cryptr
wrongsecrets
Our great sponsors
cryptr | wrongsecrets | |
---|---|---|
3 | 9 | |
485 | 422 | |
0.0% | - | |
0.0 | 9.7 | |
about 1 year ago | over 1 year ago | |
HTML | Java | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cryptr
-
HashiCorp Vault Forked into OpenBao
My colleague at Adobe built one for our own use, since HashiCorp didn't provide one at the time: https://github.com/adobe/cryptr
IIRC HashiCorp was not interested in supporting these kinds of tools because they were in direct competition with the Vault enterprise offering.
-
Are there "Configuration Manager" solution out there?
Something like cryptr working on top of Hashicorp vault? https://github.com/adobe/cryptr
-
Recommended Vault Services?
Adobe built a web UI for Vault, if you want to use it more like a password manager: https://github.com/adobe/cryptr
wrongsecrets
- Learning secrets management in the modern world using OWASP WrongSecrets Project : Hands-on Labs, CTF style challenges
- Learning secrets management in the modern world using OWASP WrongSecrets Project
-
OWASP WrongSecrets Demo - How NOT to store secrets with the project founder Jeroen Willemsen
TL:DR OWASP WrongSecrets is a great project that gamified app that teaches how not to store secrets. The project was created from real examples that Jeroen and others came across in their work as security engineers (Or mistakes they have made) The App uses a number of different technologies such as docker to show common ways secrets are leaked. The challenges get more difficult as you go and give hints and have comments why this is a bad practice. https://github.com/commjoen/wrongsecrets
-
Secure Deployment: 10 Pointers on Secrets Management
OWASP SAMM on secret management Secure deployment Exercises/examples on how(not) to use secrets Canarytokens Have I been pwned? Gitleaks, Trufflehog
- OWASP WrongSecrets: Examples with how to not use secrets
-
What are some free resources for learning hacking?
Maybe to add: Webgoat https://github.com/WebGoat/WebGoat Juice shop https://github.com/juice-shop/juice-shop Wrongsecrets https://github.com/commjoen/wrongsecrets
-
Want to try some secrets hunting?
Hi! Some friends and I are making a p0wnable app around secrets management! Do you want to give a very early version a shot? Check it out over here. And let us know what you think!
What are some alternatives?
harp - Secret management by contract toolchain
juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
k8s-vault-webhook - A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers
trufflehog - Find and verify secrets
openbao - OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys.
WebGoat - WebGoat is a deliberately insecure application
medusa - A cli tool for importing and exporting Hashicorp Vault secrets
kubernetes-client - Java client for Kubernetes & OpenShift
Keywhiz - A system for distributing and managing secrets
gitleaks - Protect and discover secrets using Gitleaks 🔑
spring-cloud-kubernetes - Kubernetes integration with Spring Cloud Discovery Client, Configuration, etc...
jib - 🏗 Build container images for your Java applications.