chamber
credstash
chamber | credstash | |
---|---|---|
12 | 3 | |
2,403 | 2,053 | |
0.5% | 0.0% | |
7.5 | 0.0 | |
4 days ago | about 2 years ago | |
Go | Python | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
chamber
-
ssmsh VS chamber - a user suggested alternative
2 projects | 9 Nov 2023
Chamber takes an opinionated view on AWS Parameter store as compared to ssmsh
-
Ask HN: Secure and simple way for secret/credential management in a startup?
Building on this I’ve found https://github.com/segmentio/chamber to be super useful
-
I need some feedback on the README for my Django Base Site
For secrets, the PaaS platform (Github Actions, Fly.io, etc.) I usually use has a method that works with environment variables. If I need something custom on AWS, then I use Chamber backed by AWS KMS.
- Can't believe Next.js founder said my open source project is 'fantastic'
-
How can you add secrets to a dockerfile/image from AWS (Secret Manager)
We use Chamber (https://github.com/segmentio/chamber) to do this for us. Bring it into your image and use the environment variables as necessary. Some applications support using environment variables natively, you might need to add a script to write them into your config files.
-
Interfacing w/ AWS Parameter Store via REST API
You can take a look at some code I wrote a while back to do this if you want examples https://github.com/segmentio/chamber/blob/master/store/ssmstore.go .
-
How do you share and sync .env files for your team
We use AWS Parameter Store and segmentio/chamber.
-
Not sure if DevOps, but a few questions.
https://github.com/segmentio/chamber is nice with parameter store, ive used it in the past.
-
Exporting Parameter Store values to /etc/environment in a deployed EC2 instance from CloudFormation
Use Chamber.
-
Configuration of software baked into AMI
For interacting with SSM, I would recommend using https://github.com/segmentio/chamber. You could add something to your user-data script that uses chamber to load a config file (chamber export is one way to do it) from SSM on startup. You could also use Systems Manager to enable you to do a "hot reload" of sorts by sending a command to your server to run the chamber command and restart your application.
credstash
-
Ask HN: Secure and simple way for secret/credential management in a startup?
Hello,
At my current gig we're using doppler[^1] (no affiliation) for application secrets. We're using doppler with their kubernetes operator which supports auto-rotation on secrets. Secrets are set as "env variables". So far, doppler has not suffer big outages or we did not notice, because the operator will keep working even if their API is down - of course you won't get updates. Access control could be more _fine grained_ and they added secret auto-rotation option recently[^2]. We don't use that yet.
I've been a happy 1Password user (no affiliation) and we use it company wide to share user secrets. 1Password support CI/CD integration IIRC, so in theory should cover most use cases.
If you can pay for AWS Vault, the terraform integration comes out of the box. However if you're a small team running vault might be a daunting task and you're inserting another SPoF.
There are many open source application secrets tools that you could check out though. In the past I had great experience with credstash[^3]. Credstash is a really simple and secure open source solution that is based on AWS KMS, IAM and DynamoDB. Costs pennies to run for medium size deployments. Once you setup and document the way to use it, it's really easy. The downside is that as a tool is pretty _raw_ you have to build things like "secret generators", etc. But combined with a slack bot can be a really powerful, secure, open-source solution.
If you have specific questions about any of the above tools feel free to drop an email. I'll happy to answer questions.
[^1]: https://www.doppler.com/
[^2]: Auto-rotation is complicated because you need to integrate the auto-rotation with external tools yourself most of the times. There are Hashi-Vault modules for SQL DBs but not for Mailgun or CloudFlare for example.
[^3]: https://github.com/fugue/credstash
-
Question: dynanmoDB - Credstash, is there a way to put a cred in that has multi-lines in the value?
Hi, credstash dev here. I think the issue is with your shell not with credstash. You need to pass in an actual newline character into the argument if you want to store a newline.
-
Why should I NOT store customers API keys in DynamoDB?
Link to Credstash if you're curious: https://github.com/fugue/credstash
What are some alternatives?
sops - Simple and flexible tool for managing secrets
leapp - Leapp is the DevTool to access your cloud
git2consul - Mirrors the contents of a git repository into Consul KVs.
hiera-eyaml-vault - A hiera-eyaml encryption plugin for Vault's transit engine
aws-sdk-go-v2 - AWS SDK for the Go programming language.
petems-hiera_vault - A hiera backend for access to secrets being stored in HashiCorp Vault
django-base-site - The Django Base Site is a Django site that is built using the best Django practices and comes with all the common Django packages that you need to jumpstart your next project.
aws-secret-sidecar-injector - Kubernetes mutating webhook to fetch secrets from AWS Secrets Manager
gonsul - A stand-alone alternative to git2consul
cfn-secret-provider - A CloudFormation custom resource provider for deploying secrets and keys
compose-cli - Easily run your Compose application to the cloud with compose-cli
infisical - ♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure and prevent secret leaks.