libvault
vault-plugin-secrets-github
libvault | vault-plugin-secrets-github | |
---|---|---|
4 | 3 | |
74 | 254 | |
- | - | |
1.8 | 6.1 | |
almost 3 years ago | 15 days ago | |
Go | Go | |
GNU General Public License v3.0 only | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
libvault
- A lightweight Vault client module written in Go, with no dependencies, that is intuitive and user-friendly
- Show HN: Libvault – lightweight Vault client in Go, with no dependencies
-
libvault - my first opensource project. A lightweight client module to work with a Vault server
Link to the repo: https://github.com/canidam/libvault
vault-plugin-secrets-github
-
GitHub: Packages support for fine-grained PATs
The gold standard is to have these tokens be emphermaland hove them issued my something like https://github.com/martinbaillie/vault-plugin-secrets-github. You should never rely on manually rotating tokens, it's 2024 and we have decades of production outages due to expired certs to prove that this stuff needs to be automated. Having mandatory expiration is a great way to incentivize users to do the right thing here.
-
Fine-grained personal access tokens for GitHub
There's a really nice HashiCorp Vault plugin to generate finely scoped JIT GitHub token: https://github.com/martinbaillie/vault-plugin-secrets-github
-
For those using argo with github, how do you handle your personal access token expiration?
Do you have HashiCorp Vault in your stack? I haven't used this particular one, but a Vault plugin such as this would be a viable way to manage token generation: https://github.com/martinbaillie/vault-plugin-secrets-github
What are some alternatives?
go - The Go programming language
shamir - 🔑 A CLI frontend for Hashicorp Vault's Shamir's Secret Sharing implementation.
vault-unseal - auto-unseal utility for Hashicorp Vault
medusa - A cli tool for importing and exporting Hashicorp Vault secrets
Vault - A tool for secrets management, encryption as a service, and privileged access management
secrets-store-csi-driver - Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a CSI volume.
nomad-gitops-operator - A GitOps operator for Hashicorp Nomad
vault-secrets-operator - The Vault Secrets Operator (VSO) allows Pods to consume Vault secrets natively from Kubernetes Secrets.
vkv - vkv enables you to list, compare, move, import, document, backup & encrypt secrets from a HashiCorp Vault KV engine
vops - A wrapper for the HashiCorp Vault CLI