Free Tools Pricing
Log in Sign up →
Encrypted git backup

The black box for your codebase.

DevSafe records, encrypts, and proves the state of every repository. A broken laptop, a deleted remote, a corrupted sync. None of them ends the story.

They scan your code. We protect your work.

Four guarantees
Local-first encryption Your keys stay on your machine.
User-owned storage Back up to your cloud, not ours.
Verifiable recovery Every restore path has evidence.
Encrypted key backup Export, back up, restore. We never have your key.
Before you buy

Three questions. Real answers.

Protected 01

Can you read my code?

No. Encrypted on your machine before it leaves. We never see your code.

Captured 02

What about unpushed work?

Uncommitted changes, stashes, rebases, untracked files. The work git remotes ignore is the work you can't afford to lose.

Recoverable 03

How do I know recovery works?

Run a recovery drill before you need one. Cryptographic proof that your backups are intact right now, not after the emergency.

Features

Scanning finds problems. Protection prevents loss.

Protected

We can't read your code.

Encrypted client-side with AES-256-GCM before it touches the network. Your keys never leave your hardware.

Captured

Every repo. One command. Done.

Bundles and encrypts every repo on your machine. Uncommitted work, stashes, rebases. Captured in under 60 seconds.

Recoverable

Go back to what you didn't commit.

Browse every backup snapshot, including uncommitted work. DevSafe captures what git history misses.

Protected

Your AI reads your .env files.

Scans six AI tools for secrets leaking through MCP configs and settings files. One command locks them all down.

Secret Scanner

Your commits have secrets in them.

Catches API keys, tokens, and credentials before they leave your machine. Scans every commit, every push, every backup.

.env Vault

Lose the repo, lose the secrets.

Encrypts secrets alongside backups. Restore a repo and your .env is already there. No password manager required.

Environment Snapshot

New machine, two days of setup.

Captures Homebrew, shell configs, and runtimes. Rebuild a machine exactly where you left off. Minutes, not days.

Health Score

You think you are covered. Are you?

Every repo gets a health score. Uncovered repos, aging snapshots, missing scans. One number tells you where you stand.

Continuity Protocol

What happens to your code if you cannot work?

If DevSafe does not hear from you, it fires a full backup and alerts your designated contact. Your work survives you.

Offline Mode

No WiFi. Still protected.

Queues encrypted bundles locally when offline. Connection returns, they ship automatically. Never a gap in coverage.

AI tool security

Your AI tools are leaking secrets right now.

MCP configs, AI agent permissions, and .env files are the new attack surface.

24,008 Secrets found in MCP server configs GitGuardian, 2026
75% Of MCP configurations have security problems Orchesis Security, 2026
40+ CVEs disclosed in MCP servers in 4 months Jan–Apr 2026

24,008 secrets found in MCP server configs.

75% of MCP configurations have security problems.

40+ CVEs disclosed in MCP servers in 4 months.

MCP Scan

One command. Every server. Every secret.

Audit every MCP server your tools connect to. See what is exposed before an attacker does.

AI Shield

Your AI reads your .env. We stop it.

Detect secrets leaking through Cursor, Claude, and Copilot settings. Free scan. Pro blocks and enforces.

Config Governance

Rules for what AI tools can touch.

Policy controls for AI tool access to secrets, files, and configurations. Pro and above.

What your current tools miss

The gap nobody closes.

DevSafe GitHub GitGuardian Snyk
Encrypted git backup
Secret scanning
Blocks AI from reading secrets
No cloud dependency
User-owned storage

Product names are trademarks of their respective owners. Feature data verified June 2026.

Encrypted git backup

DevSafeYes
GitHub, GitGuardian, SnykNo

Secret scanning

DevSafeYes
GitHub, GitGuardian, SnykYes

Blocks AI from reading secrets

DevSafeYes
GitHub, GitGuardian, SnykNo

No cloud dependency

DevSafeYes
GitHub, GitGuardian, SnykNo

User-owned storage

DevSafeYes
GitHub, GitGuardian, SnykNo

Product names are trademarks of their respective owners. Feature data verified June 2026.

The problem is real

This is not hypothetical.

The Warning
It is not safe to run other programs which modify the working tree while git is running, and in particular it is not safe to run another instance of git on the same directory.
git-faq Official Git Documentation
  • iCloud, Dropbox, and OneDrive all sync inside .git
  • Lockfile races, partial pack writes, index conflicts
  • Reported since 2012. Still unfixed by every vendor.
Real Losses
LEAKNYT 270GB from 5,000 repos via token exposure
LEAKMercedes Full GitHub Enterprise source code leaked
LEAKTwitch 125GB total leak including source code
BREACHSamsung 190GB of source code stolen by LAPSUS$
BREACHLastPass 14 repos stolen, led to vault exposure
OUTAGEGitLab 300GB database deletion, all 5 backups failed
OUTAGEGitHub 257 incidents in 12 months, 48 major (May 2025 to Apr 2026)
CORRUPTiCloud Git repo corruption via .git sync conflicts (Borrill, arXiv 2602.19433, 2026)
CORRUPTOneDrive Microsoft 365 outage, mass file deletion from SharePoint/OneDrive (March 2024)
BREACHCodecov Supply chain attack hit 29,000 customers
BREACHMiasma PyPI wave: 37 malicious wheels across 19 packages, steals AI tool credentials (June 2026)
LOSSStolen laptop No local backup means no recovery
LEAKNYT 270GB from 5,000 repos via token exposure
LEAKMercedes Full GitHub Enterprise source code leaked
LEAKTwitch 125GB total leak including source code
BREACHSamsung 190GB of source code stolen by LAPSUS$
BREACHLastPass 14 repos stolen, led to vault exposure
OUTAGEGitLab 300GB database deletion, all 5 backups failed
OUTAGEGitHub 257 incidents in 12 months, 48 major (May 2025 to Apr 2026)
CORRUPTiCloud Git repo corruption via .git sync conflicts (Borrill, arXiv 2602.19433, 2026)
CORRUPTOneDrive Microsoft 365 outage, mass file deletion from SharePoint/OneDrive (March 2024)
BREACHCodecov Supply chain attack hit 29,000 customers
BREACHMiasma PyPI wave: 37 malicious wheels across 19 packages, steals AI tool credentials (June 2026)
LOSSStolen laptop No local backup means no recovery
Verified incidents GitProtect, DevOps.com, Wired, BBC, 404 Media, StepSecurity, Socket, BleepingComputer
The difference

DevSafe was built because losing code is routine, not rare.

We never hold your key, so we never hold your data.

The numbers below are not promises. They are constraints we cannot break.

0 keys stored on our servers
$0 DevSafe fees on restore
< 60s full machine encrypted snapshot
AES-256 client-side before upload
Yours runs locally, survives any provider shutdown

What we believe

Your code is yours.
Keeping it yours requires proof, memory, and recovery.

Ownership is not control. Dependencies multiply, tools connect without visibility, and what started as your system slowly becomes one you cannot fully explain, recover, or prove. DevSafe exists to stop that drift.

Pricing

Your storage. Your keys. Paid plans buy scale.

Every plan encrypts locally and backs up to storage you control.

Save 2 months
FreeDiagnose
$0 / mo

no credit card required

  • Everything to start:
  • 5 repositories
  • 500 MB encrypted storage
  • 1 storage target
  • 7-day point-in-time history
  • AES-256-GCM encryption
  • Auto-discovery
  • Secret Scanner
  • AI Shield scan (detect)
  • Free restore, always
Get started
TeamShared controls
$35 / user / mo

billed monthly

  • Everything in Pro, plus:
  • Unlimited storage
  • 5 storage targets + routing
  • Up to 25 seats
  • Continuity Protocol
  • Recovery approvals
  • Shared backup policies
  • Priority support
Join waiting list
EnterpriseScale your org
$83 / user / mo

billed monthly

  • Everything in Team, plus:
  • Unlimited seats
  • Air-gap deployment
  • SAML / OIDC / SCIM
  • NIST 800-53 export
  • Custom SLA
  • Dedicated CSM
Get notified when ready
Founding 500

Get in early. Lock your price.

The first 500 developers lock All Access at $39 a month for life. Every product we ship, now and in the future. New products auto-included the day they launch. No price increases. No bait-and-switch. Just early trust, rewarded.

Claim your spot
$39/mo, 1 seat, locked rate No credit card now Free tier starts today
Why I built this
Joshua D. Ledbetter

After a bricked Mac, a $3,500 recovery bill, and iCloud corrupting my repos.

"My Mac bricked. I researched what actually protects code. The answer was nothing."

GitHub only backs up what you push. Everything else is unprotected. "Private" is not encrypted. GitHub can read every line of your code.

Cloud sync corrupts what you keep. DevSafe was built the day the recovery bill arrived.

Joshua D. Ledbetter Founder, HXA Labs
Questions

Honest answers. No hedging.

If encryption is client-side, how do I restore on a new machine?

DevSafe includes encrypted key backup.

Export your key with the CLI and store it wherever you want. If you lose your local key, restore from your backup.

We never have your key. You always have a recovery path.

How is this different from GitHub or GitLab?

Git remotes back up what you push. DevSafe backs up what you have not pushed yet.

Uncommitted edits, stashes, local branches, your .env files.

Not a replacement for git. A safety net under it.

Where is my data actually stored?

Your bucket, your cloud, your invoice.

We support AWS S3, Cloudflare R2, Backblaze B2, GCP, and any S3-compatible store.

DevSafe uploads directly from your machine. No data passes through our servers.

What happens if DevSafe shuts down or gets acquired?

Nothing changes.

Your backups are standard encrypted archives in your own S3 or R2 bucket. The format is documented and open.

Restore with standard tools (tar, openssl, git) without DevSafe installed. Your backups should outlive any company, including ours.

Will this slow down my machine?

30 MB of memory. Near-zero CPU.

It only wakes when files change. If it is not invisible, we do not ship it.

What is AI Shield?

Every AI coding tool can read your .env files, private keys, and credentials.

devsafe diagnose detects all four leak paths for free.

devsafe shield remediates them automatically on Pro and above.

Does this work with private repos and client projects?

Yes. Private repos, client work, side projects.

Everything is encrypted before upload. Your clients' code never touches our servers.

Get started

Your unpushed work is unprotected.

Fix that in two minutes. Free for five repos.

No credit card required.

Start free backup