Credstash Alternatives

credstash reviews and mentions

• Ask HN: Secure and simple way for secret/credential management in a startup?
  3 projects | news.ycombinator.com | 5 Mar 2023

  Hello,

  At my current gig we're using doppler[^1] (no affiliation) for application secrets. We're using doppler with their kubernetes operator which supports auto-rotation on secrets. Secrets are set as "env variables". So far, doppler has not suffer big outages or we did not notice, because the operator will keep working even if their API is down - of course you won't get updates. Access control could be more _fine grained_ and they added secret auto-rotation option recently[^2]. We don't use that yet.

  I've been a happy 1Password user (no affiliation) and we use it company wide to share user secrets. 1Password support CI/CD integration IIRC, so in theory should cover most use cases.

  If you can pay for AWS Vault, the terraform integration comes out of the box. However if you're a small team running vault might be a daunting task and you're inserting another SPoF.

  There are many open source application secrets tools that you could check out though. In the past I had great experience with credstash[^3]. Credstash is a really simple and secure open source solution that is based on AWS KMS, IAM and DynamoDB. Costs pennies to run for medium size deployments. Once you setup and document the way to use it, it's really easy. The downside is that as a tool is pretty _raw_ you have to build things like "secret generators", etc. But combined with a slack bot can be a really powerful, secure, open-source solution.

  If you have specific questions about any of the above tools feel free to drop an email. I'll happy to answer questions.

  [^1]: https://www.doppler.com/

  [^2]: Auto-rotation is complicated because you need to integrate the auto-rotation with external tools yourself most of the times. There are Hashi-Vault modules for SQL DBs but not for Mailgun or CloudFlare for example.

  [^3]: https://github.com/fugue/credstash

• Question: dynanmoDB - Credstash, is there a way to put a cred in that has multi-lines in the value?
  1 project | /r/aws | 7 Dec 2022

  Hi, credstash dev here. I think the issue is with your shell not with credstash. You need to pass in an actual newline character into the argument if you want to store a newline.

• Why should I NOT store customers API keys in DynamoDB?
  1 project | /r/aws | 6 Mar 2022

  Link to Credstash if you're curious: https://github.com/fugue/credstash

• A note from our sponsor - SaaSHub
  www.saashub.com | 3 May 2024

  SaaSHub helps you find the best software and product alternatives Learn more →