# Git Secret Encryption Tools > Search results for `encrypt secrets in git so you can commit them safely` on awesome-repositories.com. 112 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/encrypt-secrets-in-git-so-you-can-commit-them-safely **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/encrypt-secrets-in-git-so-you-can-commit-them-safely).** ## Results - [awslabs/git-secrets](https://awesome-repositories.com/repository/awslabs-git-secrets.md) (13,177 ⭐) — Git-secrets is a security utility designed to prevent the accidental exposure of sensitive credentials by integrating automated scanning directly into the version control commit lifecycle. It functions as a commit scanner that evaluates staged files and commit messages against defined security policies before changes are finalized in a repository. The tool utilizes regular expression pattern matching to identify potential secrets and supports the registration of custom patterns to address specific organizational security requirements. To manage operational friction, it includes mechanisms for - [getsops/sops](https://awesome-repositories.com/repository/getsops-sops.md) (22,111 ⭐) — This tool is a command-line utility designed to manage sensitive data by encrypting specific values within structured files such as YAML or JSON. By protecting only the sensitive portions of a file while leaving the structure intact, it ensures that configuration files remain readable for version control systems and automated workflows. The utility provides a secure development workflow by transparently decrypting files into memory for editing and automatically re-encrypting them upon saving, which prevents plaintext secrets from being written to the local disk. It supports a variety of encry - [external-secrets/external-secrets](https://awesome-repositories.com/repository/external-secrets-external-secrets.md) (6,697 ⭐) — External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets. - [infisical/infisical](https://awesome-repositories.com/repository/infisical-infisical.md) (27,374 ⭐) — Infisical is a centralized secrets management platform designed to store, synchronize, and control access to sensitive credentials and configuration data across distributed development, staging, and production environments. It employs client-side encryption to ensure that secrets remain unreadable to the underlying storage infrastructure, while providing a hierarchical permission model to govern both user and machine access. The platform distinguishes itself through dynamic credential provisioning, which generates short-lived access tokens that are automatically revoked after use. It supports - [bitnami-labs/sealed-secrets](https://awesome-repositories.com/repository/bitnami-labs-sealed-secrets.md) (8,925 ⭐) — Sealed Secrets is a Kubernetes secret encryption tool and controller designed for GitOps security. It provides a mechanism to encrypt sensitive data into specialized resources that can be safely stored in public version control systems and decrypted only within a cluster. The system uses an asymmetric encryption manager to seal secrets with a public key, ensuring that only the corresponding private key held within the cluster can unseal them. It includes utilities for security key rotation, secret re-encryption, and offline private key recovery to maintain data access during disaster recovery - [insforge/insforge](https://awesome-repositories.com/repository/insforge-insforge.md) (11,794 ⭐) — InsForge is a backend-as-a-service platform that provides an integrated suite of tools for managing relational databases, identity provision, object storage, and serverless compute. It functions as an open-source identity provider and a PostgreSQL database manager featuring integrated vector storage and row-level security. The platform serves as an LLM orchestration gateway, offering a unified endpoint to route requests across various AI providers through an OpenAI-compatible interface. It enables AI-driven application generation and connects AI agents to backend resources using a standardize - [encoredev/encore](https://awesome-repositories.com/repository/encoredev-encore.md) (12,049 ⭐) — Encore is a distributed systems framework designed to unify backend development, infrastructure provisioning, and observability. It functions as an infrastructure-as-code platform that allows developers to define cloud resources, databases, and messaging topics directly within their application code. By analyzing these declarations at compile-time, the system automatically manages the deployment of cloud resources and security policies, ensuring parity between local development and production environments. The platform distinguishes itself through its integrated development experience, which - [git/git](https://awesome-repositories.com/repository/git-git.md) (61,518 ⭐) — Git is a distributed version control system and command-line tool designed for tracking changes in source code and coordinating collaborative software development. It functions as a content-addressable storage platform where project data is maintained as immutable objects indexed by cryptographic hashes, ensuring data integrity and efficient deduplication. The system organizes project history as a directed acyclic graph, where each commit serves as a snapshot linked to its parent to create a verifiable timeline of modifications. The architecture distinguishes itself through an index-based sta - [grittygrease/safe-encryption-skill](https://awesome-repositories.com/repository/grittygrease-safe-encryption-skill.md) (3 ⭐) — A skill for encrypting and decrypting files using SAFE. - [awesome-selfhosted/awesome-selfhosted](https://awesome-repositories.com/repository/awesome-selfhosted-awesome-selfhosted.md) (299,516 ⭐) — This project is a community-curated directory of open-source software designed for deployment in private server environments and home labs. It serves as a comprehensive resource for discovering independent, self-hosted alternatives to mainstream cloud services, enabling users to maintain full data ownership and control over their digital infrastructure. The directory is structured through a hierarchical taxonomy that organizes a vast collection of applications into logical categories, ranging from media management and data analytics to private communication and team productivity tools. It dis - [bitwarden/android](https://awesome-repositories.com/repository/bitwarden-android.md) (8,457 ⭐) — This project is an Android password manager application that provides an end-to-end encrypted vault for storing and synchronizing login credentials, secure notes, and identities. It functions as a secure storage system using zero-knowledge encryption to ensure that only the user can decrypt their stored data. The application integrates directly with the Android system to provide an autofill service that populates usernames and passwords into mobile apps and browser login fields. It also serves as a passkey management wallet for FIDO2 cryptographic passkeys and a time-based one-time password a - [kestra-io/kestra](https://awesome-repositories.com/repository/kestra-io-kestra.md) (27,073 ⭐) — Kestra is a declarative workflow orchestrator designed to manage complex task dependencies and automated processes through versioned configuration files. It functions as a distributed platform that decouples task scheduling from execution by offloading computational workloads to a fleet of worker nodes. The system uses a reactive, event-driven engine to initiate workflows automatically in response to external signals, webhooks, schedules, or file system changes. The platform distinguishes itself through a modular plugin architecture that allows for the integration of custom tasks and external - [goldbergyoni/nodebestpractices](https://awesome-repositories.com/repository/goldbergyoni-nodebestpractices.md) (105,356 ⭐) — This project provides a comprehensive collection of industry-standard guidelines for developing, testing, and deploying Node.js applications. It covers the entire software lifecycle, offering actionable advice on code style, architectural patterns, and security measures to ensure maintainability and consistency across large-scale codebases. The documentation details strategies for robust error management, containerization, and production readiness. It addresses operational requirements such as observability, scalability, and infrastructure configuration, while providing specific methodologies - [gopasspw/gopass](https://awesome-repositories.com/repository/gopasspw-gopass.md) (6,940 ⭐) — gopass is a terminal-based password manager and GPG secret store used for generating, storing, and retrieving encrypted credentials. It functions as a collaborative secret manager that encrypts data using GPG or age and synchronizes it across devices and teams using Git. The system distinguishes itself by treating version control repositories as the primary storage backend, enabling secure secret sharing and version history for credentials. It utilizes a hierarchical directory structure to organize secrets on the filesystem and supports multi-store mounting to combine multiple independent rep - [anshumanbh/git-all-secrets](https://awesome-repositories.com/repository/anshumanbh-git-all-secrets.md) (1,141 ⭐) — A tool to capture all the git secrets by leveraging multiple open source git searching tools - [sobolevn/git-secret](https://awesome-repositories.com/repository/sobolevn-git-secret.md) (4,023 ⭐) — :busts_in_silhouette: A bash-tool to store your private data inside a git repository. - [c0re100/qbittorrent-enhanced-edition](https://awesome-repositories.com/repository/c0re100-qbittorrent-enhanced-edition.md) (25,128 ⭐) — qBittorrent-Enhanced-Edition is a cross-platform desktop application designed to manage the downloading and uploading of files across peer-to-peer networks. It functions as an open-source file sharer, facilitating the decentralized distribution of digital content by breaking files into smaller pieces for efficient transfer. The application utilizes a high-performance library to handle complex protocol specifications and employs a mature widget toolkit to provide a consistent native user interface across Windows, macOS, and Linux. It operates as a network traffic manager, incorporating asynchr - [getmoto/moto](https://awesome-repositories.com/repository/getmoto-moto.md) (8,550 ⭐) — Moto is a cloud service mockery framework and API mock server that simulates AWS infrastructure locally. It allows developers to test cloud-dependent code and verify infrastructure-as-code templates without deploying real resources or incurring costs. The project functions as an SDK interceptor that can patch existing service clients to redirect requests to a local mock environment. It can also be run as a standalone HTTP server, enabling any programming language to interact with the simulated endpoints. The framework covers a vast array of simulated capabilities, including data storage, com - [imputnet/cobalt](https://awesome-repositories.com/repository/imputnet-cobalt.md) (41,096 ⭐) — Cobalt is a cross-platform web application designed as a distributed service platform for managing media content downloading. It functions as a full-stack monorepo that integrates a backend API with a responsive frontend, providing a unified interface for users to fetch and save media files from various online platforms. The project utilizes a modular architecture where backend services, frontend interfaces, and shared logic are organized into decoupled packages within a single repository. This monorepo structure employs centralized workspace orchestration to manage dependencies and cross-pac - [rlespinasse/git-commit-data-action](https://awesome-repositories.com/repository/rlespinasse-git-commit-data-action.md) (42 ⭐) — Action to expose git commit info - [deuxfleurs-org/garage](https://awesome-repositories.com/repository/deuxfleurs-org-garage.md) (2,944 ⭐) — Garage is a distributed object storage system that provides an S3-compatible API gateway. It is designed to synchronize metadata across distributed nodes using conflict-free replicated data types and Merkle-tree state alignment to maintain cluster-wide consistency. The system ensures data resilience through zone-aware replication, distributing data copies across multiple physical locations. It employs quorum-based request routing and versioned layout management to validate and commit cluster configuration changes. The project covers a broad range of operational capabilities, including automa - [databasus/databasus](https://awesome-repositories.com/repository/databasus-databasus.md) (7,502 ⭐) — Databasus is a self-hosted backup platform that automates PostgreSQL backups, verifies their restorability, and stores them across multiple destinations while managing team access with role-based permissions. It combines on-the-fly AES-256-GCM encryption, cron-driven scheduling, job-queue-based verification, multi-destination storage, WAL streaming, throwaway container restore testing, and workspace-based role access control into a unified backup system. The platform distinguishes itself through automatic backup verification that restores each backup into a temporary database container for in - [stephmarx/so-you-just-learned](https://awesome-repositories.com/repository/stephmarx-so-you-just-learned.md) (283 ⭐) — So, you just learned there are issues with the tech industry. Maybe you came here looking to learn more, or maybe someone else linked you to this document and suggested you read it. What now? - [dependencytrack/dependency-track](https://awesome-repositories.com/repository/dependencytrack-dependency-track.md) (3,612 ⭐) — Dependency-Track is a software composition analysis tool and vulnerability management system designed to track dependencies and supply chain risk. It functions as a platform for ingesting and analyzing CycloneDX software bills of materials to identify known vulnerabilities and license compliance issues within third-party software components. The system distinguishes itself by mirroring external vulnerability databases locally to enable fast offline analysis and using VEX documents to differentiate between technical vulnerabilities and actual contextual risks. It also integrates with identity - [appwrite/appwrite](https://awesome-repositories.com/repository/appwrite-appwrite.md) (56,318 ⭐) — Appwrite is a backend-as-a-service platform that provides a unified development environment for building full-stack applications. It integrates essential infrastructure components—including authentication, databases, storage, and serverless functions—into a single, centralized interface to simplify application development and resource management. The platform distinguishes itself through a container-based microservices architecture that ensures consistent execution across diverse infrastructure. It features a versatile connectivity layer that links frontend applications with third-party servi - [jpeer264/node-semantic-git-commit-cli](https://awesome-repositories.com/repository/jpeer264-node-semantic-git-commit-cli.md) (150 ⭐) — A CLI for semantic git commits - [keploy/keploy](https://awesome-repositories.com/repository/keploy-keploy.md) (17,622 ⭐) — Keploy is an automated testing platform that leverages kernel-level traffic interception to generate and maintain regression test suites for microservices. By capturing live network traffic and system calls via eBPF, the platform automatically creates deterministic test cases and mocks external dependencies without requiring manual code instrumentation. This approach allows developers to validate application behavior and API contracts by replaying production-like traffic in isolated environments. The platform distinguishes itself through its use of machine learning to perform test maintenance - [jkroepke/helm-secrets](https://awesome-repositories.com/repository/jkroepke-helm-secrets.md) (2,010 ⭐) — A helm plugin that help manage secrets with Git workflow and store them anywhere - [jhaals/yopass](https://awesome-repositories.com/repository/jhaals-yopass.md) (2,581 ⭐) — Yopass is a secure secret sharing platform used to share encrypted text and files via one-time expiring links. It utilizes client-side encryption to ensure that sensitive data is encrypted in the browser before transmission, preventing the server from seeing plain text. The platform differentiates itself through an integrated security auditing system that generates structured logs and triggers cryptographically signed webhooks when secrets are created, viewed, or expired. It also features an access control system based on OpenID Connect, allowing administrators to restrict secret creation and - [microsoftdocs/azure-docs](https://awesome-repositories.com/repository/microsoftdocs-azure-docs.md) (10,894 ⭐) — Azure Docs is the official technical documentation repository for Microsoft Azure, the cloud computing platform. It provides comprehensive guidance on the full spectrum of Azure services, covering everything from core infrastructure components like virtual machines, Kubernetes clusters, and serverless computing to platform services for AI, machine learning, data analytics, and storage. The documentation details how to provision, manage, and govern cloud resources at scale, including policy enforcement, identity management, and cost optimization. The documentation distinguishes Azure through i - [tf-encrypted/tf-encrypted](https://awesome-repositories.com/repository/tf-encrypted-tf-encrypted.md) (1,243 ⭐) — A Framework for Encrypted Machine Learning in TensorFlow - [duckdb/duckdb](https://awesome-repositories.com/repository/duckdb-duckdb.md) (38,805 ⭐) — DuckDB is an in-process analytical database engine designed to run directly within an application process. As a zero-dependency, embedded system, it provides enterprise-grade SQL data processing capabilities without the overhead of managing a dedicated database server. It is built to handle complex analytical and aggregation tasks by storing and retrieving information in columns, allowing for high-performance relational data manipulation. The engine distinguishes itself through a columnar vectorized execution model that maximizes CPU cache efficiency during query operations. It employs adapti - [fluxcd/flux2](https://awesome-repositories.com/repository/fluxcd-flux2.md) (7,888 ⭐) — Flux is a Kubernetes GitOps delivery tool used to automate application deployments by synchronizing cluster state with configurations stored in Git, OCI, or Helm repositories. It functions as a set of controllers that monitor desired state in external sources and continuously reconcile the live cluster to match those definitions. The system distinguishes itself through a multi-cluster management plane that coordinates application delivery across fleets of remote clusters from a central hub. It provides a dedicated mechanism for automated image updates, which scans container registries for new - [vellt/rsa-encryption-flutter](https://awesome-repositories.com/repository/vellt-rsa-encryption-flutter.md) (32 ⭐) — Make sensitive conversations safe. Give your conversation partner your public key to encrypt the message for you, which only you can decrypt. - [encrypt-to/encrypt.to](https://awesome-repositories.com/repository/encrypt-to-encrypt-to.md) (142 ⭐) — Send encrypted PGP messages with one click - [mightymoud/sidekick](https://awesome-repositories.com/repository/mightymoud-sidekick.md) (7,465 ⭐) — Sidekick is a command-line tool that provisions bare VPS servers, transfers Docker images, manages secrets, and orchestrates zero-downtime deployments across single or multiple server instances. It handles the full deployment pipeline from a local machine, building container images locally and transferring them directly to the server without requiring a remote container registry. The tool distinguishes itself through an integrated approach to security and automation. It encrypts environment variables locally using SOPS and Age keys, then decrypts them on the server at deploy time for runtime - [jaykali/maskphish](https://awesome-repositories.com/repository/jaykali-maskphish.md) (3,020 ⭐) — Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe - [badges/shields](https://awesome-repositories.com/repository/badges-shields.md) (26,811 ⭐) — Shields is a dynamic badge generator that creates visual status indicators for software projects by fetching live data from external APIs. It functions as a programmatic image renderer, converting structured data parameters into consistent, high-contrast vector graphics that can be embedded directly into markdown and web documentation via URL parameters. The project distinguishes itself by offering a self-hosted metadata server, allowing users to deploy the service behind their own firewalls to maintain full control over infrastructure and data privacy. It supports extensive customization, in - [paperclipai/paperclip](https://awesome-repositories.com/repository/paperclipai-paperclip.md) (70,619 ⭐) — Paperclip is an LLM agent orchestration platform and governance suite designed to coordinate teams of autonomous AI agents. It provides a management plane for defining organizational hierarchies, assigning roles, and aligning individual agent tasks with a structured mission tree to ensure work maps to business objectives. The project distinguishes itself through a specialized agent skill registry and workspace manager. It allows for the discovery and injection of reusable workflows into agent runtimes without retraining and provides isolated, sandboxed execution environments with persistent s - [motdotla/dotenv](https://awesome-repositories.com/repository/motdotla-dotenv.md) (20,284 ⭐) — Dotenv is a configuration management library designed to load environment variables from local files into the process environment. By separating application settings from source code, it enables developers to maintain consistent configurations across different deployment stages and team environments. The utility provides mechanisms to transform plain text configuration files into encrypted formats, allowing sensitive secrets to be stored securely within version control systems. It handles the parsing and normalization of key-value pairs, ensuring that configuration data is consistently proces - [gitkraken/vscode-gitlens](https://awesome-repositories.com/repository/gitkraken-vscode-gitlens.md) (9,846 ⭐) — GitLens is a Git extension for VS Code that brings inline blame annotations, CodeLens authorship information, and an interactive commit graph directly into the editor. It provides a visual timeline of repository history with color-coded branch relationships, search, and filtering, alongside file-level annotations that show who last changed each line and why. The extension also functions as a cross-provider pull request manager, integrating with GitHub, GitLab, Bitbucket, and Azure DevOps to centralize PR and issue tracking within the IDE. What distinguishes GitLens is its AI-powered Git assis - [guanguans/ai-commit](https://awesome-repositories.com/repository/guanguans-ai-commit.md) (394 ⭐) — Automagically generate conventional git commit messages with AI. - 使用 AI 自动生成约定式 git 提交信息。 - [expo/expo](https://awesome-repositories.com/repository/expo-expo.md) (50,111 ⭐) — Expo is a universal mobile framework designed to build native iOS and Android applications from a single codebase using web-standard technologies. It provides a comprehensive development environment that includes a unified runtime for testing, cloud-based infrastructure for compiling and signing native binaries, and automated tools for managing the entire mobile release lifecycle, including app store submission. The framework distinguishes itself through a plugin-based native configuration engine that programmatically modifies project files, allowing developers to integrate native modules wit - [ibm/mcp-context-forge](https://awesome-repositories.com/repository/ibm-mcp-context-forge.md) (3,310 ⭐) — mcp-context-forge is a Model Context Protocol federation gateway that unifies diverse AI tool servers and APIs into a single consistent interface for discovery and execution. It acts as a centralized proxy that aggregates multiple servers and APIs, allowing AI agents to access and invoke a unified set of tools, prompts, and resources. The project distinguishes itself through a multi-protocol translation bridge that converts communication between standard I/O, SSE, gRPC, and REST to enable interoperability between disparate tool servers. It includes a comprehensive LLM evaluation framework for - [greenrobot/eventbus](https://awesome-repositories.com/repository/greenrobot-eventbus.md) (24,760 ⭐) — EventBus is a publish-subscribe messaging library designed to facilitate decoupled communication between components in Java applications. It functions as a central hub where producers dispatch events that are routed to subscribers based on the class type of the payload. By using annotation-based markers, the system maps event handlers to specific data types, allowing different parts of an application to exchange information without requiring direct references between classes. The library distinguishes itself through a focus on performance and execution control. It utilizes a compile-time inde - [jedisct1/libsodium](https://awesome-repositories.com/repository/jedisct1-libsodium.md) (13,467 ⭐) — Libsodium is a portable, C-based cryptographic library that provides a collection of modern primitives for encryption, decryption, digital signatures, password hashing, and secure key exchange. It is designed to facilitate secure communication and data integrity across diverse hardware architectures and operating systems. The library distinguishes itself by utilizing constant-time primitive execution to prevent side-channel attacks and employing memory-hard algorithms to increase the difficulty of brute-force password attacks. It abstracts complex mathematical operations into simplified inter - [so-fancy/diff-so-fancy](https://awesome-repositories.com/repository/so-fancy-diff-so-fancy.md) (18,058 ⭐) — diff-so-fancy makes your diffs human readable instead of machine readable. This helps improve code quality and helps you spot defects faster. - [cube-js/cube](https://awesome-repositories.com/repository/cube-js-cube.md) (20,251 ⭐) — Cube is a semantic data layer that provides a unified framework for defining business metrics, dimensions, and relationships across diverse data sources. By acting as a headless business intelligence engine, it transforms raw data into a governed model that can be queried via SQL, REST, and GraphQL interfaces. This architecture ensures consistent data definitions and logic across all downstream analytical applications and reporting tools. The platform distinguishes itself through its integrated conversational AI capabilities, which allow users to explore data using natural language. It orches - [jessicalostinspace/commit-difference-action](https://awesome-repositories.com/repository/jessicalostinspace-commit-difference-action.md) (8 ⭐) — This GitHub Action compares two branches and gives you the commit count between them - [nicotsx/zerobyte](https://awesome-repositories.com/repository/nicotsx-zerobyte.md) (6,572 ⭐) — ZeroByte is a backup management platform built around the Restic backup engine, providing encrypted, deduplicated, and compressed snapshots across multiple storage backends. It offers a web interface for scheduling, monitoring, and managing backup operations, with support for cron-based job scheduling and configurable retention policies that automatically prune older snapshots. The platform distinguishes itself through comprehensive multi-protocol volume mounting, allowing backup ingestion from NFS, SMB, WebDAV, SFTP, and rclone-backed sources alongside local directories. It includes a snapsh