Vault - A tool for managing secrets

  •        452

Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, and auditing. Vault presents a unified API to access multiple backends: HSMs, AWS IAM, SQL databases, raw key/value, and more.

https://vaultproject.io/
https://github.com/hashicorp/vault

Tags
Implementation
License
Platform

   




Related Projects

Confidant - Your Secret Keeper. Stores secrets in DynamoDB, encrypted at rest.

  •    Python

Confidant is a open source secret management service that provides user-friendly storage and access to secrets in a secure way, from the developers at Lyft. Confidant stores secrets in an append-only way in DynamoDB, generating a unique KMS data key for every revision of every secret, using Fernet symmetric authenticated cryptography.

Keywhiz - A system for distributing and managing secrets

  •    Java

Keywhiz is a system for managing and distributing secrets. Keywhiz servers in a cluster centrally store secrets encrypted in a database. Clients use mutually authenticated TLS (mTLS) to retrieve secrets they have access to. Authenticated users administer Keywhiz via CLI or web app UI. To enable workflows, Keywhiz has automation APIs over mTLS and support for simple secret generation plugins.

Openxpki - Manage Keys and Certificate

  •    Perl

The OpenXPKI project has the vision to publish a software stack that provides all necessary components to manage keys and certificates primarily based on the X509v3 cryptography standard.

Dogtag - Certificate System

  •    Java

The Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system, and has been hardened by real-world deployments. It supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much more. It supports Certificate issuance, revocation, and retrieval, Certificate Revocation List (CRL) generation and publishing, Encryption key archival and recovery and lot more.


git-secret - :busts_in_silhouette: A bash-tool to store your private data inside a git repository.

  •    Shell

git-secret is a bash tool which stores private data inside a git repo. git-secret encrypts tracked files with public keys for users whom you trust using gpg, allowing permitted users to access encrypted data using their secret keys. With git-secret, changes to access rights are made easy and private-public key issues are handled for you. Passwords do not need to be changed with git-secret when someone's permission is revoked - just remove their key from the keychain using git secret killperson their@email.com, and re-encrypt the files, and they won't be able to decrypt secrets anymore. It also supports apt and yum. You can also use make if you want to. See the installation section for the details.

certificates - 🛡️ An online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere

  •    Go

An online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere. For more information and docs see the Step website and the blog post announcing Step Certificate Authority.

hvac - :lock: Python 2/3 client for HashiCorp Vault

  •    Python

Tested against Vault v0.1.2 and HEAD. Requires v0.1.2 or later.if you would like to be able to return parsed HCL data as a Python dict for methods that support it.

ssh-cert-authority - An implementation of an SSH certificate authority.

  •    Go

A democratic SSH certificate authority. Operators of ssh-cert-authority want to use SSH certificates to provide fine-grained access control to servers they operate, keep their certificate signing key a secret and not need to be required to get involved to actually sign certificates. A tall order.

Secret Squirrel

  •    Java

Secret Squirrel is a basic password management application written in Java. It uses Blowfish and SHA-384, performs password generation using the Java secure random object (fully configurable), and supports password groups.

EnvKey - Protect API keys and credentials, Keep configuration in sync everywhere.

  •    Javascript

This is EnvKey's cross-platform native application. It supports Mac, Windows, and Linux. EnvKey is an end-to-end encrypted secrets and configuration management tool. It keeps your configuration securely and automatically in sync for all your developers and servers.

KeePassX - Cross Platform Password Manager

  •    C++

KeePassX is an application for people with extremely high demands on secure personal data management. KeePassX saves many different information e.g. user names, passwords, urls, attachments and comments in one single database. For a better management user-defined titles and icons can be specified for each single entry. Furthermore the entries are sorted in groups, which are customizable as well. The integrated search function allows to search in a single group or the complete database. KeePassX offers a little utility for secure password generation. The password generator is very customizable, fast and easy to use. Especially someone who generates passwords frequently will appreciate this feature.

SOPS: Secrets OPerationS

  •    Go

sops is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault and PGP.

passcore - A self-service password management tool for Active Directory

  •    CSharp

PassCore is a very simple 1-page web application written in C#, using ASP.NET 5, Angular Material, Angular and Microsoft Directory Services. It allows users to change their Active Directory password on their own, provided the user is not disabled.PassCore does not require any configuration, as it obtains the principal context from the current domain. I wrote this because a number of people have requested several features that the original version did not have. The original version of this tool was downloaded around 8000 times in 2.5 years. My hope is that the new version continues to be just as popular. There really is no free alternative out there (that I know of) so hopefully this saves someone else some time and money.

node-keytar - Native Password Node Module

  •    C++

A native Node module to get, add, replace, and delete passwords in system's keychain. On macOS the passwords are managed by the Keychain, on Linux they are managed by the Secret Service API/libsecret, and on Windows they are managed by Credential Vault.Currently this library uses libsecret so you may need to install it before running npm install.

NoKey - A distributed password manager without a master password

  •    Elm

NoKey is a distributed password manager that works without a master password. Instead, you can unlock your passwords by confirming from another device. E.g. if you need a password on your PC, you only have to confirm this on your phone. No need to remember any passwords.

MasterPassword - A stateless password management solution.

  •    Objective-C

Master Password is a completely new way of thinking about passwords. It consists of an algorithm that implements the core idea and applications for various platforms making the alogirthm available to users on a variety of devices and platforms.

kubernetes-external-secrets - 💂 Kubernetes External Secrets

  •    Javascript

Kubernetes External Secrets allows you to use external secret management systems (e.g., AWS Secrets Manager) to securely add secrets in Kubernetes. Read more about the design and motivation for Kubernetes External Secrets on the GoDaddy Engineering Blog. The project extends the Kubernetes API by adding a ExternalSecrets object using Custom Resource Definition and a controller to implement the behavior of the object itself.

certify - SSL Certificate Manager UI for Windows, powered by Let's Encrypt

  •    CSharp

The SSL/TLS Certificate Management GUI for Windows, powered by Let's Encrypt, allowing you to generate and install free SSL certificates for Windows/IIS (with automated renewal). Advanced users can explore the different validation modes, deployment modes and other advanced options.

vault-on-gke - Run @HashiCorp Vault on Google Kubernetes Engine (GKE) with Terraform

  •    HCL

This tutorial walks through provisioning a highly-available HashiCorp Vault cluster on Google Kubernetes Engine using HashiCorp Terraform as the provisioning tool. This tutorial is based on Kelsey Hightower's Vault on Google Kubernetes Engine, but focuses on codifying the steps in Terraform instead of teaching you them individually. If you would like to know how to provision HashiCorp Vault on Kuberenetes step-by-step (aka "the hard way"), please follow Kelsey's repository instead.