Go Vault

Open-source Go projects categorized as Vault | Edit details

Top 23 Go Vault Projects

  • consul

    Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.

    Project mention: Roblox October Outage Postmortem | news.ycombinator.com | 2022-01-20

    Consul is much older than 4 years old (public availability in 2014; 1.0 release in 2017, with a lot of sites using 0.x in production long before). And the fact that they didn't encounter this pathological case until Q4 2021 tells us that they got a lot of life out of it until now. They also were planning to switch over to bbolt back in 2020[1].

    The developers at Hashicorp are top-tier, and this doesn't substantially change their reputation in my eyes. Hindsight is always 20/20.

    Let's end this thread; blaming doesn't help anyone.

    [1] https://github.com/hashicorp/consul/issues/8442

  • Vault

    A tool for secrets management, encryption as a service, and privileged access management

    Project mention: What's your methodology for passwords? | reddit.com/r/sysadmin | 2022-01-22

    for non browser things: pwgen -Cy 12 , storing them in vault or k8s secrets, depends on use case

  • OPS

    OPS - Build and Run Open Source Unikernels. Quickly and easily build and deploy open source unikernels in tens of seconds. Deploy in any language to any cloud.

  • fabio

    Consul Load-Balancing made simple

    Project mention: HashiCorp Consul: What's the catch? | reddit.com/r/devops | 2021-09-04

    HAProxy, Traefik, FabioLB, gobetween, and F5 BIG-IP also support native integrations with Consul for service discovery / service mesh.

  • consul-template

    Template rendering, notifier, and supervisor for @HashiCorp Consul and Vault data.

    Project mention: Crate for AES256 - which one to choose? Questions about block cipher modes and AEAD too. | reddit.com/r/rust | 2021-12-03

    I would really suggest avoiding implementing your own stuff and either running Hashicorp Vault or seeing if your hosting provider has some secrets manager service.

  • envconsul

    Launch a subprocess with environment variables using data from @HashiCorp Consul and Vault.

    Project mention: How to Handle Secrets on the Command Line | news.ycombinator.com | 2021-06-13

    You have envchain to store secrets as ENV variables in your keyring and execute commands:


    Not really something you would use for production web apps, I think envconsul covers that usecase:


  • gomplate

    A flexible commandline tool for template rendering. Supports lots of local and remote datasources.

    Project mention: Show HN: Stamp turns a folder into a plain text file and a file into a folder | news.ycombinator.com | 2021-02-07

    Cookiecutter is nice but it requires an entire python install to run, which is a big thing to ask for some of the scenarios mentioned by the tool creator (like someone going through a simple learning tutorial which might not even be using python at all).

    IMHO gomplate is a nicer alternative that's just a single static go-based tool that can do everything cookiecutter does and a lot more: https://github.com/hairyhenderson/gomplate

  • bank-vaults

    A Vault swiss-army knife: a K8s operator, Go client with automatic token renewal, automatic configuration, multiple unseal options and more. A CLI tool to init, unseal and configure Vault (auth methods, secret engines). Direct secret injection into Pods.

    Project mention: How to manage passwords in Helm | reddit.com/r/devops | 2021-08-21
  • SonarLint

    Deliver Cleaner and Safer Code - Right in Your IDE of Choice!. SonarLint is a free and open source IDE extension that identifies and catches bugs and vulnerabilities as you code, directly in the IDE. Install from your favorite IDE marketplace today.

  • Databunker

    Secure SDK/vault for personal records/PII built to comply with GDPR

    Project mention: Practical GDPR Compliance Guide for Startup Founders | reddit.com/r/selfhosted | 2021-12-01
  • konfig

    Composable, observable and performant config handling for Go for the distributed processing era

  • teller

    A secrets management tool for developers built in Go - never leave your command line for secrets.

    Project mention: What are some of the credential scanning tools | reddit.com/r/azuredevops | 2021-06-01

    You could use Spectral (https://spectralops.io) (disclaimer: I'm one of the founders), And if you're looking to scan credentials originating from your vaults and keystores you could use Teller, which is an open source vault scanner and secrets hub for developers that I've built: https://github.com/SpectralOps/teller

  • vault-secrets-operator

    Create Kubernetes secrets from Vault for a secure GitOps based workflow.

    Project mention: Hashicorp Vault integration with Secret objects | reddit.com/r/kubernetes | 2021-08-31

    It is but it affects vault-secrets-operator too, see https://github.com/ricoberger/vault-secrets-operator/issues/104 (and no, I’ve only use vault-secrets-operator)

  • Sup3rS3cretMes5age

    Simple to use, simple to deploy, one time self destruct messaging service, with hashicorp vault as a backend

    Project mention: Bitwarden Send | news.ycombinator.com | 2021-03-12

    Double-comment but check out https://github.com/algolia/sup3rS3cretMes5age

    I live in a country where sharing my entire life in paperwork is sadly normalized. Having a self-hosted one-time-secret service for file uploads is so nice.

  • hashi-up

    bootstrap HashiCorp Consul, Nomad, or Vault over SSH < 1 minute

    Project mention: Show HN: Hashi-Up – Bootstrap HashiCorp Consul, Nomad, or Vault over SSH | news.ycombinator.com | 2021-04-26
  • argocd-vault-plugin

    An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets

    Project mention: Removing replication count, resource, tolerations, pvc when app is onboarded using ArgoCD | reddit.com/r/GitOps | 2022-01-08
  • vault-csi-provider

    HashiCorp Vault Provider for Secret Store CSI Driver

    Project mention: Inject Secrets into your Pod Environments at the Container Runtime | reddit.com/r/kubernetes | 2021-07-17

    Why not use https://github.com/kubernetes-sigs/secrets-store-csi-driver to do this? Then you don't have a strict binding to runc. A live example of using the CSI driver with a secrets provider is https://github.com/hashicorp/vault-csi-provider

  • vaku

    Vaku extends the Vault API & CLI

    Project mention: Ask HN: What are some tools / libraries you built yourself? | news.ycombinator.com | 2021-05-16

    Vaku - A CLI for Vault that lets you operate on folders instead of just paths. Search, copy, move, read vault folders easily.


  • lockgit

    A CLI tool for storing encrypted data in a git repo

    Project mention: RFC 8959: The “secret-token” URI Scheme | news.ycombinator.com | 2021-01-31

    If people are looking for a way to put encrypted files into git, you can use LockGit https://github.com/jswidler/lockgit.

  • medusa

    A cli tool for importing and exporting Hashicorp Vault secrets (by jonasvinther)

    Project mention: wrote a small cli for recursively listing secrets from vaults kv engine, thought it may be interesting for you guys | reddit.com/r/hashicorp | 2021-11-28

    Cool project. Maybe take a look at Medusa. I think we try to do some of the same things 🙂 https://github.com/jonasvinther/medusa

  • harp

    Secret management toolchain (by elastic)

    Project mention: Elastic Harp v0.2.1 - Secret management pipeline toolchain | reddit.com/r/devsecops | 2021-11-18
  • k8s-vault-webhook

    A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers

    Project mention: Kubernetes Vault Webhook to manage secrets inside Kubernetes | reddit.com/r/openshift | 2021-05-10
  • vault-creds

    Sidecar container for requesting dynamic Vault database secrets

    Project mention: Hashicorp Vault for Developers? | reddit.com/r/devops | 2021-10-01

    Exactly, we hide this from our devs. They can add secrets to hc vault via ui or via cli and know the „keywords“ to render it to properties. Which we then provide via env vars or properties file to app. For databases we do the same, there we use https://github.com/uswitch/vault-creds which hides the database related things. For encrypted communication we used in the past a sidecar with envoy that simply took certs from vault and in our apps we added the pki ca we managed via vault. So this was also hidden and devs not had to take care of encryption in their apps (today you use a service mesh for it) ;) and especially were also not affected by expired certs, as envoy has hot reload. For Kafka we still use this mechanism to implement authn and authz. There we have a callback which rotates pods when Kafka keystone is near expiry date. The only thing our devs have to worry about is encryption as a service. There I found so far no abstraction.

  • rvault

    Small tool to perform some recursive operations on Hashicorp's Vault KV (by kir4h)

    Project mention: Directory Structure of Vault Paths | reddit.com/r/hashicorp | 2021-12-02

    If we had additional information as to what you were after, other than only curiosity, then there may be other solutions to accomplish your goal (like rvault).

  • vault-converter

    Support converting Vault Secrets to diffrent formats.

    Project mention: Storing Terraform variables with Vault Converter | reddit.com/r/Terraform | 2021-10-13

    Repository: https://github.com/vietanhduong/vault-converter

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-01-22.

Go Vault related posts


What are some of the best open-source Vault projects in Go? This list will help you:

Project Stars
1 consul 24,052
2 Vault 22,623
3 fabio 6,867
4 consul-template 4,394
5 envconsul 1,777
6 gomplate 1,594
7 bank-vaults 1,561
8 Databunker 946
9 konfig 619
10 teller 520
11 vault-secrets-operator 451
12 Sup3rS3cretMes5age 361
13 hashi-up 344
14 argocd-vault-plugin 309
15 vault-csi-provider 168
16 vaku 128
17 lockgit 118
18 medusa 116
19 harp 114
20 k8s-vault-webhook 105
21 vault-creds 83
22 rvault 16
23 vault-converter 12
Find remote jobs at our new job board 99remotejobs.com. There are 30 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
Less time debugging, more time building
Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.