op-js VS Vault

To get started with the 1Password CLI, visit the official 1Password CLI documentation. Here, you'll find installation guides, usage examples, and how to integrate it with various tools and workflows, including Git and SSH authentication.

1Password CLI: Automate administrative tasks, securely provision secrets across development environments, and use biometrics to authenticate in the terminal.

1Password CLI is great, having a single source for managing access keys and being able to use fingerprint ID on a Mac is such a cool feature. The AWS plugin works great, but if you want to use AWS through a third party (in this case Terraform), I failed to get it to work.

I know it's not FOSS but 1Password does have a decently fully-featured CLI client

https://developer.1password.com/docs/cli/

I used to be anti hosted password managers, but I was recommended using 1password and their CLI client to manage my passwords.

When a customer emails me to request access, all I have to do is copy their username from the email they sent me, then I press ⌃-⌥-⌘-A, and it's done! This automation uses Keyboard Maestro, the GitHub API, and 1Password CLI.

The 1Password CLI. You can find the installation docs here.

VS Code extensions run in a Node environment, and we wanted to interact with the new CLI. So we built and open-sourced an entirely new package for doing exactly this: op-js. It wraps the CLI with a simple-to-use JavaScript interface and ships with TypeScript declarations, making 60+ commands, including those that support biometrics unlock, available to your Node-based application.

HashiCorp Vault

For a more comprehensive and robust secret management solution, get your hands on tools like GCP Secret Manager, or HashiCorp Vault. They're like the security guards of your secrets, providing a safe house, access control, and keeping logs of who’s been snooping around.

HashiCorp Vault is a popular tool for managing secrets in Kubernetes clusters. It offers advanced features such as secure storage, encryption, dynamic secrets generation, and integration with Kubernetes through its Kubernetes authentication method.

So you've just bought a new platform tool? Maybe it's Hashicorp Vault? Snyk? Backstage? You’re excited about all of the developer experience, security and other benefits you're about to unleash on your company—right? But wait…

You seem to be looking for a cross-platform solution, and https://www.vaultproject.io/ provides just that. If everything was in AWS, AWS Secret Manager might be great, but imo Vault provides much better platform-agnostic capabilities.

https://github.com/openwrt/luci/blob/master/applications/luc...

https://developer.hashicorp.com/vault/tutorials/secrets-mana... https://github.com/hashicorp/vault :

> Refer to Build Certificate Authority (CA) in Vault with an offline Root for an example of using a root CA external to Vault.

Secret Management: Securely stores sensitive configuration data and secrets using tools like AWS Secrets Manager or HashiCorp Vault. Avoid hardcoding secrets in code or configuration files.

The author of this tool basically took the Shamir code from Hashicorp Vault, which is pretty mainstream. If you're looking for a solid implementation, I would start there[0]. I wouldn't use the Shamir code from this repo, as it's an old version of the vault code using field arithmetic that doesn't run in constant time.

[0]: https://github.com/hashicorp/vault/blob/main/shamir/shamir.g...

Out of curiosity, what do you mean by this? cross-cluster? they already have HA: https://github.com/hashicorp/vault/blob/v1.14.1/website/cont...

while digging up that link, I also saw one named replication: https://github.com/hashicorp/vault/blob/v1.14.1/website/cont...