Encrypted portable containers for Git bare remotes.
Project description
GSafe
GSafe stores a Git bare remote as an encrypted .gsf container. It allows you to safely store your repository on third party services like Google Drive, and work with it almost as effortlessly as if you were hosting on GitHub. The storage provider cannot read your data, as the unencrypted remote exists only on your device while the container is unlocked.
This tool is not really meant for collaboration. Unlock your containers only on one machine at a time and don't forget to wait until the sync finishes before unlocking it on a second machine.
Project Status
GSafe is alpha software. The container format and command behavior may still change before a stable 1.0.0 release. Keep independent backups of important repositories.
Requirements
- Python 3.10 or newer
- Git available in
PATH - Git LFS available in
PATHif the repository uses LFS
The gsafe command is a Python console script. It becomes available after the package is installed with a Python package installer. If the Python scripts directory is not in PATH, use python -m gsafe instead.
Install
From PyPI
For CLI usage, pipx is recommended because it installs gsafe into an isolated environment and exposes the command on your PATH:
pipx install gsafe
If you do not use pipx, install with pip:
python3 -m pip install gsafe
Check that it works:
gsafe --version
macOS (recommended)
Python on macOS, especially when installed with Homebrew, may block global pip installs with an externally-managed-environment error.
Install with pipx:
brew install pipx
pipx install gsafe
Check that it works:
gsafe --version
From this repository
python3 -m pip install git+https://github.com/guideblade/gsafe.git
For local development
Use a virtual environment so the editable install points to this repository without touching the system Python installation:
python3 -m venv .venv
source .venv/bin/activate
python3 -m pip install -e .
Check that it works:
gsafe --version
If gsafe is not found:
python3 -m gsafe --version
Platform Notes
macOS and Linux usually expose python3 and install command-line scripts into a user or virtual environment scripts directory. If gsafe is not found after install, either activate the virtual environment you installed it into or use python3 -m gsafe.
Windows requires Python 3.10 or newer and Git for Windows. In Git Bash, use python or py -m pip depending on how Python was installed. If gsafe.exe is not in PATH, use python -m gsafe or add Python's Scripts directory to PATH.
Use
cd ~/path/repo
gsafe init
gsafe status ~/path/repo.gsf
gsafe unlock ~/path/repo.gsf
gsafe lock ~/path/repo.gsf
gsafe change-password ~/path/repo.gsf
gsafe init uses the current Git repository. You can also pass --path-repo ~/path/repo from another directory.
GSafe uses .gsf for new containers. It also accepts .gsafe. Other extensions require --force.
Passing a container path without a command is shorthand for gsafe status ~/path/repo.gsf.
gsafe unlock and gsafe lock also accept --path-gsafe ~/path/repo.gsf if you prefer named options.
gsafe status asks for the password and prints encrypted container metadata.
gsafe change-password asks for the current password once and the new password twice.
gsafe lock --force allows locking when refs were intentionally deleted or rewritten.
Recovery
If a machine unlocks a container and then becomes unavailable before gsafe lock, the container remains marked as unlocked. Recover it from the last encrypted state:
gsafe recover ~/path/repo.gsf
Recovery asks you to type RECOVER. It clears the stale unlock marker, but it cannot save commits that existed only in the old unlocked remote.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file gsafe-0.7.1.tar.gz.
File metadata
- Download URL: gsafe-0.7.1.tar.gz
- Upload date:
- Size: 14.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
31af7272d9b0f05a402fa34345e295fb195e1f4a04ff9cdb6067529db194f52b
|
|
| MD5 |
25b11cdc18886270418087a4ec9f3003
|
|
| BLAKE2b-256 |
37951178be26c626464538c2a7b47296958c2398bdb8749395133bf7c80b925d
|
Provenance
The following attestation bundles were made for gsafe-0.7.1.tar.gz:
Publisher:
publish.yml on guideblade/gsafe
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
gsafe-0.7.1.tar.gz -
Subject digest:
31af7272d9b0f05a402fa34345e295fb195e1f4a04ff9cdb6067529db194f52b - Sigstore transparency entry: 1435099115
- Sigstore integration time:
-
Permalink:
guideblade/gsafe@cd94cf933b249dc7cf900078d31491310aa68998 -
Branch / Tag:
refs/tags/0.7.1 - Owner: https://github.com/guideblade
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@cd94cf933b249dc7cf900078d31491310aa68998 -
Trigger Event:
release
-
Statement type:
File details
Details for the file gsafe-0.7.1-py3-none-any.whl.
File metadata
- Download URL: gsafe-0.7.1-py3-none-any.whl
- Upload date:
- Size: 17.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
49256080cdc0e9a2af2e3c7572bc8e8b14330be346d28374e7506eb04a04b193
|
|
| MD5 |
2e2a3e05fa8bef8575b9f1fa4044668a
|
|
| BLAKE2b-256 |
a0352c4a8ed6752623bebb089ddcc87a4b3e159dca921b372d94dd55fb4266ce
|
Provenance
The following attestation bundles were made for gsafe-0.7.1-py3-none-any.whl:
Publisher:
publish.yml on guideblade/gsafe
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
gsafe-0.7.1-py3-none-any.whl -
Subject digest:
49256080cdc0e9a2af2e3c7572bc8e8b14330be346d28374e7506eb04a04b193 - Sigstore transparency entry: 1435099120
- Sigstore integration time:
-
Permalink:
guideblade/gsafe@cd94cf933b249dc7cf900078d31491310aa68998 -
Branch / Tag:
refs/tags/0.7.1 - Owner: https://github.com/guideblade
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@cd94cf933b249dc7cf900078d31491310aa68998 -
Trigger Event:
release
-
Statement type: