v1.1.0 — Enterprise Ready

The Zero-Trust
Identity Guard for Git.

Stop leaking credentials and committing to the wrong profiles. GitSetu cryptographically sandboxes your work, personal, and client identities with zero background processes.

curl -sL https://gitsetu.bhaskarjha.dev/install | bash

Read Docs

Zero Trust

FIDO2 Ready

Bash 3.2 Core

gitsetu — bash

Click terminal to take control

Visualizing Zero-Trust

How GitSetu cryptographically separates your identities without relying on fragile global state.

GitSetu

~/work/acme

Key: ed25519-sk (YubiKey)

Email: eng@acme.corp

~/projects/oss

Key: id_rsa_github

Email: me@bhaskarjha.dev

The end of alias scripts.

Stop managing horrific SSH aliases and manual `git config` overrides. GitSetu handles it natively at the OS level.

 The Old Way ~/.ssh/config 
 # I hope I remember to use git@github-work.com...
Host github-work.com
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_rsa_work
  IdentitiesOnly yes

Host github-personal.com
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_rsa_personal

# ...and 15 other random aliases 
 
Error-prone, leaks identities globally.

 The GitSetu Way ~/.ssh/config 
 # GitSetu handles everything dynamically.
# Just use 'git@github.com'.

Include ~/.config/gitsetu/ssh/* 
 
Idempotent, Zero-Trust, Automatic.

Engineered for the local machine.

Built entirely on native Git directives and Bash 3.2. No background processes, no node_modules, no latency.

Cryptographic Sandboxing

GitSetu leverages native Git includeIf directives to physically sandbox your repositories. Corporate keys and personal credentials never cross the boundary.

Zero-Dependency Core

Pure Bash 3.2 execution means routing happens instantly without heavy runtimes.

Hardware FIDO2

Native support for YubiKey (ed25519-sk) bootstrapping.

Pre-Commit Guard

A fail-closed hook that physically blocks commits if your active email doesn't strictly match the required profile.

Automated Key Lifecycle

GitSetu automatically generates and distributes ED25519 SSH keys per profile.

Encrypted Profile Backup

Export your entire identity architecture. GitSetu uses AES-256 OpenSSL encryption to securely backup and restore your profiles across machines.

How GitSetu compares.

Verified May 2026 against each project's README.

Feature	GitSetu	gitego	karn	gh CLI	GCM
Zero runtime dependencies	✅	❌	❌	❌	❌
Pre-commit identity guard	✅	⚡	❌	❌	❌
Native includeIf sandboxing	✅	✅	❌	❌	❌
Automated SSH key generation	✅	❌	❌	❌	❌
Zero-Trust SSH Isolation	✅	❌	❌	❌	❌
GPG & SSH commit signing	✅	❌	⚡	❌	❌
FIDO2 / YubiKey Support	✅	❌	❌	❌	❌
Runtime	Bash 3.2	Go	Go	Go	.NET

✅ Full support ⚡ Partial (e.g. GPG but no SSH) ❌ None

In Sanskrit, Setu (सेतु) means bridge —
connecting two shores without disturbing either.

Good security should not require developer discipline.
The question of "Who committed this?" is no longer personal;
it is architectural.

A tool that demands your attention has failed.
GitSetu succeeds when you forget it exists.

Vision 2026

The Universal Identity Fabric.

Today, GitSetu protects developers from leaking credentials. Tomorrow, it governs the identity of AI agents and CI/CD pipelines. We are building the infrastructure for the agentic era.

CI/CD Machine Identity

Ephemeral, zero-trust identities for GitHub Actions and CI/CD runners to prevent supply chain credential theft.

Phase 2

Automated Key Rotation

Scheduled 90-day key rotations directly integrated with GitHub/GitLab APIs for true zero-touch lifecycle management.

Phase 3

Agentic Identity Governance

A native MCP server to issue and revoke scoped credentials for AI coding agents (Cursor, Claude Code, Devin).

Phase 4

Deploy with Confidence.

The enterprise identity fabric that physically prevents leakage.

Get Started Now View on GitHub

The Zero-Trust Identity Guard for Git.