Our great sponsors
-
infisical
♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure and prevent secret leaks.
-
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
sso-wall-of-shame
A list of vendors that treat single sign-on as a luxury feature, not a core security requirement.
-
Hi HN, we’re the co-founders of Infisical (https://infisical.com), an open-source platform to sync application secrets and configs across your engineering team and infrastructure. We enable teams to store their secrets in a centralized location and distribute them anywhere from local development processes to staging/production environments.
Our Github is at https://github.com/infisical/infisical and you can see a demo video here: https://www.loom.com/share/9a8904c6ecc84d0899d53ee1f7a36385.
We previously worked at AWS, Figma, and another startup, where we frequently ran into problems dealing with secret management. For example, many companies used .env files to maintain their development secrets and struggled to keep secrets in sync amongst their teams (this routinely posed security and efficiency issues — secrets can get leaked or go missing). Some companies (especially bigger ones) used solutions like Vault which can be difficult to set up, maintain, and afford.
While secret managers exist, they’re imperfect for many reasons: open-source solutions are either too complicated, not comprehensive, not user-friendly, or a mix of all three; there are nicer closed-source solutions but with no self-hosted options available. The gap we see is to make something that’s simple, open-source, and powerful.
On the open-source front, our goal is to provide full transparency of our codebase and enable anyone in the community to build anything they want in an optimal secret management solution. If you need any feature or integration that we don’t yet support, you can post an issue about it or directly send in a PR to be reviewed immediately.
You can inject the right set of secrets for any environment into your application by using the Infisical CLI together with your application start command (e.g. infisical run -- npm run dev). This removes the need to use a .env file. Everything stays encrypted with encryption/decryption operations occurring on the client-side — under the hood, secrets are encrypted by vault keys for which there are multiple copies of vault keys encrypted under the public key of each member of a vault (ensuring only members of vaults can decrypt secrets pertaining to that vault locally). An alternative way is to use our Open API - though it’s a little complicated, and we’re working on adding SDKs to abstract away the cryptography.
Infisical integrates with staging and production cloud services like AWS, Vercel, GitHub Actions, and Circle CI. We also added support for integrations with Docker, Kubernetes, and Terraform. Infisical is now a central source of truth for secrets across the entire development cycle from development to production with new integration releases every week.
Hi. I'm also working on an E2E secrets manager. https://github.com/purton-tech/cloak
A few tips.
1. It looks like I'm able to do account enumeration on your login page. For a secure app you want to make sure this is not possible.
It seems like they haven't been merged yet. Check out the PR here: https://github.com/Infisical/infisical/pull/380
We also have a full provider under development here: https://github.com/asheliahut/infisical-provider-terraform