The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 Secret Open-Source Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
shhgit
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.
-
talisman
Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and private keys.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
Hemmelig.app
Keep your sensitive information out of chat logs, emails, and more with encrypted secrets.
-
VaultSharp
A comprehensive cross-platform .NET Library for HashiCorp's Vault, a secret management tool
-
breaking-telegram
Simple PoC script that allows you to exploit telegram's "send with timer" feature by saving any media sent with this functionality.
-
lade
Automatically load secrets from your preferred vault as environment variables or files, and clear them once your shell command is over.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
install gitleaks in your machine gitleaks
Project mention: Seeking help to identify vulnerabilities and secrets in a website backup file | /r/HowToHack | 2023-07-03Trufflehog
It's been a while since I looked, but pre-commit hooks (like talisman) would be the only way to prevent secrets from being committed/pushed. Server-side hooks are generally not supported on hosted repos (e.g. github, azure devops) since it's basically arbitrary code execution from the host's perspective.
If it is a personal application you can use the operating systems keyring. E.g. with https://github.com/zalando/go-keyring
You might want a pastebin service. I currently host Hemmelig and MicroBin. Hemmelig has built-in encryption so you can easily share sentitive text on the server. But I find MicroBin more appealing to my needs(it can also act as a URL Redirector) but lacking password protection. Since you're not exposing the service to the open net, I think that animal-name URLs can act as simple key phrase and is easier for personal usage.
https://grep.app/ has served me well for the last couple of years finding snippets for random APIs.
But recently I found that certain strings from open-source projects suddenly yield no results.
For example: VaultServiceTimeout from https://github.com/rajanadar/VaultSharp has no results for https://grep.app/search?q=VaultServiceTimeout.
Is there some alternative service for this task that is up-to-date?
Project mention: FlashPaper: One-time encrypted password/secret sharing | news.ycombinator.com | 2024-02-26
Project mention: Show HN: Metatype – an open-source, low-code API platform for developers | news.ycombinator.com | 2023-05-17
Secret related posts
- Web-app solution to store messages behind a password?
- Detecting Secrets in Git Repositories
- Seeking help to identify vulnerabilities and secrets in a website backup file
- My boss keeps committing his creds into git
- 1 in 10 developers leaked an API-key in 2022
- Introducing DeepSecrets: a better appsec tool for secrets scanning
- Show HN: Lade – automatically load secrets from your preferred vault as env vars
-
A note from our sponsor - WorkOS
workos.com | 23 Apr 2024
Index
What are some of the best open-source Secret projects? This list will help you:
Project | Stars | |
---|---|---|
1 | gitleaks | 15,197 |
2 | trufflehog | 13,863 |
3 | shhgit | 3,787 |
4 | WordPress-Android | 2,914 |
5 | talisman | 1,832 |
6 | envchain | 1,139 |
7 | go-keyring | 746 |
8 | secretlint | 698 |
9 | Hemmelig.app | 634 |
10 | vault-secrets-operator | 609 |
11 | Stegano | 480 |
12 | VaultSharp | 476 |
13 | hidden-secrets-gradle-plugin | 379 |
14 | FlashPaper | 320 |
15 | vault-csi-provider | 291 |
16 | lockgit | 127 |
17 | HiddenCamera | 124 |
18 | synator | 115 |
19 | Fugacious | 110 |
20 | ksd | 92 |
21 | breaking-telegram | 84 |
22 | safecloset | 84 |
23 | lade | 77 |
Sponsored