Self-hosted Secrets Manager (or something alike)

This page summarizes the projects mentioned and recommended in the original post on /r/selfhosted
Security Vault Kubernetes kubernetes-secrets HacktoberFest

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • vaultwarden

    Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs

    • Try vaultwarden Its bitwarden compatible and Open source https://github.com/dani-garcia/vaultwarden

  • external-secrets

    External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets.

    • Vault is extremely complex and heavy for my tastes, and Bitwarden Secrets Manager implementation AFAIU is not open source and not suitable for self-hosting. I like that both can be easily integrated with External Secrets for kubernetes secrets management.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • bank-vaults

    Discontinued A Vault swiss-army knife: A CLI tool to init, unseal and configure Vault (auth methods, secret engines).

    • there's https://github.com/banzaicloud/bank-vaults wich is a wrapper for hashivault, so not exactly what you're looking for but worth looking into.

  • Vault

    A tool for secrets management, encryption as a service, and privileged access management

    • https://www.vaultproject.io/ is an option

  • Passbolt

    Passbolt Community Edition (CE) API. The JSON API for the open source password manager for teams!

    • I currently switched from keepass to passbolt: https://www.passbolt.com/

  • sops

    Simple and flexible tool for managing secrets

    • Maybe you could use Mozilla SOPS (Secrets OPerationS) that integrates very well with Kubernetes and Docker Compose because it reads and encrypt/decrypt values in YAML, JSON, ENV, INI and BINARY formats.

  • passage

    A fork of password-store (https://www.passwordstore.org) that uses age (https://age-encryption.org) as backend.

    • passage

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts