Top 23 Go Vault Projects
-
Project mention: Mayday, mayday! I need a scalable infrastructure to migrate on Scaleway Elements! Part 1 - Networking & Security | dev.to | 2021-11-12
For easier visibility and auditing, central store API keys in a solution like Vault and in a dedicated project.
-
HAProxy, Traefik, FabioLB, gobetween, and F5 BIG-IP also support native integrations with Consul for service discovery / service mesh.
-
-
Project mention: Chezmoi: Manage your dotfiles across multiple diverse machines, securely | news.ycombinator.com | 2021-11-21
-
Project mention: Crate for AES256 - which one to choose? Questions about block cipher modes and AEAD too. | reddit.com/r/rust | 2021-12-03
I would really suggest avoiding implementing your own stuff and either running Hashicorp Vault or seeing if your hosting provider has some secrets manager service.
-
envconsul
Launch a subprocess with environment variables using data from @HashiCorp Consul and Vault.
You have envchain to store secrets as ENV variables in your keyring and execute commands:
https://github.com/sorah/envchain
Not really something you would use for production web apps, I think envconsul covers that usecase:
-
gomplate
A flexible commandline tool for template rendering. Supports lots of local and remote datasources.
Project mention: Show HN: Stamp turns a folder into a plain text file and a file into a folder | news.ycombinator.com | 2021-02-07Cookiecutter is nice but it requires an entire python install to run, which is a big thing to ask for some of the scenarios mentioned by the tool creator (like someone going through a simple learning tutorial which might not even be using python at all).
IMHO gomplate is a nicer alternative that's just a single static go-based tool that can do everything cookiecutter does and a lot more: https://github.com/hairyhenderson/gomplate
-
bank-vaults
A Vault swiss-army knife: a K8s operator, Go client with automatic token renewal, automatic configuration, multiple unseal options and more. A CLI tool to init, unseal and configure Vault (auth methods, secret engines). Direct secret injection into Pods.
-
Scout APM
Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
-
Project mention: Practical GDPR Compliance Guide for Startup Founders | reddit.com/r/selfhosted | 2021-12-01
-
konfig
Composable, observable and performant config handling for Go for the distributed processing era
-
teller
A secrets management tool for developers built in Go - never leave your command line for secrets.
Project mention: What are some of the credential scanning tools | reddit.com/r/azuredevops | 2021-06-01You could use Spectral (https://spectralops.io) (disclaimer: I'm one of the founders), And if you're looking to scan credentials originating from your vaults and keystores you could use Teller, which is an open source vault scanner and secrets hub for developers that I've built: https://github.com/SpectralOps/teller
-
Project mention: Hashicorp Vault integration with Secret objects | reddit.com/r/kubernetes | 2021-08-31
It is but it affects vault-secrets-operator too, see https://github.com/ricoberger/vault-secrets-operator/issues/104 (and no, I’ve only use vault-secrets-operator)
-
Sup3rS3cretMes5age
Simple to use, simple to deploy, one time self destruct messaging service, with hashicorp vault as a backend
Double-comment but check out https://github.com/algolia/sup3rS3cretMes5age
I live in a country where sharing my entire life in paperwork is sadly normalized. Having a self-hosted one-time-secret service for file uploads is so nice.
-
argocd-vault-plugin
An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets
Project mention: Best/Secure way to add a secret for ArgoCD Helm Chart? | reddit.com/r/kubernetes | 2021-10-05I used argocd vault plugin https://github.com/IBM/argocd-vault-plugin
-
Project mention: Inject Secrets into your Pod Environments at the Container Runtime | reddit.com/r/kubernetes | 2021-07-17
Why not use https://github.com/kubernetes-sigs/secrets-store-csi-driver to do this? Then you don't have a strict binding to runc. A live example of using the CSI driver with a secrets provider is https://github.com/hashicorp/vault-csi-provider
-
Project mention: Ask HN: What are some tools / libraries you built yourself? | news.ycombinator.com | 2021-05-16
Vaku - A CLI for Vault that lets you operate on folders instead of just paths. Search, copy, move, read vault folders easily.
-
If people are looking for a way to put encrypted files into git, you can use LockGit https://github.com/jswidler/lockgit.
-
Project mention: Elastic Harp v0.2.1 - Secret management pipeline toolchain | reddit.com/r/devsecops | 2021-11-18
-
Project mention: wrote a small cli for recursively listing secrets from vaults kv engine, thought it may be interesting for you guys | reddit.com/r/hashicorp | 2021-11-28
Cool project. Maybe take a look at Medusa. I think we try to do some of the same things 🙂 https://github.com/jonasvinther/medusa
-
k8s-vault-webhook
A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers
Project mention: Kubernetes Vault Webhook to manage secrets inside Kubernetes | reddit.com/r/openshift | 2021-05-10 -
Exactly, we hide this from our devs. They can add secrets to hc vault via ui or via cli and know the „keywords“ to render it to properties. Which we then provide via env vars or properties file to app. For databases we do the same, there we use https://github.com/uswitch/vault-creds which hides the database related things. For encrypted communication we used in the past a sidecar with envoy that simply took certs from vault and in our apps we added the pki ca we managed via vault. So this was also hidden and devs not had to take care of encryption in their apps (today you use a service mesh for it) ;) and especially were also not affected by expired certs, as envoy has hot reload. For Kafka we still use this mechanism to implement authn and authz. There we have a callback which rotates pods when Kafka keystone is near expiry date. The only thing our devs have to worry about is encryption as a service. There I found so far no abstraction.
-
If we had additional information as to what you were after, other than only curiosity, then there may be other solutions to accomplish your goal (like rvault).
-
Project mention: Storing Terraform variables with Vault Converter | reddit.com/r/Terraform | 2021-10-13
Repository: https://github.com/vietanhduong/vault-converter
-
Go Vault related posts
- Directory Structure of Vault Paths
- wrote a small cli for recursively listing secrets from vaults kv engine, thought it may be interesting for you guys
- Do you have a TODO checklist when creating clusters from scratch?
- A security disaster waiting to happen
- An Update on Our Outage
- My thoughts on the HashiCorp Infrastructure Automation Certification
- Medusa: A cli tool for importing and exporting Vault secrets
Index
What are some of the best open-source Vault projects in Go? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | Vault | 22,267 |
| 2 | fabio | 6,827 |
| 3 | chezmoi | 5,417 |
| 4 | consul-template | 4,364 |
| 5 | envconsul | 1,748 |
| 6 | gomplate | 1,543 |
| 7 | bank-vaults | 1,520 |
| 8 | Databunker | 922 |
| 9 | konfig | 615 |
| 10 | teller | 498 |
| 11 | vault-secrets-operator | 423 |
| 12 | Sup3rS3cretMes5age | 350 |
| 13 | argocd-vault-plugin | 255 |
| 14 | vault-csi-provider | 157 |
| 15 | vaku | 126 |
| 16 | lockgit | 116 |
| 17 | harp | 104 |
| 18 | medusa | 104 |
| 19 | k8s-vault-webhook | 98 |
| 20 | vault-creds | 83 |
| 21 | rvault | 15 |
| 22 | vault-converter | 12 |
| 23 | spiffe-vault | 8 |
Are you hiring? Post a new remote job listing for free.
