A simple wrapper for GPG to encrypt secrets in version control systems like Git, Mercurial, and Subversion.
BlackBox is a command-line tool that encrypts sensitive files (like passwords and SSL keys) in version control systems using GPG. It allows teams to store secrets securely in repositories like Git or Mercurial while controlling access through GPG keys. The tool simplifies the encryption and decryption process, making it easier to manage secrets across collaborative projects.
DevOps engineers, system administrators, and development teams who need to securely store secrets in version-controlled repositories and manage access through GPG keys.
Developers choose BlackBox for its simplicity, multi-VCS support, and straightforward workflow for managing encrypted secrets without complex configurations. It avoids the overhead of more sophisticated systems while providing essential security for team collaboration.
Safely store secrets in Git/Mercurial/Subversion
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
Supports Git, Mercurial, Subversion, and Perforce, making it versatile for teams using different version control systems without locking into one.
Easily add or remove administrators via GPG key updates and re-encryption, streamlining team collaboration without shared passwords.
Includes role accounts with subkeys for automated decryption in CI/CD pipelines, enabling batch operations like blackbox_postdeploy for deployments.
Runs on Linux, macOS, and Windows (via Cygwin/MinGW/WSL), ensuring broad compatibility, though Windows setup requires extra configuration.
The README explicitly warns against use, stating it's abandoned with no bug fixes or updates, posing significant risk for production environments.
Heavily relies on GPG, which has a steep learning curve, version compatibility issues (e.g., old vs. new GPG keys), and requires manual key management.
Designed only for small files like API keys; the README admits it's not for large or numerous secrets, discouraging feature requests for scalability.
Windows usage requires Cygwin, MinGW, or WSL with additional configuration for line endings and GPG agents, adding overhead compared to native tools.