bank-vaults
Passbolt
bank-vaults | Passbolt | |
---|---|---|
10 | 40 | |
0 | 4,394 | |
- | 2.1% | |
0.0 | 9.7 | |
8 months ago | 11 days ago | |
Go | PHP | |
Apache License 2.0 | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
bank-vaults
-
Self-hosted Secrets Manager (or something alike)
there's https://github.com/banzaicloud/bank-vaults wich is a wrapper for hashivault, so not exactly what you're looking for but worth looking into.
-
Secrets Management on Kubernetes: How do you handle it?
https://github.com/banzaicloud/bank-vaults. Mind you after Cisco bought Banzai work on this project seems to have stopped. It works very well for us though.
-
Secrets Management with Hashicorp Vault - which integration point to use? Sidecar Injector? ESO?
We are using Banzai Bank Vaults Webhook and we’re very happy with it.
-
Project: Running a local cluster with TLS, ArgoCD GitOps, Vault and a PostgreSQL operator
If you ever want to see vault at that kind of level check out bank-vaults. Overkill for many, but it sounds like a decent fit for what you've already got in place and might reduce the boilerplate.
-
Run a pod in a namespace without having access to it's secrets?
Use vault-env (we use https://github.com/banzaicloud/bank-vaults) to inject the secret as an ENV var to the pod at runtime, based on Vault's Kubernetes auth
-
Secrets storage best practices
We use bank vault to inject secrets as environment variables. This does not require changes to the app. A sidecar is automatically added to the pod to retrieve the secrets and inject them in the app runtime. Here’s the link https://github.com/banzaicloud/bank-vaults
- How to manage passwords in Helm
- Homelab: Cluster Architecture
-
Kubernetes authentication from multiple, external clusters
I can follow up with examples if you'd like. You might like BanzaiCloud's Bank Vaults. We personally only use the Configurer component which just provides useful mechanisms to dynamically, or once off, configure Vault via data structures we supplied via ConfigMap.
-
Secrets Managers for Kubernetes (Vault (Hashi), Conjur (CyberArk), Platform Specific, etc)
Encrypted secrets can't be more than a temporary solution. That's why I'm not a fan of SOPS/Sealed Secrets/etc. I think the future for both security and usability is dynamic injection. Vault is the dopeness but I'm not a fan of the upstream Vault Injector -- shared volumes are a step backwards. It's all about the BanzaiCloud Vault Webhook -- secrets **only ever available to the running process**, rotation means: update the value in vault and bounce the pod, done. This is the way.
Passbolt
-
Open Source alternatives to tools you Pay for
Passbolt - Open Source Alternative to 1Password
-
Preferred password manager?
Here's another to add to the list, Passbolt. It is open source and basically built for teams and enterprise. It is design primarily with a unique security model which is based on asymmetric end-to-end encryption, with user-owned encryption keys and support easy cross functional team collaboration. Can it hosted on-prem or host it in cloud depending on your preference. Might be too much information and a tad bias as I work here but wanted you to have all the information as passbolt fits your requirement for business level password manager.
-
KeePass vs VaultWarden
Fyi there is also Passbolt.
- Has anyone tried PassBolt?
-
Self-hosted Secrets Manager (or something alike)
I currently switched from keepass to passbolt: https://www.passbolt.com/
-
Recommend me a password manager
I might be bias here as I work here but another recommendation would be passbolt. Open source password manager that is built for teams and businesses. You can either self-host or host it in the cloud, really depending on what you require and supports secure granular sharing of credentials with nested permission in just a few clicks. Its a solution that is built with security as a top priority. It supports asymmetric end-to-end encryption based on OpenPGP cryptography using both public-private key for encryption/decryption. No secret key is stored on the server side. Both the free community edition and the paid pro version are 100% open source.
-
How much of a security risk does all of our organization's passwords stored plaintext on our file server pose?
All that said...here's my shameless plug: I work for passbolt. You mentioned you have a small team, you might give it a look: https://www.passbolt.com/ there's a community edition you can install for free on the server of your choice. I'm here and happy to answer any questions.
-
What do you guys use for all your personal info?
Passbolt for passwords (backed up to KeepassX files)
-
Any suggestions for a Password Manager + Secrets Manager for small teams?
Have you checked out Passbolt? Its open source built for teams and organisations. Supports asymmetric end-to-end encryption, based on OpenPGP. Its on-prem or you can host it in cloud. You can either opt for the Pro/Enterprise version or the free community edition depending on what you need.
- LastPass says employee’s home computer was hacked and corporate vault taken | Already smarting from a breach that stole customer vaults, LastPass has more bad news.
What are some alternatives?
kubernetes-external-secrets - Integrate external secret management systems with Kubernetes
vaultwarden - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
postgres-operator - Postgres operator creates and manages PostgreSQL clusters running in Kubernetes
Bitwarden - The core infrastructure backend (API, database, Docker, etc).
vault-csi-provider - HashiCorp Vault Provider for Secret Store CSI Driver
sysPass - Systems Password Manager
secrets-store-csi-driver-provider-azure - Azure Key Vault provider for Secret Store CSI driver allows you to get secret contents stored in Azure Key Vault instance and use the Secret Store CSI driver interface to mount them into Kubernetes pods.
Teampass - Collaborative Passwords Manager
postgres-operator - Production PostgreSQL for Kubernetes, from high availability Postgres clusters to full-scale database-as-a-service.
Padloc - A modern, open source password manager for individuals and teams.
helm-charts - A curated set of Helm charts brought to you by codecentric
bitwarden_rs - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs [Moved to: https://github.com/dani-garcia/vaultwarden]