GitBraints
  • Contact
  • Documentation
  • FAQ
GitBraints

Privacy-first Git-powered tools for individual designers and small teams who value data sovereignty. Own your data, control your workflow.

© Copyright 2026 GitBraints. All Rights Reserved.

About
  • Blog
  • Contact
Product
  • Documentation
Legal
  • Terms of Service
  • Privacy Policy
  • Cookie Policy
Git-native encrypted vault

GitPassword

A desktop GUI vault for passwords, notes, and files, encrypted locally and stored in the Git repository you choose.

View Security ModelRead Docs

Windows 1.0.0 for . Microsoft Store distribution is planned.

GitPassword desktop GUI showing encrypted password details

Sync with the Git remote you choose

GitHubGitLabBitbucketSelf-hosted GitLocal repository

Desktop vault

Everything private in one Git-backed workspace.

GitPassword keeps daily vault work visual and direct while Git handles sync, history, and recovery.

Passwords and secrets

Save credentials, API tokens, service accounts, generated passwords, tags, folders, and favorites.

Secure notes

Keep recovery notes, setup details, license information, and private runbooks beside the secrets they explain.

Encrypted files

Store private files and attachments in the same vault, with desktop previews for supported formats.

How it works

Local encryption first. Git sync second.

Encrypt locally

Vault data is encrypted on your device with AES-256 before it is written to the Git-backed data store.

Commit encrypted vault changes

Each save can become Git history, giving you a timeline of encrypted vault versions and rollback points.

Sync through your Git remote

Use GitHub, GitLab, Bitbucket, self-hosted Git, or a local repository as the sync layer you control.

Security Model

Designed so vault content is encrypted before sync.

GitPassword uses local encryption and standard Git transport. Your remote repository is useful for backup and history without becoming the place where readable vault content lives.

Plaintext stays local

GitPassword does not send readable passwords, notes, or file contents to a GitPassword-hosted service.

PBKDF2 key derivation

The vault key is derived from your password with PBKDF2, then used for local vault encryption.

Git stores encrypted data

GUI workflow

A real desktop app over an encrypted Git vault.

View the vault list, repository setup, and conflict recovery flows from the GitPassword desktop app.

GitPassword Main vault screen

Main vault

Search and organize passwords, notes, files, folders, and favorites.

GitPassword Repository setup screen

Repository setup

Clone or connect the Git repository that will hold your encrypted vault.

GitPassword Conflict recovery screen

Conflict recovery

Use Git history and sync state when multiple devices change the vault.

FAQ

GitPassword questions, answered plainly.

Short answers for security, Git sync, recovery, platform support, and Microsoft Store distribution.

Is GitPassword a cloud password manager?

No. GitPassword is a desktop GUI app that uses your chosen Git repository for encrypted sync and history.

What can my Git provider see?

A Git provider can see encrypted vault data and normal Git metadata. It should not receive readable passwords, notes, or file contents from GitPassword.

What happens if I forget the master password?

Because the vault is locally encrypted, GitPassword cannot recover your vault from a server-side plaintext copy. Keep recovery information somewhere safe.

How are sync conflicts handled?

GitPassword uses Git history and sync state to help you recover from multi-device changes and return to earlier encrypted vault versions when needed.

What platforms are supported?

The current public focus is Windows. macOS, Linux, Android, and iOS are planned with the same Git-backed vault model.

Windows available today

Download GitPassword for Windows.

Start with the Windows build today. Microsoft Store distribution is planned, so the website is not showing a separate GitPassword purchase page right now.

Read Docs

Latest release

Windows version 1.0.0

Platform

Windows

Size

37.1 MB

Requires

AES-256 local encryption

Your Git provider stores encrypted vault objects plus normal Git metadata such as commits, branch names, timestamps, and object sizes.

Security parameters

These values describe the current GitPassword implementation.

Master password
Used locally for vault access; not uploaded by GitPassword as plaintext.
KDF
PBKDF2-SHA256, 100,000 iterations.
Salt
32-byte salts; separate auth and encryption salts are stored with user key metadata.
Encryption
AES-256-CBC with a 32-byte encryption key.
Content encrypted
Passwords, secure notes, file metadata, and file contents.
Metadata visible
Git metadata remains visible, including repository name, branch names, commit times, object sizes, and access logs from the Git provider.
File names
Vault objects are stored as UUID-based data files; Git object sizes and timestamps can still be visible.
Lost password
No server-side plaintext vault copy is kept for recovery.

How is the Windows version distributed?

The Windows version is being prepared for Microsoft Store distribution. The download page will link to the public Store listing when the package is ready.

PBKDF2 key derivation
Passwords, notes, and files
GitHub, GitLab, Bitbucket, and self-hosted Git