally submitting authentication details or otherwise sensitive information to your software repositories.

Project details

git-secrets is written in shell script.

Strengths and weaknesses

  • + The source code of this software is available

    Typical usage

    • Data leak prevention
    • Information leak prevention

    git-secrets review

    60

    jak

    Introduction

    Typically developers may want to store some secrets, like authentication details, in in their repository. With jak this can happen in a slightly more secure way, by encrypting the data.

    Project details

    jak is written in Python.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • Data encryption

      jak review

      100

      Cryptomator

      Introduction

      Cryptomator is a multi-platform tool for transparent client-side encryption of your files. It is used together with cloud services to ensure you are the only one who can access the data.

      Project details

      Cryptomator is written in Java.

      Strengths and weaknesses

      • + More than 10 contributors
      • + More than 2000 GitHub stars
      • + Many releases available

        Typical usage

        • Data encryption

        Cryptomator review

        97

        OpenSSL

        Introduction

        This popular toolkit is used by many systems. It provides options like encryption and hashing of data, integrity testing, and digital certificates and signatures. Many software applications use the toolkit to provide support for these functions. OpenSSL also has a client utility that can be used on the command line to test, decrypt and encrypt data, and create certificates.

        Project details

        OpenSSL is written in C.

        Strengths and weaknesses

        • + The source code of this software is available
        • + Well-known library
        • - Major vulnerabilities in the past

        Typical usage

        • Certificate management
        • Data encryption

        OpenSSL review

        74

        gauntlt

        Introduction

        Gauntlt allows you to run different attacks on your code with the goal to build better software and withstand the biggest threats in existence.

        Project details

        gauntlt is written in Ruby.

        Strengths and weaknesses

        • + More than 10 contributors
        • + More than 500 GitHub stars
        • + The source code of this software is available

          Typical usage

          • Code analysis

          gauntlt review

          59

          socat

          Introduction

          Socat is a tool to share data between systems. It can leverage an existing connection, or set up a new channel between two systems. This can be useful to relay traffic, do a quick data transfer, or test other systems. Another option is to use it on the local system to add an encrypted channel.

          Project details

          socat is written in C.

          Strengths and weaknesses

          • + The source code of this software is available
          • + Well-known tool

            Typical usage

            • Data encryption
            • Data transfers

            socat review

            64

            DET

            Introduction

            This tool can be used to identify possible DLP failures. It uses different data exfiltration techniques, which could (or not) trigger a DLP solution.

            Project details

            DET is written in Python.

            Strengths and weaknesses

            • + The source code of this software is available
            • - No releases on GitHub available

            Typical usage

            • Learning
            • Penetration testing

            DET review

            56

            AESKeyFinder

            Introduction

            AESKeyFinder uses various algorithms to perform entropy tests and filter out blocks that are not AES keys. The remaining blocks are then displayed as possible AES keys.

            Project details

            Strengths and weaknesses

            • + The source code of this software is available
            • - No proper description on website
            • - No updates for a while

            Typical usage

            • Data extraction

            AESKeyFinder review

            74

            pick

            Introduction

            Tools like pick are used to store passwords and secrets safely.

            Project details

            pick is written in Golang.

            Strengths and weaknesses

            • + Very low number of dependencies
            • + The source code of this software is available

              Typical usage

              • Data security
              • Secure storage

              pick review

              74

              testssl.sh

              Introduction

              Key features of testssl.sh include:

              • Clear output: you can tell easily whether anything is good or bad
              • Ease of installation: It works for Linux, Darwin, FreeBSD, NetBSD and MSYS2/Cygwin out of the box: no need to install or configure something, no gems, CPAN, pip or the like.
              • Flexibility: You can test any SSL/TLS enabled and STARTTLS service, not only webservers at port 443
              • Toolbox: Several command line options help you to run YOUR test and configure YOUR output
              • Reliability: features are tested thoroughly
              • Verbosity: If a particular check cannot be performed because of a missing capability on your client side, you'll get a warning
              • Privacy: It's only you who sees the result, not a third party
              • Freedom: It's 100% open source. You can look at the code, see what's going on and you can change it.

              Project details

              testssl.sh is written in shell script.

              Strengths and weaknesses

              • + Used language is shell script
              • + The source code of this software is available

                Typical usage

                • Application testing
                • Configuration audit

                testssl.sh review

                60

                GitMiner

                Introduction

                GitMiner is a tool to scan for sensitive data that is leaked via software repositories. Examples of sensitive data are authentication details such as passwords or connection settings.

                Project details

                GitMiner is written in Python.

                Strengths and weaknesses

                • + More than 1000 GitHub stars
                • + The source code of this software is available

                  Typical usage

                  • Asset discovery
                  • Discovery of sensitive information
                  • Information leak detection

                  GitMiner review

                  60

                  Gitrob

                  Introduction

                  Especially open source developers may share their code in a public repository like GitHub. This is a great way to collaborate between the developer(s) and the community. The risk of sharing code is that sensitive data is part of the repository and uploaded by accident. GitRob helps to detect this kind of accidental leaks.

                  Project details

                  Gitrob is written in Ruby.

                  Strengths and weaknesses

                  • + More than 1000 GitHub stars
                  • + The source code of this software is available

                    Typical usage

                    • Data leak prevention
                    • Information gathering
                    • Penetration testing
                    • Security assessment

                    Gitrob review

                    85

                    gitleaks

                    Introduction

                    Gitleaks scans the repository, including history, for secrets and other sensitive data. This can be useful for both developers as security professionals to discover any leaks.

                    Project details

                    gitleaks is written in Golang.

                    Strengths and weaknesses

                    • + More than 10 contributors
                    • + More than 3000 GitHub stars
                    • + The source code of this software is available

                      Typical usage

                      • Security assessment

                      gitleaks review

                      64

                      Aletheia

                      Introduction

                      Aletheia is a project to manage secrets in Google Cloud with CloudKMS and Cloud Storage. It can be used to store sensitive data like authentication details.

                      Project details

                      Aletheia is written in Python.

                      Strengths and weaknesses

                      • + The source code of this software is available
                      • - Minimal or no documentation available
                      • - No releases on GitHub available

                      Typical usage

                      • Data security
                      • Secure storage

                      Aletheia review

                      100

                      Buttercup for desktop

                      Introduction

                      The typical users have at least a multitude of ten when it comes to passwords. Ensuring that every website has a unique password and remembering, is almost impossible. Passwords managers like Buttercup help with the generation and secure storage of these secrets. It is freely available and open source, making it a good alternative for commercial options.

                      Project details

                      Buttercup for desktop is written in Node.js.

                      Strengths and weaknesses

                      • + More than 10 contributors
                      • + More than 1000 GitHub stars
                      • + The source code of this software is available

                        Typical usage

                        • Password management

                        Buttercup for desktop review

                        74

                        Confidant

                        Introduction

                        Most applications with a connection to a database or other software component, need some form of authentication. Often the related credentials are stored in a configuration file. A secret manager like Confidant will provide an alternative, by storing the details in a database. Only applications that need to access the secrets are allowed to obtain them. Often system administrators are denied access to them.

                        Project details

                        Confidant is written in Python.

                        Strengths and weaknesses

                        • + More than 1000 GitHub stars
                        • + The source code of this software is available
                        • + Supported by a large company

                          Typical usage

                          • Secrets management
                          • Secure storage

                          Confidant review

                          78

                          KeeWeb

                          Introduction

                          Password managers help to store sensitive data. This may include passwords, secret questions with their answers, or other private information.

                          Project details

                          KeeWeb is written in JavaScript.

                          Strengths and weaknesses

                          • + More than 25 contributors
                          • + More than 6000 GitHub stars
                          • + Many releases available
                          • + The source code of this software is available
                          • - Full name of author is unknown

                          Typical usage

                          • Password management

                          KeeWeb review

                          64

                          TeamVault

                          Introduction

                          Storing passwords within a team security can be a challenging task. TeamVault is a password manager with the goal to be easy to use, flexible, and adhering to several security principles. These include a solid base for the data encryption, support for folders, and role-based access control (RBAC).

                          Project details

                          TeamVault is written in Python.

                          Strengths and weaknesses

                          • + The source code of this software is available
                          • - No releases on GitHub available

                          Typical usage

                          • Password management
                          • Secrets management

                          TeamVault review

                          97

                          Vault

                          Introduction

                          Vault is a secret management tool created by HashiCorp. It allows storing secrets, such as key/value pairs, AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH credentials, and other sensitive details. These secrets are typically used by software components and scripts. The benefit of using a secret management tool is that they no longer need to be stored in configuration files. Main features include leasing, key revocation, key rolling, and auditing.

                          Project details

                          Vault is written in Golang.

                          Strengths and weaknesses

                          • + More than 500 contributors
                          • + More than 9000 stars
                          • + The source code of this software is available

                            Typical usage

                            • Password management
                            • Secrets management
                            • Secure storage

                            Vault review

                            Some relevant tool missing as an alternative to git-crypt? Please contact us with your suggestion.