medusa
vault-plugin-secrets-github
medusa | vault-plugin-secrets-github | |
---|---|---|
5 | 3 | |
426 | 254 | |
- | - | |
6.4 | 6.1 | |
13 days ago | 15 days ago | |
Go | Go | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
medusa
-
Importing and exporting kv secrets in Vault
Link to the project: https://github.com/jonasvinther/medusa
- Automatically import Secrets INTO Vault
-
wrote a small cli for recursively listing secrets from vaults kv engine, thought it may be interesting for you guys
Cool project. Maybe take a look at Medusa. I think we try to do some of the same things 🙂 https://github.com/jonasvinther/medusa
- Medusa: A cli tool for importing and exporting Vault secrets
- I made a cli tool that can do secure export and import of secrets in HashiCorp Vault
vault-plugin-secrets-github
-
GitHub: Packages support for fine-grained PATs
The gold standard is to have these tokens be emphermaland hove them issued my something like https://github.com/martinbaillie/vault-plugin-secrets-github. You should never rely on manually rotating tokens, it's 2024 and we have decades of production outages due to expired certs to prove that this stuff needs to be automated. Having mandatory expiration is a great way to incentivize users to do the right thing here.
-
Fine-grained personal access tokens for GitHub
There's a really nice HashiCorp Vault plugin to generate finely scoped JIT GitHub token: https://github.com/martinbaillie/vault-plugin-secrets-github
-
For those using argo with github, how do you handle your personal access token expiration?
Do you have HashiCorp Vault in your stack? I haven't used this particular one, but a Vault plugin such as this would be a viable way to manage token generation: https://github.com/martinbaillie/vault-plugin-secrets-github
What are some alternatives?
gomplate - A flexible commandline tool for template rendering. Supports lots of local and remote datasources.
shamir - 🔑 A CLI frontend for Hashicorp Vault's Shamir's Secret Sharing implementation.
vkv - vkv enables you to list, compare, move, import, document, backup & encrypt secrets from a HashiCorp Vault KV engine
libvault - A lightweight Vault client module written in Go, with no dependencies, that is intuitive and user-friendly
rvault - Small tool to perform some recursive operations on Hashicorp's Vault KV
secrets-store-csi-driver - Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.
vault-generate-secrets
vault-secrets-operator - The Vault Secrets Operator (VSO) allows Pods to consume Vault secrets natively from Kubernetes Secrets.
trousseau - Store and access your secrets the Kubernetes native way with any external KMS.
cobra - A Commander for modern Go CLI interactions
vault-converter - Support converting Vault Secrets to diffrent formats.
Sup3rS3cretMes5age - Simple to use, simple to deploy, one time self destruct messaging service, with hashicorp vault as a backend