How do you protect your secret keys in your local computer?

• gopass

  37 5,643 9.2 Go

  The slightly more awesome standard unix password manager for teams

  

Depend on the kind of keys or secrets in general, and the infrastructure you work with. As bare minimum KeePassX/KeePassXC works as personal keys vault (that have a master password), GoPass (+git) as team passwords repository that use GPG keys as encryption, and passphrase for SSH keys. And, of course, trying to be mindful in what I run in my local computer.

• envchain

  3 1,139 0.0 C

  Environment variables meet macOS Keychain and gnome-keyring <3

I use https://github.com/sorah/envchain. It stores your secrets in Keychain (macOS) or gnome-keyring.

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• sops

  150 15,114 9.0 Go

  Simple and flexible tool for managing secrets

  

We are using https://github.com/mozilla/sops

• teller

  9 2,541 6.5 Go

  Cloud native secrets management for developers - never leave your command line for secrets.

  

I use a teller to pass secrets to my apps/commands, secret values are stored in OSX keychain, .env file or AWS Vault. It depends on project / environment context.

• aws-vault

  49 8,141 1.7 Go

  A vault for securely storing and accessing AWS credentials in development environments

  

I use a aws-vault to switch thought all profiles on all aws account. It support SSO with 2FA.

• pass-import

  403 768 8.4 Python

  A pass extension for importing data from most existing password managers

pass is a good tool for this workflow.

Suggest a related project