Simplify file encryption with small keys and UNIX-style composability
S

Simplify file encryption with small keys and UNIX-style composability

Simplify file encryption with small keys and UNIX-style composability

22,721 stars
N/A forks
N/A contributors

README

Project documentation from GitHub

Age: Simple, Composable File Encryption

File encryption shouldn't be a headache. If you've ever wrestled with GPG's sprawling options, complex key management, or cryptic error messages, you know the feeling. Most of the time, you just want to encrypt a file for a specific person or for yourself, without the ceremony.

That's where age comes in. It's a modern, simple tool for file encryption that does one thing well and plays nicely with the UNIX philosophy.

What It Does

age (pronounced like the Japanese 揚げ, or "ah-geh") is a command-line tool for encrypting and decrypting files. It uses small, easy-to-share keys—like SSH keys—instead of the complex certificates and trust webs of older systems. You can encrypt a file to one or more public keys, or even generate a simple passphrase-protected file.

At its core, it's just age -r publickey -o secret.txt.enc secret.txt to encrypt and age -d -i privatekey -o secret.txt secret.txt.enc to decrypt. No keyrings, no trust databases, no configuration.

Why It's Cool

The beauty of age is in its constraints and its composability.

First, the keys are simple. A recipient's public key is a single line of text, like an SSH public key. You can paste it into a chat, an email, or a repository README. There are no certificates to manage or revoke.

Second, it's built for the UNIX pipeline. Because it reads from stdin and writes to stdout by default, it slots perfectly into shell workflows. Want to encrypt a tarball on the fly? tar cz ./data | age -r publickey > backup.tar.gz.age. Need to decrypt and process a file? age -d -i key file.enc | jq . It feels natural and predictable.

Third, it has a great threat model. It's designed by Filippo Valsorda (of crypto/rand and Go fame) with a clear focus on modern cryptography and avoiding the pitfalls of legacy tools. It uses well-audited primitives like X25519, ChaCha20-Poly1305, and scrypt.

Finally, there's age's plugin system for native integrations. Need to encrypt to a cloud KMS, a hardware key, or a custom secret manager? There's probably a plugin for that, and they work without modifying the core tool.

How to Try It

The easiest way is to grab a binary from the latest GitHub release. It's a single static binary with no dependencies.

On macOS, you can use Homebrew:

brew install age

Generate a keypair:

age-keygen -o key.txt

Encrypt a fil

Did you like this issue?

Join our weekly newsletter

Love discovering amazing projects?

Help us continue bringing you the best open-source discoveries every week.

Back to Projects
Last updated: Dec 28, 2025