The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 Secret Open-Source Projects
-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
shhgit
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.
-
-
talisman
Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and private keys.
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
Hemmelig.app
Keep your sensitive information out of chat logs, emails, and more with encrypted secrets.
-
VaultSharp
A comprehensive cross-platform .NET Library for HashiCorp's Vault, a secret management tool
-
-
-
-
breaking-telegram
Simple PoC script that allows you to exploit telegram's "send with timer" feature by saving any media sent with this functionality.
-
lade
Automatically load secrets from your preferred vault as environment variables or files, and clear them once your shell command is over.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
install gitleaks in your machine gitleaks
Project mention: Seeking help to identify vulnerabilities and secrets in a website backup file | /r/HowToHack | 2023-07-03Trufflehog
It's been a while since I looked, but pre-commit hooks (like talisman) would be the only way to prevent secrets from being committed/pushed. Server-side hooks are generally not supported on hosted repos (e.g. github, azure devops) since it's basically arbitrary code execution from the host's perspective.
If it is a personal application you can use the operating systems keyring. E.g. with https://github.com/zalando/go-keyring
You might want a pastebin service. I currently host Hemmelig and MicroBin. Hemmelig has built-in encryption so you can easily share sentitive text on the server. But I find MicroBin more appealing to my needs(it can also act as a URL Redirector) but lacking password protection. Since you're not exposing the service to the open net, I think that animal-name URLs can act as simple key phrase and is easier for personal usage.
https://grep.app/ has served me well for the last couple of years finding snippets for random APIs.
But recently I found that certain strings from open-source projects suddenly yield no results.
For example: VaultServiceTimeout from https://github.com/rajanadar/VaultSharp has no results for https://grep.app/search?q=VaultServiceTimeout.
Is there some alternative service for this task that is up-to-date?
Project mention: FlashPaper: One-time encrypted password/secret sharing | news.ycombinator.com | 2024-02-26
Project mention: Show HN: Metatype – an open-source, low-code API platform for developers | news.ycombinator.com | 2023-05-17
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
Secret related posts
- Web-app solution to store messages behind a password?
- Detecting Secrets in Git Repositories
- Seeking help to identify vulnerabilities and secrets in a website backup file
- My boss keeps committing his creds into git
- 1 in 10 developers leaked an API-key in 2022
- Introducing DeepSecrets: a better appsec tool for secrets scanning
- Show HN: Lade – automatically load secrets from your preferred vault as env vars
-
A note from our sponsor - WorkOS
workos.com | 23 Apr 2024
Index
What are some of the best open-source Secret projects? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | gitleaks | 15,197 |
| 2 | trufflehog | 13,863 |
| 3 | shhgit | 3,787 |
| 4 | WordPress-Android | 2,914 |
| 5 | talisman | 1,832 |
| 6 | envchain | 1,139 |
| 7 | go-keyring | 746 |
| 8 | secretlint | 698 |
| 9 | Hemmelig.app | 634 |
| 10 | vault-secrets-operator | 609 |
| 11 | Stegano | 480 |
| 12 | VaultSharp | 476 |
| 13 | hidden-secrets-gradle-plugin | 379 |
| 14 | FlashPaper | 320 |
| 15 | vault-csi-provider | 291 |
| 16 | lockgit | 127 |
| 17 | HiddenCamera | 124 |
| 18 | synator | 115 |
| 19 | Fugacious | 110 |
| 20 | ksd | 92 |
| 21 | breaking-telegram | 84 |
| 22 | safecloset | 84 |
| 23 | lade | 77 |
Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com