Vault-exfiltrate Alternatives
Similar projects and alternatives to vault-exfiltrate
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
vault-exfiltrate reviews and mentions
-
Show HN: EnvKey 2.0 – End-To-End Encrypted Environments (now open source)
Vault attempts to protect against host compromise scenarios, but it's a very hard problem. Ultimately, in order to do anything useful, Vault deals with plaintext values in memory, and that means that yes, there are ways for an attacker to get access.
Here's a good example: https://github.com/slingamn/vault-exfiltrate
The Vault docs include a list of 'hardening' steps for secure production usage. These are great steps to take, but each one represents a mistake that could be made. And because the Vault process is trusted with plaintext secrets, the stakes are high. Making a mistake could lead to a compromise.
With EnvKey, the host server is never sent secrets in plaintext. For defense in depth, we also follow best practices for hardening our networks. But I think we've seen with Okta and other incidents that despite best intentions, best efforts, and strong engineering, trusting the host server whatsoever just isn't good enough anymore.
Stats
slingamn/vault-exfiltrate is an open source project licensed under Mozilla Public License 2.0 which is an OSI approved license.
The primary programming language of vault-exfiltrate is Go.
Popular Comparisons
Sponsored