vault-secrets-operator
vault-plugin-secrets-github
vault-secrets-operator | vault-plugin-secrets-github | |
---|---|---|
2 | 3 | |
416 | 254 | |
3.8% | - | |
9.5 | 6.1 | |
1 day ago | 7 days ago | |
Go | Go | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
vault-secrets-operator
- How to securely store configs across microservices and not commit secrets to vc
-
vault secrets operator dynamic database secret
does anyone have a working example of the vault secrets operator using the vault database engine?
vault-plugin-secrets-github
-
GitHub: Packages support for fine-grained PATs
The gold standard is to have these tokens be emphermaland hove them issued my something like https://github.com/martinbaillie/vault-plugin-secrets-github. You should never rely on manually rotating tokens, it's 2024 and we have decades of production outages due to expired certs to prove that this stuff needs to be automated. Having mandatory expiration is a great way to incentivize users to do the right thing here.
-
Fine-grained personal access tokens for GitHub
There's a really nice HashiCorp Vault plugin to generate finely scoped JIT GitHub token: https://github.com/martinbaillie/vault-plugin-secrets-github
-
For those using argo with github, how do you handle your personal access token expiration?
Do you have HashiCorp Vault in your stack? I haven't used this particular one, but a Vault plugin such as this would be a viable way to manage token generation: https://github.com/martinbaillie/vault-plugin-secrets-github
What are some alternatives?
external-secrets - External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets.
shamir - 🔑 A CLI frontend for Hashicorp Vault's Shamir's Secret Sharing implementation.
bank-vaults - A Vault swiss-army knife: A CLI tool to init, unseal and configure Vault (auth methods, secret engines).
libvault - A lightweight Vault client module written in Go, with no dependencies, that is intuitive and user-friendly
rvault - Small tool to perform some recursive operations on Hashicorp's Vault KV
medusa - A cli tool for importing and exporting Hashicorp Vault secrets
vops - A wrapper for the HashiCorp Vault CLI
secrets-store-csi-driver - Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.
secrets-manager - A daemon to sync Vault secrets to Kubernetes secrets