Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 secrets-management Open-Source Projects
-
shhgit
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.
-
SecretScanner
:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
ggshield
Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
-
esc
Pulumi ESC (Environments, Secrets, and Configuration) for cloud applications and infrastructure. (by pulumi)
-
-
-
terraform-aws-ssm-parameter-store
Terraform module to populate AWS Systems Manager (SSM) Parameter Store with values from Terraform. Works great with Chamber.
-
ansible-onepasswordconnect-collection
The 1Password Connect collection contains modules that interact with your 1Password Connect deployment. The modules communicate with the 1Password Connect API to support Vault Item create/read/update/delete operations.
-
-
libvault
A lightweight Vault client module written in Go, with no dependencies, that is intuitive and user-friendly
-
conceal
A command line utility that provides a secure method to get your secrets from your existing password manager. :lock:
-
kubeseal-convert
A tool for importing secrets from a pre-existing secrets management systems (e.g. Vault, Secrets Manager) into a SealedSecret :shushing_face:
-
sicher
Sicher is a go module that allows secure storage of encrypted credentials in a version control system.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: Ask HN: Best practices for safeguarding master password in organization? | news.ycombinator.com | 2023-09-26Something like [0] maybe?
Project mention: Simplified Deployment: A Deep Dive into Containerization and Helm | dev.to | 2023-10-09helm plugin install https://github.com/databus23/helm-diff helm plugin install https://github.com/aslafy-z/helm-git helm plugin install https://github.com/jkroepke/helm-secrets
Project mention: How to deploy a Django app to Google Cloud Run using Terraform | dev.to | 2024-01-01Secret Manager: secure storage for sensitive data e.g passwords.
dotenv-vault is another popular package that lets you encrypt your secret and decrypt the file just in time. They are quite helpful for production and CIT environments but are not supported currently.
Project mention: Show HN: Envkey-VSCode – Autocomplete/type-checking for env vars in 46 languages | news.ycombinator.com | 2023-06-21envkey-vscode is a VSCode extension that provides autocomplete, type checking, and peek-on-hover for environment variables in 46 different programming languages. Instead of a typeless, error-prone blob, the environment now acts like a strongly-typed object in every language you work in.
I’ve been using this extension myself for a couple weeks now and it feels like a pretty significant upgrade to my development workflow, especially when working on integrations across multiple languages, so I thought it was worth showing you all.
envkey-vscode relies on EnvKey, an open-source, end-to-end encrypted configuration and secrets manager that is focused on security and ease-of-use. It’s cross-platform, can integrate with any language or host, and can be cloud-hosted or self-hosted. Getting a project integrated normally takes a couple minutes.
More on EnvKey: https://www.envkey.com
Building and testing it has been an interesting process, as I relied quite heavily on ChatGPT/GPT-4 to cover languages that I’m not very familiar with. It helped me to develop regexes to cover the common forms of environment access in each language, as well as to produce small test cases and Dockerfiles that can run them. While it took a lot of passes and tweaking to root out hallucinations and get each language right, I don’t think there’s any way I could have built a tool like this in a reasonable amount of time. Having a single `test` command that runs examples in dozens of languages is pretty amazing—sort of like a rudimentary version of Replit that runs locally.
All the code for the extension lives in EnvKey’s monorepo here: https://github.com/envkey/envkey/tree/main/public/sdks/tools...
I’m planning to write up a blog post on this process and what I’ve learned about how to get the most out of GPT on a polyglot coding project like this. If you’re interested, you can sign up to get notified here when this post is live: https://envkey.us15.list-manage.com/subscribe?u=623039cd8518...
Project mention: Taming secrets and configuration sprawl – Pulumi ESC | news.ycombinator.com | 2023-10-12
here's a link to the collection's source code which has been updated in the past month or so (at least a small update): https://github.com/1Password/ansible-onepasswordconnect-collection
Project mention: Ask HN: I have 176 logins/accounts. How many do you have? | news.ycombinator.com | 2023-05-21Definitely a relevant topic, I'd say, especially if the discussion help any stragglers over the "edge" into finally using a password manager. (As far as I'm concerned, it is absolutely a requisite for all digital citizens in 2023.) ((And kinda has been for 10+ years but ya know.))
I'm closing in on 5000 credentials in 1Password, personally, but my collected vaults/database is 15+ years old now and definitely has [problematic duplicates](https://github.com/1Password/solutions/issues/1).
After a lengthy-enough sample of semi-formal self-observation, I'm averaging:
- signing in/authenticating 10 times/day (including weekends,) and most of those are repeats with the same service.
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
The latest post mention was on 2024-04-12.
secrets-management related posts
- How do you handle sensitive variables with a service-worker?
- Increasing Your Cloud Function Development Velocity Using Dynamically Loading Python Classes
- Getting started using Google APIs: API Keys (Part 2)
- Need some advice on API key storage
- Secure GitHub Actions by pull_request_target
- Ask HN: Best practices for safeguarding master password in organization?
- Need Help with Deploying Directus on Google Cloud Platform (GCP)
-
A note from our sponsor - InfluxDB
www.influxdata.com | 19 Apr 2024
Index
What are some of the best open-source secrets-management projects? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | shhgit | 3,787 |
| 2 | SecretScanner | 2,950 |
| 3 | portable-secret | 1,664 |
| 4 | ggshield | 1,522 |
| 5 | helm-secrets | 1,280 |
| 6 | berglas | 1,223 |
| 7 | wrongsecrets | 1,110 |
| 8 | dotenv-vault | 1,003 |
| 9 | envkey | 586 |
| 10 | agebox | 199 |
| 11 | vault | 182 |
| 12 | esc | 182 |
| 13 | kube-secrets-init | 147 |
| 14 | vals-operator | 111 |
| 15 | terraform-aws-ssm-parameter-store | 102 |
| 16 | ansible-onepasswordconnect-collection | 101 |
| 17 | solutions | 80 |
| 18 | libvault | 74 |
| 19 | conceal | 59 |
| 20 | kubeseal-convert | 44 |
| 21 | seclip | 37 |
| 22 | sicher | 31 |
| 23 | hush_gcp_secret_manager | 18 |
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com