filosottile/age

★ 22,198GoAudience · developerComplexity · 2/5MaintainedLicenseSetup · easy

Mindmap

mindmap
  root((age))
    What it does
      Encrypt files
      Decrypt files
      No config needed
    How to use
      Generate key pair
      Specify recipient
      Pipe with other tools
    Key features
      Multiple recipients
      Passphrase option
      SSH key support
      Post-quantum keys
    Tech details
      Go language
      UNIX pipes
      PEM armor mode
    Installation
      Homebrew
      apt, pacman
      winget

mindmap root((age)) What it does Encrypt files Decrypt files No config needed How to use Generate key pair Specify recipient Pipe with other tools Key features Multiple recipients Passphrase option SSH key support Post-quantum keys Tech details Go language UNIX pipes PEM armor mode Installation Homebrew apt, pacman winget

Things people build with this

USE CASE 1

Encrypt sensitive files before uploading to cloud storage or sending via email.

USE CASE 2

Protect backups with a passphrase so only you can restore them.

USE CASE 3

Share encrypted files with teammates using their SSH public keys.

USE CASE 4

Compress and encrypt a directory in one pipeline: tar | age | upload.

Tech stack

GoOpenSSHUNIX pipes

Getting it running

Difficulty · easy Time to first run · 5min

Use freely for any purpose, including commercial use, as long as you keep the copyright notice.

In plain English

age is a file encryption tool that makes encrypting and decrypting files as simple as possible. The goal is a tool with no configuration files, no settings to tune, and no complicated options, just a clean command you run to lock or unlock a file. The way it works: you generate a key pair using age-keygen, which gives you a private key and a short public key (a string starting with "age1..."). To encrypt a file, you specify the recipient's public key, only the person with the matching private key can decrypt it. You can encrypt to multiple recipients at once, so several different people can all decrypt the same file. As an alternative to key pairs, you can also encrypt with a passphrase if you just want to protect a file with a password. age follows the UNIX philosophy of composability, it reads from standard input and writes to standard output by default, so you can pipe it with other tools like tar to compress and encrypt in one step. It also supports SSH public keys as recipients, meaning you can use existing SSH keys without generating new ones. For future-proofing, age supports post-quantum keys, cryptography designed to remain secure even if large quantum computers are built. An armor mode encodes the encrypted output as text (PEM format) for situations where you need to send it somewhere that only accepts text. You would use age when you need to encrypt a file before storing it or sending it, simpler than configuring GPG, and designed to be hard to misuse. The tool is written in Go and installable via most major package managers including Homebrew, apt, pacman, winget, and many others. The full README is longer than what was provided.

Copy-paste prompts

Prompt 1

Show me how to generate an age key pair and encrypt a file for a specific recipient.

Prompt 2

How do I encrypt a file with age using just a passphrase instead of key pairs?

Prompt 3

Can I use my existing SSH public key with age to encrypt files without generating new keys?

Prompt 4

How do I pipe tar output directly into age to compress and encrypt a folder in one command?

Prompt 5

What's the difference between age and GPG, and when should I use age instead?

Open on GitHub → Explain another repo

Generated 2026-05-21 · Model: sonnet-4-6 · Verify against the repo before relying on details.