Top 23 Go Vault Projects
-
consul
Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
Consul is much older than 4 years old (public availability in 2014; 1.0 release in 2017, with a lot of sites using 0.x in production long before). And the fact that they didn't encounter this pathological case until Q4 2021 tells us that they got a lot of life out of it until now. They also were planning to switch over to bbolt back in 2020[1].
The developers at Hashicorp are top-tier, and this doesn't substantially change their reputation in my eyes. Hindsight is always 20/20.
Let's end this thread; blaming doesn't help anyone.
-
for non browser things: pwgen -Cy 12 , storing them in vault or k8s secrets, depends on use case
-
OPS
OPS - Build and Run Open Source Unikernels. Quickly and easily build and deploy open source unikernels in tens of seconds. Deploy in any language to any cloud.
-
HAProxy, Traefik, FabioLB, gobetween, and F5 BIG-IP also support native integrations with Consul for service discovery / service mesh.
-
Project mention: Crate for AES256 - which one to choose? Questions about block cipher modes and AEAD too. | reddit.com/r/rust | 2021-12-03
I would really suggest avoiding implementing your own stuff and either running Hashicorp Vault or seeing if your hosting provider has some secrets manager service.
-
envconsul
Launch a subprocess with environment variables using data from @HashiCorp Consul and Vault.
You have envchain to store secrets as ENV variables in your keyring and execute commands:
https://github.com/sorah/envchain
Not really something you would use for production web apps, I think envconsul covers that usecase:
-
gomplate
A flexible commandline tool for template rendering. Supports lots of local and remote datasources.
Project mention: Show HN: Stamp turns a folder into a plain text file and a file into a folder | news.ycombinator.com | 2021-02-07Cookiecutter is nice but it requires an entire python install to run, which is a big thing to ask for some of the scenarios mentioned by the tool creator (like someone going through a simple learning tutorial which might not even be using python at all).
IMHO gomplate is a nicer alternative that's just a single static go-based tool that can do everything cookiecutter does and a lot more: https://github.com/hairyhenderson/gomplate
-
bank-vaults
A Vault swiss-army knife: a K8s operator, Go client with automatic token renewal, automatic configuration, multiple unseal options and more. A CLI tool to init, unseal and configure Vault (auth methods, secret engines). Direct secret injection into Pods.
-
SonarLint
Deliver Cleaner and Safer Code - Right in Your IDE of Choice!. SonarLint is a free and open source IDE extension that identifies and catches bugs and vulnerabilities as you code, directly in the IDE. Install from your favorite IDE marketplace today.
-
Project mention: Practical GDPR Compliance Guide for Startup Founders | reddit.com/r/selfhosted | 2021-12-01
-
konfig
Composable, observable and performant config handling for Go for the distributed processing era
-
teller
A secrets management tool for developers built in Go - never leave your command line for secrets.
Project mention: What are some of the credential scanning tools | reddit.com/r/azuredevops | 2021-06-01You could use Spectral (https://spectralops.io) (disclaimer: I'm one of the founders), And if you're looking to scan credentials originating from your vaults and keystores you could use Teller, which is an open source vault scanner and secrets hub for developers that I've built: https://github.com/SpectralOps/teller
-
Project mention: Hashicorp Vault integration with Secret objects | reddit.com/r/kubernetes | 2021-08-31
It is but it affects vault-secrets-operator too, see https://github.com/ricoberger/vault-secrets-operator/issues/104 (and no, I’ve only use vault-secrets-operator)
-
Sup3rS3cretMes5age
Simple to use, simple to deploy, one time self destruct messaging service, with hashicorp vault as a backend
Double-comment but check out https://github.com/algolia/sup3rS3cretMes5age
I live in a country where sharing my entire life in paperwork is sadly normalized. Having a self-hosted one-time-secret service for file uploads is so nice.
-
Project mention: Show HN: Hashi-Up – Bootstrap HashiCorp Consul, Nomad, or Vault over SSH | news.ycombinator.com | 2021-04-26
-
argocd-vault-plugin
An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets
Project mention: Removing replication count, resource, tolerations, pvc when app is onboarded using ArgoCD | reddit.com/r/GitOps | 2022-01-08 -
Project mention: Inject Secrets into your Pod Environments at the Container Runtime | reddit.com/r/kubernetes | 2021-07-17
Why not use https://github.com/kubernetes-sigs/secrets-store-csi-driver to do this? Then you don't have a strict binding to runc. A live example of using the CSI driver with a secrets provider is https://github.com/hashicorp/vault-csi-provider
-
Project mention: Ask HN: What are some tools / libraries you built yourself? | news.ycombinator.com | 2021-05-16
Vaku - A CLI for Vault that lets you operate on folders instead of just paths. Search, copy, move, read vault folders easily.
-
If people are looking for a way to put encrypted files into git, you can use LockGit https://github.com/jswidler/lockgit.
-
Project mention: wrote a small cli for recursively listing secrets from vaults kv engine, thought it may be interesting for you guys | reddit.com/r/hashicorp | 2021-11-28
Cool project. Maybe take a look at Medusa. I think we try to do some of the same things 🙂 https://github.com/jonasvinther/medusa
-
Project mention: Elastic Harp v0.2.1 - Secret management pipeline toolchain | reddit.com/r/devsecops | 2021-11-18
-
k8s-vault-webhook
A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers
Project mention: Kubernetes Vault Webhook to manage secrets inside Kubernetes | reddit.com/r/openshift | 2021-05-10 -
Exactly, we hide this from our devs. They can add secrets to hc vault via ui or via cli and know the „keywords“ to render it to properties. Which we then provide via env vars or properties file to app. For databases we do the same, there we use https://github.com/uswitch/vault-creds which hides the database related things. For encrypted communication we used in the past a sidecar with envoy that simply took certs from vault and in our apps we added the pki ca we managed via vault. So this was also hidden and devs not had to take care of encryption in their apps (today you use a service mesh for it) ;) and especially were also not affected by expired certs, as envoy has hot reload. For Kafka we still use this mechanism to implement authn and authz. There we have a callback which rotates pods when Kafka keystone is near expiry date. The only thing our devs have to worry about is encryption as a service. There I found so far no abstraction.
-
If we had additional information as to what you were after, other than only curiosity, then there may be other solutions to accomplish your goal (like rvault).
-
Project mention: Storing Terraform variables with Vault Converter | reddit.com/r/Terraform | 2021-10-13
Repository: https://github.com/vietanhduong/vault-converter
Go Vault related posts
- What's your methodology for passwords?
- How can I securely create user accounts within a docker container?
- Passing secrets over HTTPS ?
- hello reddit ... so I've been learning JS for like two months and I thought why not try and make a website to save my passwords since I'm lazy and I forget them all the Time. My question is : is it actually safe to keep my passwords and accounts in the local Storage ?
- Self hosted alternative to Azure Key Vault
- Vault community edition
- Hashicorp Vault | Dev and Prod server setup | Unseal | Policies | TLS setup
Index
What are some of the best open-source Vault projects in Go? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | consul | 24,052 |
| 2 | Vault | 22,623 |
| 3 | fabio | 6,867 |
| 4 | consul-template | 4,394 |
| 5 | envconsul | 1,777 |
| 6 | gomplate | 1,594 |
| 7 | bank-vaults | 1,561 |
| 8 | Databunker | 946 |
| 9 | konfig | 619 |
| 10 | teller | 520 |
| 11 | vault-secrets-operator | 451 |
| 12 | Sup3rS3cretMes5age | 361 |
| 13 | hashi-up | 344 |
| 14 | argocd-vault-plugin | 309 |
| 15 | vault-csi-provider | 168 |
| 16 | vaku | 128 |
| 17 | lockgit | 118 |
| 18 | medusa | 116 |
| 19 | harp | 114 |
| 20 | k8s-vault-webhook | 105 |
| 21 | vault-creds | 83 |
| 22 | rvault | 16 |
| 23 | vault-converter | 12 |
Are you hiring? Post a new remote job listing for free.
