Skip to main content

Encrypted portable containers for Git bare remotes.

Project description

GSafe

PyPI version Python versions

GSafe stores a Git bare remote as an encrypted .gsf container. It allows you to safely store your repository on third party services like Google Drive, and work with it almost as effortlessly as if you were hosting on GitHub. The storage provider cannot read your data, as the unencrypted remote exists only on your device while the container is unlocked. This tool is not really meant for collaboration. Unlock your containers only on one machine at a time and don't forget to wait until the sync finishes before unlocking it on a second machine.

Project Status

GSafe is alpha software. The container format and command behavior may still change before a stable 1.0.0 release. Keep independent backups of important repositories.

Requirements

  • Python 3.10 or newer
  • Git available in PATH
  • Git LFS available in PATH if the repository uses LFS

The gsafe command is a Python console script. It becomes available after the package is installed with a Python package installer. If the Python scripts directory is not in PATH, use python -m gsafe instead.

Install

From PyPI

For CLI usage, pipx is recommended because it installs gsafe into an isolated environment and exposes the command on your PATH:

pipx install gsafe

If you do not use pipx, install with pip:

python3 -m pip install gsafe

Check that it works:

gsafe --version

macOS (recommended)

Python on macOS, especially when installed with Homebrew, may block global pip installs with an externally-managed-environment error.

Install with pipx:

brew install pipx
pipx install gsafe

Check that it works:

gsafe --version

From this repository

python3 -m pip install git+https://github.com/guideblade/gsafe.git

For local development

Use a virtual environment so the editable install points to this repository without touching the system Python installation:

python3 -m venv .venv
source .venv/bin/activate
python3 -m pip install -e .

Check that it works:

gsafe --version

If gsafe is not found:

python3 -m gsafe --version

Platform Notes

macOS and Linux usually expose python3 and install command-line scripts into a user or virtual environment scripts directory. If gsafe is not found after install, either activate the virtual environment you installed it into or use python3 -m gsafe.

Windows requires Python 3.10 or newer and Git for Windows. In Git Bash, use python or py -m pip depending on how Python was installed. If gsafe.exe is not in PATH, use python -m gsafe or add Python's Scripts directory to PATH.

Use

cd ~/path/repo
gsafe init
gsafe status ~/path/repo.gsf
gsafe unlock ~/path/repo.gsf
gsafe lock ~/path/repo.gsf
gsafe change-password ~/path/repo.gsf

gsafe init uses the current Git repository. You can also pass --path-repo ~/path/repo from another directory. GSafe uses .gsf for new containers. It also accepts .gsafe. Other extensions require --force. Passing a container path without a command is shorthand for gsafe status ~/path/repo.gsf. gsafe unlock and gsafe lock also accept --path-gsafe ~/path/repo.gsf if you prefer named options. gsafe status asks for the password and prints encrypted container metadata. gsafe change-password asks for the current password once and the new password twice. gsafe lock --force allows locking when refs were intentionally deleted or rewritten.

Recovery

If a machine unlocks a container and then becomes unavailable before gsafe lock, the container remains marked as unlocked. Recover it from the last encrypted state:

gsafe recover ~/path/repo.gsf

Recovery asks you to type RECOVER. It clears the stale unlock marker, but it cannot save commits that existed only in the old unlocked remote.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

gsafe-0.7.1.tar.gz (14.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

gsafe-0.7.1-py3-none-any.whl (17.5 kB view details)

Uploaded Python 3

File details

Details for the file gsafe-0.7.1.tar.gz.

File metadata

  • Download URL: gsafe-0.7.1.tar.gz
  • Upload date:
  • Size: 14.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for gsafe-0.7.1.tar.gz
Algorithm Hash digest
SHA256 31af7272d9b0f05a402fa34345e295fb195e1f4a04ff9cdb6067529db194f52b
MD5 25b11cdc18886270418087a4ec9f3003
BLAKE2b-256 37951178be26c626464538c2a7b47296958c2398bdb8749395133bf7c80b925d

See more details on using hashes here.

Provenance

The following attestation bundles were made for gsafe-0.7.1.tar.gz:

Publisher: publish.yml on guideblade/gsafe

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file gsafe-0.7.1-py3-none-any.whl.

File metadata

  • Download URL: gsafe-0.7.1-py3-none-any.whl
  • Upload date:
  • Size: 17.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for gsafe-0.7.1-py3-none-any.whl
Algorithm Hash digest
SHA256 49256080cdc0e9a2af2e3c7572bc8e8b14330be346d28374e7506eb04a04b193
MD5 2e2a3e05fa8bef8575b9f1fa4044668a
BLAKE2b-256 a0352c4a8ed6752623bebb089ddcc87a4b3e159dca921b372d94dd55fb4266ce

See more details on using hashes here.

Provenance

The following attestation bundles were made for gsafe-0.7.1-py3-none-any.whl:

Publisher: publish.yml on guideblade/gsafe

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page