Top 23 secret-management Open-Source Projects

• sops

  150 15,114 9.0 Go

  Simple and flexible tool for managing secrets

  

Project mention: Pico.sh – Hacker Labs | news.ycombinator.com | 2024-04-21

My script just sets up default .sops.yaml for https://github.com/getsops/sops

You can further edit .sops.yaml(eg have multiple of them) and decide how you split secrets in your directory tree to further customize who can decrypt the secrets.

It works pretty well for prod/dev splits, etc

• trufflehog

  25 13,907 9.9 Go

  Find and verify secrets

  

Project mention: Seeking help to identify vulnerabilities and secrets in a website backup file | /r/HowToHack | 2023-07-03

Trufflehog

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• infisical

  104 11,920 10.0 TypeScript

  ♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure and prevent secret leaks.

  

Project mention: IBM to Acquire HashiCorp, Inc | news.ycombinator.com | 2024-04-24

You should look into Infisical: https://github.com/Infisical/infisical

Disclaimer: I’m one of the founders.

• git-secret

  22 3,621 5.7 Shell

  :busts_in_silhouette: A bash-tool to store your private data inside a git repository.

Project mention: Gittuf – a security layer for Git using some concepts introduced by TUF | news.ycombinator.com | 2023-10-24

I've happily been using git-secret (https://sobolevn.me/git-secret/) for encrypting non-critical (i.e. non-production) secrets for a while now. It sounds like Gittuf will do a lot more than git-secret, but for the use case of encrypted files specifically, is there a significant different about with the approach that Gittuf has taken?

• teller

  9 2,541 6.5 Go

  Cloud native secrets management for developers - never leave your command line for secrets.

  

Project mention: Teller: Universal secret manager, never leave your terminal to use secrets | news.ycombinator.com | 2024-01-17

• ots

  5 1,727 0.0 Go

  🔐 Share end-to-end encrypted secrets with others via a one-time URL

  

• awesome-iam

  2 1,571 7.1

  👤 Identity and Access Management knowledge for cloud platforms

Project mention: Why use OpenID Connect instead of plain OAuth2? | news.ycombinator.com | 2023-06-27

You can start with: https://github.com/kdeldycke/awesome-iam . But beware of the rabbit hole!

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• helm-secrets

  12 1,302 8.3 Shell

  A helm plugin that help manage secrets with Git workflow and store them anywhere

Project mention: Simplified Deployment: A Deep Dive into Containerization and Helm | dev.to | 2023-10-09

helm plugin install https://github.com/databus23/helm-diff helm plugin install https://github.com/aslafy-z/helm-git helm plugin install https://github.com/jkroepke/helm-secrets

• berglas

  37 1,224 6.9 Go

  A tool for managing secrets on Google Cloud

  

Project mention: How to deploy a Django app to Google Cloud Run using Terraform | dev.to | 2024-01-01

Secret Manager: secure storage for sensitive data e.g passwords.

• dotenv-vault

  9 1,012 8.6 TypeScript

  sync .env files—from the creator of `dotenv`.

  

Project mention: Node.js 20.6 adds built-in support for .env files | dev.to | 2024-04-12

dotenv-vault is another popular package that lets you encrypt your secret and decrypt the file just in time. They are quite helpful for production and CIT environments but are not supported currently.

• FreeIPA

  13 920 9.4 Python

  Mirror of FreeIPA, an integrated security information management solution

  

Project mention: Non-interactive SSH password authentication | news.ycombinator.com | 2023-12-25

• argocd-vault-plugin

  9 760 7.3 Go

  An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets

  

• conjur

  4 725 8.6 Ruby

  CyberArk Conjur automatically secures secrets used by privileged users and machine identities

  

Project mention: OpenBao – FOSS Fork of HashiCorp Vault | news.ycombinator.com | 2023-12-08

• onepassword-operator

  4 504 6.1 Go

  The 1Password Connect Kubernetes Operator provides the ability to integrate Kubernetes Secrets with 1Password. The operator also handles autorestarting deployments when 1Password items are updated.

  

Project mention: Show HN: Infisical – open-source secret management platform | news.ycombinator.com | 2023-07-19

For one password you will need to create a kind called `OnePasswordItem` as described here https://github.com/1Password/onepassword-operator. This is similar to the `InfisicalSecret` you need to create with us https://infisical.com/docs/integrations/platforms/kubernetes

• cryptr

  3 485 0.0 HTML

  Cryptr: a GUI for Hashicorp's Vault

  

Project mention: HashiCorp Vault Forked into OpenBao | news.ycombinator.com | 2023-12-08

My colleague at Adobe built one for our own use, since HashiCorp didn't provide one at the time: https://github.com/adobe/cryptr

IIRC HashiCorp was not interested in supporting these kinds of tools because they were in direct competition with the Vault enterprise offering.

• pass-tomb

  9 366 7.1 Shell

  A pass extension that helps you keep the whole tree of passwords encrypted inside a Tomb.

• strongbox

  1 242 0.0 Java

  A secret manager for AWS (by schibsted)

  

• cocert

  4 202 0.0 Go

  Split and distribute your private keys securely amongst untrusted network

• scrt

  2 150 8.2 Go

  A command-line secret manager for developers, sysadmins, and devops.

• kube-secrets-init

  4 146 3.9 Go

  Kubernetes mutating webhook for `secrets-init` injection

  

• harp

  7 143 3.9 Go

  Secret management by contract toolchain (by elastic)

  

• novops

  3 139 8.8 Rust

  Cross-platform secret & config manager for development and CI environments

Project mention: Teller: Universal secret manager, never leave your terminal to use secrets | news.ycombinator.com | 2024-01-17

Novops - https://github.com/PierreBeucher/novops - is a similar tools with active maintenance, more flexibility (generic interface, support plain strings and different secrets providers). Teller is nice but lacks some features Novops aims to provide.

• lockgit

  1 127 0.0 Go

  A CLI tool for storing encrypted data in a git repo

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

secret-management related posts

• IBM Planning to Acquire HashiCorp
  5 projects | news.ycombinator.com | 23 Apr 2024
• Ask HN: Where do you save your API keys?
  1 project | news.ycombinator.com | 13 Feb 2024
• Teller: Universal secret manager, never leave your terminal to use secrets
  5 projects | news.ycombinator.com | 17 Jan 2024
• How do you handle sensitive variables with a service-worker?
  1 project | /r/Firebase | 11 Dec 2023
• I wrote a Secret & Environment Manager in Rust, I'd love your feedback
  2 projects | /r/rust | 10 Dec 2023
• OpenBao – FOSS Fork of HashiCorp Vault
  8 projects | news.ycombinator.com | 8 Dec 2023
• Secure Credential Management in Ansible on a Shared Server?
  1 project | /r/ansible | 5 Dec 2023
• A note from our sponsor - WorkOS
  workos.com | 29 Apr 2024

  The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com