Githide
Secrets, Git-Style
Documentation
Keep secrets in sync without Git history.
Githide encrypts locally, syncs encrypted blobs to your server, and keeps secret files out of Git history.
Overview
Githide is a version control system for secret files that runs parallel to Git. It encrypts files locally using AES-256-GCM, syncs encrypted blobs to your server, and keeps secrets out of Git history while making them easy to share with collaborators.
Architecture
Quick start
# install locally FIREBASE_API_KEY=<your-firebase-web-api-key> cargo install --path . # initialize in a repo githide init githide login # point to your server githide endpoint set-url https://your-server.com githide endpoint enable githide sync
- 1. Deploy the Githide server and copy the URL.
- 2. Install the CLI and initialize the repo.
- 3. Authenticate and enable the endpoint.
- 4. Run githide sync to upload encrypted secrets.
Configuration
Add secret files to .githide. Everything listed is encrypted and added to .gitignore automatically.
# .githide .env .env.staging config/secrets.yaml creds/
Hooks
Install once with githide init. Hooks keep Git clean automatically.
Storage
Use the HTTP server or GitHub-backed storage for encrypted blobs.
CLI commands
| Command | Purpose |
|---|---|
| githide init | Initialize a repo and set encryption password |
| githide login | Authenticate with Firebase |
| githide sync | Upload and download encrypted secrets |
| githide status | Show pending changes and sync state |
| githide encrypt | Manually encrypt tracked files |
| githide decrypt | Manually decrypt tracked files |
| githide endpoint set-url <url> | Point at your server |
| githide endpoint enable | Enable syncing |
| githide doctor | Diagnose hooks and config issues |
Security model
Deployment
Deploy the server anywhere you can host a Node service. The web dashboard connects to the same Firebase project.