teller
envchain
teller | envchain | |
---|---|---|
9 | 3 | |
2,544 | 1,139 | |
1.3% | - | |
6.2 | 0.0 | |
12 days ago | almost 2 years ago | |
Go | C | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
teller
- Teller: Universal secret manager, never leave your terminal to use secrets
-
How do you protect your secret keys in your local computer?
I use a teller to pass secrets to my apps/commands, secret values are stored in OSX keychain, .env file or AWS Vault. It depends on project / environment context.
-
What do you guys use to manage .env files?
Have you seen Teller? https://tlr.dev it’s part of CNcF.
-
Which Tools Do You use daily for Golang development?
Air for live reloading https://github.com/cosmtrek/air, Teller for env and secret manager https://tlr.dev, Okteto cloud development https://www.okteto.com
-
I created an open source secrets manager and Y Combinator just invested in it!
This is similar to teller? https://github.com/tellerops/teller
-
Need to find an open source secrets scanner solution. any suggestions from personal use only?
I also found this one: https://github.com/tellerops/teller has anyone used it?
- Hyperstack - a new open source Node.js web framework with everything included
-
What are some of the credential scanning tools
You could use Spectral (https://spectralops.io) (disclaimer: I'm one of the founders), And if you're looking to scan credentials originating from your vaults and keystores you could use Teller, which is an open source vault scanner and secrets hub for developers that I've built: https://github.com/SpectralOps/teller
- teller - a universal secret manager for developers built with Go
envchain
-
How do you protect your secret keys in your local computer?
I use https://github.com/sorah/envchain. It stores your secrets in Keychain (macOS) or gnome-keyring.
-
Secretlint 6: masking API tokens in .bash_history and .zsh_history
Credentials are often stored as raw text in .config/ or ~/.aws. These can be found in 1Password Shell Plugins, op run, zenv, envchain, etc. to avoid storing raw tokens in files.
-
How to Handle Secrets on the Command Line
You have envchain to store secrets as ENV variables in your keyring and execute commands:
https://github.com/sorah/envchain
Not really something you would use for production web apps, I think envconsul covers that usecase:
https://github.com/hashicorp/envconsul
What are some alternatives?
kubernetes-external-secrets - Integrate external secret management systems with Kubernetes [Moved to: https://github.com/external-secrets/kubernetes-external-secrets]
Mosh - Mobile Shell
k8s-vault-webhook - A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers
gosec - Go security checker
gitleaks - Protect and discover secrets using Gitleaks 🔑
platform-compat - Roslyn analyzer that finds usages of APIs that will throw PlatformNotSupportedException on certain platforms.
infisical - ♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure and prevent secret leaks.
envconsul - Launch a subprocess with environment variables using data from @HashiCorp Consul and Vault.
env-vault - Launch a program with environment variables populated from an encrypted file
dotfiles - Home directory with an absurd amount of tweaks
levant - An open source templating and deployment tool for HashiCorp Nomad jobs
secretlint - Pluggable linting tool to prevent committing credential.