The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 Secret Open-Source Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
infisical
♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure and prevent secret leaks.
-
Reloader
A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig – [✩Star] if you're using it!
-
shhgit
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.
-
SecretScanner
:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
talisman
Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and private keys.
-
noseyparker
Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
-
git-hound
Reconnaissance tool for GitHub code search. Scans for exposed API keys across all of GitHub, not just known repos and orgs.
-
secrets-patterns-db
Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.
-
kubernetes-reflector
Custom Kubernetes controller that can be used to replicate secrets, configmaps and certificates.
-
gh-action-pypi-publish
The blessed :octocat: GitHub Action, for publishing your :package: distribution files to PyPI: https://github.com/marketplace/actions/pypi-publish
-
conjur
CyberArk Conjur automatically secures secrets used by privileged users and machine identities
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: Terraform & HashiCorp Vault Integration: Seamless Secrets Management | dev.to | 2024-03-22
Project mention: Seeking help to identify vulnerabilities and secrets in a website backup file | /r/HowToHack | 2023-07-03Trufflehog
You should look into Infisical: https://github.com/Infisical/infisical
Disclaimer: I’m one of the founders.
You can combine this approach with something like https://github.com/stakater/Reloader to automatically restart pods when a certain secret value changes. So if your static code needs to be rebuilt when certain values change, you can use an init container to run the build on startup.
Project mention: Teller: Universal secret manager, never leave your terminal to use secrets | news.ycombinator.com | 2024-01-17
Chamber takes an opinionated view on AWS Parameter store as compared to ssmsh
It's been a while since I looked, but pre-commit hooks (like talisman) would be the only way to prevent secrets from being committed/pushed. Server-side hooks are generally not supported on hosted repos (e.g. github, azure devops) since it's basically arbitrary code execution from the host's perspective.
Project mention: Magika: AI powered fast and efficient file type identification | news.ycombinator.com | 2024-02-15Yes!
Sometimes a file has no extension. Other times the extension is a lie. Still other times, you may be dealing with an unnamed bytestring and wish to know what kind of content it is.
This last case happens quite a lot in Nosey Parker [1], a detector of secrets in textual data. There, it is possible to come across unnamed files in Git history, and it would be useful to the user to still indicate what type of file it seems to be.
I added file type detection based on libmagic to Nosey Parker a while back, but it's not compiled in by default because libmagic is slow and complicates the build process. Also, libmagic is implemented as a large C library whose primary job is parsing, which makes the security side of me jittery.
I will likely add enabled-by-default filetype detection to Nosey Parker using Magika's ONNX model.
[1] https://github.com/praetorian-inc/noseyparker
I was looking into secret storage in git recently and rather liked Transcrypt: https://github.com/elasticdog/transcrypt
Project mention: Simplified Deployment: A Deep Dive into Containerization and Helm | dev.to | 2023-10-09helm plugin install https://github.com/databus23/helm-diff helm plugin install https://github.com/aslafy-z/helm-git helm plugin install https://github.com/jkroepke/helm-secrets
Project mention: Any Way To See The Dockerfile Used To Make An Image On Dockerhub? | /r/docker | 2023-07-04Whaler may help you: https://github.com/P3GLEG/Whaler
dotenv-vault is another popular package that lets you encrypt your secret and decrypt the file just in time. They are quite helpful for production and CIT environments but are not supported currently.
In one of the comments it lead us to https://config-syncer.com/docs/v0.14.7/setup/install/ which had a comment about another tool emberstack/kubernetes-reflector.
Project mention: PyPI new user and new project registrations temporarily suspended | news.ycombinator.com | 2023-05-20> Recently I've seen someone on Reddit trying to automate the creation of PyPI projects through GitHub Actions. The person was complaining that the first deployment couldn't use an API key for that project since it didn't exist. So I'm not surprised some people are trying to do the same for malicious purposes.
Sorry for the tangent, but: you can do this now! If you use trusted publishing, you can register a "pending publisher" for a project that doesn't exist yet. When the trusted publisher (like GitHub Actions) is used, it'll create the project[1].
All of this is supported transparently by the official publishing action for GitHub Actions[2].
[1]: https://docs.pypi.org/trusted-publishers/creating-a-project-...
[2]: https://github.com/pypa/gh-action-pypi-publish
Secrets related posts
- Show HN: Open-source alternative to HashiCorp/IBM Vault
- KafkaUser in another namespace
- Terraform & HashiCorp Vault Integration: Seamless Secrets Management
- Top Secrets Management Tools for 2024
- Ask HN: Where do you save your API keys?
- Teller: Universal secret manager, never leave your terminal to use secrets
- Keep it cool and secure: do's and don'ts for managing Web App secrets
-
A note from our sponsor - WorkOS
workos.com | 25 Apr 2024
Index
What are some of the best open-source Secret projects? This list will help you:
Project | Stars | |
---|---|---|
1 | Vault | 29,610 |
2 | trufflehog | 13,863 |
3 | infisical | 11,920 |
4 | Reloader | 6,718 |
5 | shhgit | 3,787 |
6 | SecretScanner | 2,956 |
7 | teller | 2,541 |
8 | chamber | 2,399 |
9 | onetimesecret | 1,964 |
10 | talisman | 1,832 |
11 | noseyparker | 1,506 |
12 | transcrypt | 1,409 |
13 | helm-secrets | 1,288 |
14 | wrongsecrets | 1,117 |
15 | git-hound | 1,110 |
16 | Whaler | 1,016 |
17 | dotenv-vault | 1,006 |
18 | secrets-patterns-db | 948 |
19 | jwt-cracker | 941 |
20 | kubernetes-reflector | 891 |
21 | gh-action-pypi-publish | 834 |
22 | conjur | 724 |
23 | vault-secrets-operator | 609 |
Sponsored