The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 secret-management Open-Source Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
infisical
♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure and prevent secret leaks.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
argocd-vault-plugin
An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets
-
conjur
CyberArk Conjur automatically secures secrets used by privileged users and machine identities
-
onepassword-operator
The 1Password Connect Kubernetes Operator provides the ability to integrate Kubernetes Secrets with 1Password. The operator also handles autorestarting deployments when 1Password items are updated.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
My script just sets up default .sops.yaml for https://github.com/getsops/sops
You can further edit .sops.yaml(eg have multiple of them) and decide how you split secrets in your directory tree to further customize who can decrypt the secrets.
It works pretty well for prod/dev splits, etc
Project mention: Seeking help to identify vulnerabilities and secrets in a website backup file | /r/HowToHack | 2023-07-03Trufflehog
You should look into Infisical: https://github.com/Infisical/infisical
Disclaimer: I’m one of the founders.
Project mention: Gittuf – a security layer for Git using some concepts introduced by TUF | news.ycombinator.com | 2023-10-24I've happily been using git-secret (https://sobolevn.me/git-secret/) for encrypting non-critical (i.e. non-production) secrets for a while now. It sounds like Gittuf will do a lot more than git-secret, but for the use case of encrypted files specifically, is there a significant different about with the approach that Gittuf has taken?
Project mention: Teller: Universal secret manager, never leave your terminal to use secrets | news.ycombinator.com | 2024-01-17
Project mention: Why use OpenID Connect instead of plain OAuth2? | news.ycombinator.com | 2023-06-27You can start with: https://github.com/kdeldycke/awesome-iam . But beware of the rabbit hole!
Project mention: Simplified Deployment: A Deep Dive into Containerization and Helm | dev.to | 2023-10-09helm plugin install https://github.com/databus23/helm-diff helm plugin install https://github.com/aslafy-z/helm-git helm plugin install https://github.com/jkroepke/helm-secrets
Project mention: How to deploy a Django app to Google Cloud Run using Terraform | dev.to | 2024-01-01Secret Manager: secure storage for sensitive data e.g passwords.
dotenv-vault is another popular package that lets you encrypt your secret and decrypt the file just in time. They are quite helpful for production and CIT environments but are not supported currently.
Project mention: Show HN: Infisical – open-source secret management platform | news.ycombinator.com | 2023-07-19For one password you will need to create a kind called `OnePasswordItem` as described here https://github.com/1Password/onepassword-operator. This is similar to the `InfisicalSecret` you need to create with us https://infisical.com/docs/integrations/platforms/kubernetes
My colleague at Adobe built one for our own use, since HashiCorp didn't provide one at the time: https://github.com/adobe/cryptr
IIRC HashiCorp was not interested in supporting these kinds of tools because they were in direct competition with the Vault enterprise offering.
Project mention: Teller: Universal secret manager, never leave your terminal to use secrets | news.ycombinator.com | 2024-01-17Novops - https://github.com/PierreBeucher/novops - is a similar tools with active maintenance, more flexibility (generic interface, support plain strings and different secrets providers). Teller is nice but lacks some features Novops aims to provide.
secret-management related posts
- IBM Planning to Acquire HashiCorp
- Ask HN: Where do you save your API keys?
- Teller: Universal secret manager, never leave your terminal to use secrets
- How do you handle sensitive variables with a service-worker?
- I wrote a Secret & Environment Manager in Rust, I'd love your feedback
- OpenBao – FOSS Fork of HashiCorp Vault
- Secure Credential Management in Ansible on a Shared Server?
-
A note from our sponsor - WorkOS
workos.com | 29 Apr 2024
Index
What are some of the best open-source secret-management projects? This list will help you:
Project | Stars | |
---|---|---|
1 | sops | 15,114 |
2 | trufflehog | 13,907 |
3 | infisical | 11,920 |
4 | git-secret | 3,621 |
5 | teller | 2,541 |
6 | ots | 1,727 |
7 | awesome-iam | 1,571 |
8 | helm-secrets | 1,302 |
9 | berglas | 1,224 |
10 | dotenv-vault | 1,012 |
11 | FreeIPA | 920 |
12 | argocd-vault-plugin | 760 |
13 | conjur | 725 |
14 | onepassword-operator | 504 |
15 | cryptr | 485 |
16 | pass-tomb | 366 |
17 | strongbox | 242 |
18 | cocert | 202 |
19 | scrt | 150 |
20 | kube-secrets-init | 146 |
21 | harp | 143 |
22 | novops | 139 |
23 | lockgit | 127 |
Sponsored