v1.1.0 — Enterprise Ready

Never leak a corporate commit again.

GitSetu is a zero-dependency orchestration engine that automatically routes SSH keys and credentials based on your directory. Enforce Zero-Trust identity for developers and CI/CD pipelines.

curl -sL https://gitsetu.bhaskarjha.dev/install | bash

Read Docs

Zero Trust

FIDO2 Ready

Bash 3.2 Core

gitsetu — bash

Click terminal to take control

Visualizing Zero-Trust

How GitSetu cryptographically separates your identities without relying on fragile global state.

gitsetu-daemon

~/work/acme

Key: ed25519-sk (YubiKey)

Email: eng@acme.corp

~/projects/oss

Key: id_rsa_github

Email: me@bhaskarjha.dev

A complete Zero-Trust architecture.

We didn't just build a Git alias. We built a fail-closed orchestration engine that guarantees your identity never leaks.

Zero-Trust Identity Firewall

GitSetu seamlessly orchestrates native Git includeIf directives to physically sandbox your repositories. Your corporate keys and personal credentials never cross the file boundary.

< 2ms

Zero Latency

Pure Bash 3.2 execution means routing happens instantly.

Hardware FIDO2

Native support for YubiKey (ed25519-sk) bootstrapping.

~ ❯ git commit

⚠ Identity mismatch detected!

Commit blocked.

Pre-Commit Guard

A fail-closed hook that physically blocks commits if your active email doesn't strictly match the required profile.

~ ❯ gitsetu doctor

✓ Hooks verified

Self-Healing Doctor

Built-in interactive diagnostics to verify and repair your installation instantly.

Encrypted Profile Backup

Export your entire identity architecture. GitSetu uses AES-256 OpenSSL encryption to securely backup and restore your profiles across machines.

Run gitsetu backup --encrypt

✓ Profiles packed to gitsetu.enc

✓ AES-256 encryption applied

The end of alias scripts.

Stop managing horrific SSH aliases and manual `git config` overrides. GitSetu handles it natively at the OS level.

 The Old Way ~/.ssh/config 
 # I hope I remember to use git@github-work.com...
Host github-work.com
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_rsa_work
  IdentitiesOnly yes

Host github-personal.com
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_rsa_personal

# ...and 15 other random aliases 
 
Error-prone, leaks identities globally.

 The GitSetu Way ~/.ssh/config 
 # GitSetu handles everything dynamically.
# Just use 'git@github.com'.

Include ~/.config/gitsetu/ssh/* 
 
Idempotent, Zero-Trust, Automatic.

How GitSetu compares.

Verified May 2026 against each project's README.

Feature	GitSetu	gitego	karn	gh CLI	GCM
Directory auto-switch	✅	✅	✅	❌	❌
Uses native includeIf	✅	✅	❌	❌	❌
SSH key generation	✅	❌	❌	❌	❌
Zero-Trust SSH Isolation	✅	❌	❌	❌	❌
HTTPS credential broker	✅	✅	❌	✅	✅
Pre-commit identity guard	✅	⚡	❌	❌	❌
SSH commit signing	✅	❌	⚡	❌	❌
FIDO2 / YubiKey	✅	❌	❌	❌	❌
Encrypted backup	✅	❌	❌	❌	❌
Shell prompt	✅	❌	❌	❌	❌
Diagnostic doctor	✅	❌	❌	❌	❌
Native auto-updater	✅	❌	❌	⚡	⚡
Zero dependencies	✅	❌	❌	❌	❌
Runtime	Bash 3.2	Go 1.24	Go	Go	.NET

✅ Full support ⚡ Partial (e.g. GPG but no SSH) ❌ None

The identity security layer for teams and CI/CD.

Zero-Trust Identity Guard

Fail-closed architecture definitively blocks commits if your active email does not strictly match the required profile.

Atomic POSIX Locks

Safe for highly parallel environments. POSIX mkdir-based locks with stale reaping guarantee zero race conditions.

Hardware-Backed Keys

Natively generates Ed25519 and FIDO2 (ed25519-sk) hardware-backed SSH keys out of the box.

Resilient Filesystem Swaps

Temporary file generation with atomic mv swapping guarantees no partial writes or configuration corruption.

In Sanskrit, Setu (सेतु) means bridge —
connecting two shores without disturbing either.

GitSetu bridges the gap between the developer you are
in one directory and the developer you are in another.
Invisibly. Correctly. Without asking anything of you
after the first setup.

A tool that demands your attention has failed.
GitSetu succeeds when you forget it exists.