github.com/FiloSottile/age

Using age in production has been refreshingly straightforward. The API is deliberately minimal—you encrypt to recipients and decrypt with identities. No cipher suite negotiations, no mode selection pitfalls. The library forces you into the pit of success by offering exactly one modern, audited encryption scheme. Error handling is exceptional: failures clearly distinguish between authentication errors, malformed keys, and I/O issues without leaking sensitive details.

The streaming API works beautifully for large files. I've used it for backup encryption and secrets management, and the armor format makes it easy to embed encrypted content in configuration files. Key generation is dead simple, and the X25519 recipient format integrates well with existing SSH keys, which reduced onboarding friction significantly.

From a security perspective, this is one of the best-maintained crypto libraries in the Go ecosystem. Filippo Valsorda's track record speaks for itself. The codebase is compact, auditable, and dependencies are minimal. No CVE surprises, and the library hasn't required security-driven API changes since adoption. It genuinely follows secure-by-default principles—you'd have to work hard to misuse it.

The age library provides a refreshingly simple API for modern encryption in Go. The core types like `Recipient` and `Identity` are intuitive, and the streaming encryption/decryption using `io.Writer` and `io.Reader` feels natural for Go developers. Creating encrypted files is straightforward with `age.Encrypt()` and decryption with `age.Decrypt()`. The X25519 key generation and passphrase-based encryption are both well-designed.

Error handling is generally good with clear error types, though some edge cases like malformed keys return generic errors that could be more descriptive. The biggest pain point is the lack of comprehensive godoc examples - the package documentation is sparse, and you'll find yourself referencing the age CLI source code or specification to understand features like plugin recipients or SSH key support.

Type safety is solid with no reflection magic or interface{} abuse. IDE autocompletion works well for the main APIs. The library is stable and the API hasn't broken between versions, making upgrades painless. For a security-critical library, the simplicity and auditability are major advantages.

Age is a refreshingly straightforward encryption library that gets out of your way. The API surface is minimal—you're basically working with `Encrypt()` and `Decrypt()` functions, recipient types, and identity parsers. Coming from more complex crypto libraries, the learning curve is almost non-existent. The godoc examples are clear and cover the common patterns (file encryption, string encryption, multiple recipients) without overcomplicating things.

Error messages are helpful and specific. When you mess up key formats or try to decrypt with the wrong identity, you get actionable errors that point you in the right direction. The package follows Go idioms perfectly—everything uses standard `io.Reader` and `io.Writer` interfaces, making it easy to integrate with existing code. Debugging is straightforward because there's not much magic happening.

The only real challenge is understanding the age format itself (X25519 vs SSH keys vs passphrase), but the package documentation does a good job explaining these concepts. GitHub issues get responses, though the community is smaller than mainstream crypto libraries. For 95% of encryption use cases in Go applications, this is my go-to choice now.