Analysis updated 2026-06-21
Encrypt a sensitive file to a colleague using their public SSH key or age public key before sending it over an untrusted channel
Back up secrets or private data to cloud storage by encrypting with age so the storage provider cannot read them
Automate encrypted file transfers in shell pipelines using age's UNIX-style stdin/stdout design
Use age as a Go library to add file encryption to your application with minimal code
| filosottile/age | go-chi/chi | redis/go-redis | |
|---|---|---|---|
| Stars | 22,198 | 22,117 | 22,074 |
| Language | Go | Go | Go |
| Setup difficulty | easy | easy | easy |
| Complexity | 2/5 | 2/5 | 2/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Available via most package managers, run age-keygen once to create a key pair and start encrypting immediately.
age is a file encryption tool, a file format, and a Go library, all bundled together. Its purpose is to let you encrypt a file so that only specific people can decrypt it, in a way the README describes as simple, modern, and secure, with small explicit keys, no configuration options, and a UNIX-style design that works in command pipelines. The description adds that it has post-quantum support, which means it includes key types intended to remain secure against future quantum computer attacks. In day-to-day use, the workflow shown in the README is: run age-keygen to produce a key pair (a public "recipient" key starting with age1... and a secret identity file), then run age with -r to encrypt a file to that recipient, and age --decrypt -i with the identity file to recover the original. Files can be encrypted to multiple recipients at once by repeating -r, or by listing recipients in a file passed with -R. Public keys can be age's own keys or ordinary SSH public keys (ssh-ed25519 or ssh-rsa), which means existing developer keys can be reused. Passphrase encryption is also supported with -p, and -a produces a PEM-armored text output instead of binary. Hardware tokens like YubiKeys are supported through a separate plugin, and an interoperable Rust implementation called rage and a TypeScript implementation called Typage exist for non-Go environments. You would use age when you need to send a file to a specific person, back up sensitive data to untrusted storage, or move secrets between machines, and you want a tool simpler than PGP that does one thing well. The README documents installation across a long list of operating systems and package managers (Homebrew, MacPorts, winget, apk, pacman, apt, dnf, and others) plus pre-built binaries from filippo.io and a go install command if Go is available. The format itself has a published specification at age-encryption.org/v1.
age is a simple, modern file encryption tool and Go library, encrypt files to specific recipients using short public keys or SSH keys, with no configuration options and post-quantum support.
Mainly Go. The stack also includes Go.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.