bank-vaults
A Vault swiss-army knife: A CLI tool to init, unseal and configure Vault (auth methods, secret engines). (by banzaicloud)
helm-secrets
A helm plugin that help manage secrets with Git workflow and store them anywhere (by jkroepke)
Our great sponsors
| bank-vaults | helm-secrets | |
|---|---|---|
| 10 | 12 | |
| 0 | 1,288 | |
| - | - | |
| 0.0 | 8.4 | |
| 7 months ago | 4 days ago | |
| Go | Shell | |
| Apache License 2.0 | Apache License 2.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
bank-vaults
Posts with mentions or reviews of bank-vaults.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-04-26.
-
Self-hosted Secrets Manager (or something alike)
there's https://github.com/banzaicloud/bank-vaults wich is a wrapper for hashivault, so not exactly what you're looking for but worth looking into.
-
Secrets Management on Kubernetes: How do you handle it?
https://github.com/banzaicloud/bank-vaults. Mind you after Cisco bought Banzai work on this project seems to have stopped. It works very well for us though.
-
Secrets Management with Hashicorp Vault - which integration point to use? Sidecar Injector? ESO?
We are using Banzai Bank Vaults Webhook and we’re very happy with it.
-
Project: Running a local cluster with TLS, ArgoCD GitOps, Vault and a PostgreSQL operator
If you ever want to see vault at that kind of level check out bank-vaults. Overkill for many, but it sounds like a decent fit for what you've already got in place and might reduce the boilerplate.
-
Run a pod in a namespace without having access to it's secrets?
Use vault-env (we use https://github.com/banzaicloud/bank-vaults) to inject the secret as an ENV var to the pod at runtime, based on Vault's Kubernetes auth
-
Secrets storage best practices
We use bank vault to inject secrets as environment variables. This does not require changes to the app. A sidecar is automatically added to the pod to retrieve the secrets and inject them in the app runtime. Here’s the link https://github.com/banzaicloud/bank-vaults
- How to manage passwords in Helm
- Homelab: Cluster Architecture
-
Kubernetes authentication from multiple, external clusters
I can follow up with examples if you'd like. You might like BanzaiCloud's Bank Vaults. We personally only use the Configurer component which just provides useful mechanisms to dynamically, or once off, configure Vault via data structures we supplied via ConfigMap.
-
Secrets Managers for Kubernetes (Vault (Hashi), Conjur (CyberArk), Platform Specific, etc)
Encrypted secrets can't be more than a temporary solution. That's why I'm not a fan of SOPS/Sealed Secrets/etc. I think the future for both security and usability is dynamic injection. Vault is the dopeness but I'm not a fan of the upstream Vault Injector -- shared volumes are a step backwards. It's all about the BanzaiCloud Vault Webhook -- secrets **only ever available to the running process**, rotation means: update the value in vault and bounce the pod, done. This is the way.
helm-secrets
Posts with mentions or reviews of helm-secrets.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-10-09.
-
Simplified Deployment: A Deep Dive into Containerization and Helm
helm plugin install https://github.com/databus23/helm-diff helm plugin install https://github.com/aslafy-z/helm-git helm plugin install https://github.com/jkroepke/helm-secrets
-
My recently deployed media apps in ArgoCD, migrating from Terraform.
I use Helm secrets which integrates Mozilla Sops to handle secrets in my Helm charts.
-
How to Deploy and Scale Strapi on a Kubernetes Cluster 1/2
Use Helm Secrets.
-
Secret Management in Kubernetes: Approaches, Tools, and Best Practices
ArgoCD users would have to build container images with SOPS baked in using Helm chart extensions or Kustomize extensions. Flux allows configuring sops directly into the Flux manifests.
-
GitOps and Kubernetes – Secure Handling of Secrets
There is also the helm secrets plugin, which can also be used in ArgoCD with manual configuration.
-
Disable auto sync at application level when managed by ApplicationSet.
Not sure if this is applicable for your use case, but you could use helm-secrets to fetch remote value files from https or git: https://github.com/jkroepke/helm-secrets/wiki/Values
-
Goodbye Sealed Secrets, hello SOPS
$ helm plugin install https://github.com/jkroepke/helm-secrets --version v3.14.0
-
How should I manage my Helm charts?
https://github.com/jkroepke/helm-secrets powered by sops
-
Thoughts on using git-crypt
SOPS is great, and there are a lot of GitOps tools that either integrate with SOPS directly or make it relatively painless to integrate into your workflow, e.g. helm-secrets.
-
How to manage passwords in Helm
SOPS and helm-secrets: https://github.com/jkroepke/helm-secrets
What are some alternatives?
When comparing bank-vaults and helm-secrets you can also consider the following projects:
kubernetes-external-secrets - Integrate external secret management systems with Kubernetes
sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets
postgres-operator - Postgres operator creates and manages PostgreSQL clusters running in Kubernetes
vault-secrets-operator - Create Kubernetes secrets from Vault for a secure GitOps based workflow.
vault-csi-provider - HashiCorp Vault Provider for Secret Store CSI Driver
sops - Simple and flexible tool for managing secrets
secrets-store-csi-driver-provider-azure - Azure Key Vault provider for Secret Store CSI driver allows you to get secret contents stored in Azure Key Vault instance and use the Secret Store CSI driver interface to mount them into Kubernetes pods.
argocd-operator - A Kubernetes operator for managing Argo CD clusters.
postgres-operator - Production PostgreSQL for Kubernetes, from high availability Postgres clusters to full-scale database-as-a-service.
argo-rollouts - Progressive Delivery for Kubernetes
helm-charts - A curated set of Helm charts brought to you by codecentric
hull - The incredible HULL - Helm Uniform Layer Library - is a Helm library chart to improve Helm chart based workflows
bank-vaults vs kubernetes-external-secrets
helm-secrets vs sealed-secrets
bank-vaults vs postgres-operator
helm-secrets vs vault-secrets-operator
bank-vaults vs vault-csi-provider
helm-secrets vs sops
bank-vaults vs secrets-store-csi-driver-provider-azure
helm-secrets vs argocd-operator
bank-vaults vs postgres-operator
helm-secrets vs argo-rollouts
bank-vaults vs helm-charts
helm-secrets vs hull