age — Simple, Modern File Encryption

Why age

• Sane defaults: modern crypto without a wall of options.
• Two modes: key-pair recipients or passphrase (scrypt).
• Script-friendly: perfect for CI, dotfiles, backups.

Install

• macOS: brew install age
• Linux: check your distro or build from source.
• Windows: choco install age or download release binaries.

Key-pair workflow (recommended)

# generate keys
age-keygen -o ~/.config/age/key.txt
# show your public recipient
age-keygen -y ~/.config/age/key.txt

# encrypt for a recipient (copy their public key)
age -r age1qqqq... -o secret.txt.age secret.txt

# decrypt with your private key
age -d -i ~/.config/age/key.txt -o secret.txt secret.txt.age

Passphrase mode (quick personal use)

# encrypt with a passphrase (scrypt)
age -p -o notes.txt.age notes.txt
# decrypt
age -d -o notes.txt notes.txt.age

Use a strong passphrase; key-pair mode is better for sharing.

Tips

• Store private keys with tight permissions; back them up securely.
• Combine with Syncthing or git for safe sync/versioning of encrypted blobs.
• Use .gitignore to keep decrypted files out of repos.

Get age

• age-encryption.org
• GitHub