Top 23 Go Vault Projects
Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.Project mention: Roblox October Outage Postmortem | news.ycombinator.com | 2022-01-20
Consul is much older than 4 years old (public availability in 2014; 1.0 release in 2017, with a lot of sites using 0.x in production long before). And the fact that they didn't encounter this pathological case until Q4 2021 tells us that they got a lot of life out of it until now. They also were planning to switch over to bbolt back in 2020.
The developers at Hashicorp are top-tier, and this doesn't substantially change their reputation in my eyes. Hindsight is always 20/20.
Let's end this thread; blaming doesn't help anyone.
A tool for secrets management, encryption as a service, and privileged access managementProject mention: What's your methodology for passwords? | reddit.com/r/sysadmin | 2022-01-22
for non browser things: pwgen -Cy 12 , storing them in vault or k8s secrets, depends on use case
OPS - Build and Run Open Source Unikernels. Quickly and easily build and deploy open source unikernels in tens of seconds. Deploy in any language to any cloud.
Consul Load-Balancing made simpleProject mention: HashiCorp Consul: What's the catch? | reddit.com/r/devops | 2021-09-04
HAProxy, Traefik, FabioLB, gobetween, and F5 BIG-IP also support native integrations with Consul for service discovery / service mesh.
Template rendering, notifier, and supervisor for @HashiCorp Consul and Vault data.Project mention: Crate for AES256 - which one to choose? Questions about block cipher modes and AEAD too. | reddit.com/r/rust | 2021-12-03
I would really suggest avoiding implementing your own stuff and either running Hashicorp Vault or seeing if your hosting provider has some secrets manager service.
Launch a subprocess with environment variables using data from @HashiCorp Consul and Vault.Project mention: How to Handle Secrets on the Command Line | news.ycombinator.com | 2021-06-13
You have envchain to store secrets as ENV variables in your keyring and execute commands:
Not really something you would use for production web apps, I think envconsul covers that usecase:
A flexible commandline tool for template rendering. Supports lots of local and remote datasources.Project mention: Show HN: Stamp turns a folder into a plain text file and a file into a folder | news.ycombinator.com | 2021-02-07
Cookiecutter is nice but it requires an entire python install to run, which is a big thing to ask for some of the scenarios mentioned by the tool creator (like someone going through a simple learning tutorial which might not even be using python at all).
IMHO gomplate is a nicer alternative that's just a single static go-based tool that can do everything cookiecutter does and a lot more: https://github.com/hairyhenderson/gomplate
A Vault swiss-army knife: a K8s operator, Go client with automatic token renewal, automatic configuration, multiple unseal options and more. A CLI tool to init, unseal and configure Vault (auth methods, secret engines). Direct secret injection into Pods.Project mention: How to manage passwords in Helm | reddit.com/r/devops | 2021-08-21
Deliver Cleaner and Safer Code - Right in Your IDE of Choice!. SonarLint is a free and open source IDE extension that identifies and catches bugs and vulnerabilities as you code, directly in the IDE. Install from your favorite IDE marketplace today.
Secure SDK/vault for personal records/PII built to comply with GDPRProject mention: Practical GDPR Compliance Guide for Startup Founders | reddit.com/r/selfhosted | 2021-12-01
Composable, observable and performant config handling for Go for the distributed processing era
A secrets management tool for developers built in Go - never leave your command line for secrets.Project mention: What are some of the credential scanning tools | reddit.com/r/azuredevops | 2021-06-01
You could use Spectral (https://spectralops.io) (disclaimer: I'm one of the founders), And if you're looking to scan credentials originating from your vaults and keystores you could use Teller, which is an open source vault scanner and secrets hub for developers that I've built: https://github.com/SpectralOps/teller
Create Kubernetes secrets from Vault for a secure GitOps based workflow.Project mention: Hashicorp Vault integration with Secret objects | reddit.com/r/kubernetes | 2021-08-31
It is but it affects vault-secrets-operator too, see https://github.com/ricoberger/vault-secrets-operator/issues/104 (and no, I’ve only use vault-secrets-operator)
Simple to use, simple to deploy, one time self destruct messaging service, with hashicorp vault as a backend
bootstrap HashiCorp Consul, Nomad, or Vault over SSH < 1 minuteProject mention: Show HN: Hashi-Up – Bootstrap HashiCorp Consul, Nomad, or Vault over SSH | news.ycombinator.com | 2021-04-26
An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secretsProject mention: Removing replication count, resource, tolerations, pvc when app is onboarded using ArgoCD | reddit.com/r/GitOps | 2022-01-08
HashiCorp Vault Provider for Secret Store CSI DriverProject mention: Inject Secrets into your Pod Environments at the Container Runtime | reddit.com/r/kubernetes | 2021-07-17
Why not use https://github.com/kubernetes-sigs/secrets-store-csi-driver to do this? Then you don't have a strict binding to runc. A live example of using the CSI driver with a secrets provider is https://github.com/hashicorp/vault-csi-provider
Vaku extends the Vault API & CLI
A CLI tool for storing encrypted data in a git repo
A cli tool for importing and exporting Hashicorp Vault secrets (by jonasvinther)Project mention: wrote a small cli for recursively listing secrets from vaults kv engine, thought it may be interesting for you guys | reddit.com/r/hashicorp | 2021-11-28
Cool project. Maybe take a look at Medusa. I think we try to do some of the same things 🙂 https://github.com/jonasvinther/medusa
Secret management toolchain (by elastic)Project mention: Elastic Harp v0.2.1 - Secret management pipeline toolchain | reddit.com/r/devsecops | 2021-11-18
A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managersProject mention: Kubernetes Vault Webhook to manage secrets inside Kubernetes | reddit.com/r/openshift | 2021-05-10
Sidecar container for requesting dynamic Vault database secretsProject mention: Hashicorp Vault for Developers? | reddit.com/r/devops | 2021-10-01
Exactly, we hide this from our devs. They can add secrets to hc vault via ui or via cli and know the „keywords“ to render it to properties. Which we then provide via env vars or properties file to app. For databases we do the same, there we use https://github.com/uswitch/vault-creds which hides the database related things. For encrypted communication we used in the past a sidecar with envoy that simply took certs from vault and in our apps we added the pki ca we managed via vault. So this was also hidden and devs not had to take care of encryption in their apps (today you use a service mesh for it) ;) and especially were also not affected by expired certs, as envoy has hot reload. For Kafka we still use this mechanism to implement authn and authz. There we have a callback which rotates pods when Kafka keystone is near expiry date. The only thing our devs have to worry about is encryption as a service. There I found so far no abstraction.
Small tool to perform some recursive operations on Hashicorp's Vault KV (by kir4h)Project mention: Directory Structure of Vault Paths | reddit.com/r/hashicorp | 2021-12-02
If we had additional information as to what you were after, other than only curiosity, then there may be other solutions to accomplish your goal (like rvault).
Support converting Vault Secrets to diffrent formats.Project mention: Storing Terraform variables with Vault Converter | reddit.com/r/Terraform | 2021-10-13
Go Vault related posts
What's your methodology for passwords?
5 projects | reddit.com/r/sysadmin | 22 Jan 2022
How can I securely create user accounts within a docker container?
4 projects | reddit.com/r/docker | 21 Jan 2022
Passing secrets over HTTPS ?
1 project | reddit.com/r/websec | 11 Jan 2022
hello reddit ... so I've been learning JS for like two months and I thought why not try and make a website to save my passwords since I'm lazy and I forget them all the Time. My question is : is it actually safe to keep my passwords and accounts in the local Storage ?
Self hosted alternative to Azure Key Vault
1 project | reddit.com/r/selfhosted | 5 Jan 2022
Vault community edition
1 project | reddit.com/r/hashicorp | 3 Jan 2022
Hashicorp Vault | Dev and Prod server setup | Unseal | Policies | TLS setup
1 project | dev.to | 2 Jan 2022
What are some of the best open-source Vault projects in Go? This list will help you:
Are you hiring? Post a new remote job listing for free.