age

age is a file encryption CLI and format for encrypting files or stdin streams with explicit recipients instead of config-heavy key management. The project also ships age-keygen for native key generation and age-inspect for reading file metadata without decrypting.

• Encrypt files or piped data to one or more recipients, recipients files, SSH public keys, or a passphrase, then decrypt them from scripts or shell pipelines.
• Generate native X25519 or post-quantum hybrid key pairs and derive shareable recipient strings from identity files.
• Inspect encrypted files without decryption to see recipient stanza types, armor status, post-quantum usage, and size breakdowns; age-inspect --json supports scripting.

• The main commands are non-TUI, stdin/stdout-oriented, and explicit about inputs, outputs, recipients, and identities, so they compose cleanly in shell workflows.
• Structured output exists for inspection via age-inspect --json, but the main encrypt and decrypt path mostly streams bytes and human-readable errors rather than rich machine-readable state.
• Works well as a local primitive for protecting artifacts, secrets, or handoff files inside a larger workflow; less useful as a broad service-control surface.

• Passphrase entry, password-protected SSH keys, and some plugin flows require terminal interaction, which limits unattended use.
• JSON support is limited to age-inspect; age and age-keygen do not expose comparable structured output modes.