git-crypt

git-crypt is a Git-focused encryption CLI that uses Git filters to keep selected files encrypted in the repository while decrypting them transparently in an unlocked working tree. It is built for mixed repositories where most content stays public but a few keys, credentials, or config files need protection.

• Initialize a repository for transparent encryption, mark specific paths in .gitattributes, and keep those files encrypted in Git history while collaborators work with decrypted copies locally.
• Unlock a cloned repository with GPG-managed access or a shared symmetric key, then lock it again to remove local decrypted access.
• Audit which files are encrypted, detect files that were committed before encryption rules were in place, and restage fixed encrypted versions with status --fix.

• The command surface is small, explicit, and mostly non-interactive, so it works for scripted repo bootstrap and secret-handling workflows.
• Structured output is weak: commands print human-readable status, and the source explicitly rejects the unfinished machine-output mode for status.
• Best fit is repository setup and verification around a handful of sensitive files, not broad secret lifecycle automation.

• It protects file contents, not filenames, commit messages, or other repository metadata.
• The project does not support revoking previously granted access, and the docs position it as a poor fit for encrypting most or all of a repository.