FOKS

FOKS implements a self‑hosted, end‑to‑end encrypted Git service where all repository data and filenames are encrypted on the client before transmission, ensuring that a compromised server cannot read the contents. The encryption uses post‑quantum‑secure public‑key cryptography, protecting stored data against future quantum attacks.

In addition to Git, FOKS offers an encrypted key‑value store that can hold arbitrary strings or large files; clients encrypt both keys and values locally and decrypt them on retrieval, using the same underlying git‑based storage mechanism.

Team and device management are federated and hierarchical, allowing administrators to create teams, assign roles, and delegate management across multiple FOKS instances. The system integrates full YubiKey support and supports complex team topologies, making it suitable for organizations that need secure, self‑hosted version control and secret storage with fine‑grained access control.