cryptkeeper clone for gocryptfs
Setting the position in Popup caused the menu to not stay open.
Update build manifest
Fix yaml formatting error. A pox on indentation-based syntax languages.


browse log
browse .tar.gz




File bug reports here.

Build status

gocryptkeeper is a knock-off of cryptkeeper built around gocryptfs instead of encfs.

Left-click to get a list of mounts, or to import or create new gocryptfs directories. Right-click to get the about dialog and the quit option.

The configuration file is in $XDG_CONFIG_DIR/gocryptkeeper/config.ini, and is a simple ini file of crypt_fs_path=mountpath pairs. If you want to remove mounts, edit this by hand and delete lines you don't want.

gocryptkeeper depends on gocryptfs and GTK-2 being installed. It has been tested only on Linux. It also depends on Go 1.16 for the embed package.


If you have gtk-2 installed (-dev packages on non-Arch), you should be able to just go build it. CGO must not be disabled, because of the symbolic linkage to GTK, so something like:

CGO_ENABLED=1 go build .

There is an extremely YMMV binary available. It's ZSTD compressed, so you'll have to uncompress it with zstd -d before using. There's a corresponding GPG signature, signed with the key 7ABD6668FDD1, which you can find by key on public keyservers --,, etc.


While it is unlikely that gocryptkeeper will harm your system, no guarantees are provided. Mount points are created and deleted as needed, and effort has been made to check that this is safe; in particular, Go's os.Remove() is used to remove mount points on unmount, and os.Remove() will not delete directories that are not empty. Additional checks are made to ensure emptyness and non-mountedness. Look at the unmount() function in mount.go, around line 20. That's the only function that does anything "scary."

Passwords are not held in memory; when needed, they are requested by dialog, used, and forgotten. Effort is made to overwrite fields to ensure values do not lurk in memory.

Excluding dependencies, there are around 400 LOC which I hope is not too hard to read. I encourage you to scan the code.

gocryptkeeper uses: