Confidant - Your Secret Keeper. Stores secrets in DynamoDB, encrypted at rest.

  •        980

Confidant is a open source secret management service that provides user-friendly storage and access to secrets in a secure way, from the developers at Lyft. Confidant stores secrets in an append-only way in DynamoDB, generating a unique KMS data key for every revision of every secret, using Fernet symmetric authenticated cryptography.



Related Projects

Vault - A tool for managing secrets

  •    Go

Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, and auditing. Vault presents a unified API to access multiple backends: HSMs, AWS IAM, SQL databases, raw key/value, and more.

Keywhiz - A system for distributing and managing secrets

  •    Java

Keywhiz is a system for managing and distributing secrets. Keywhiz servers in a cluster centrally store secrets encrypted in a database. Clients use mutually authenticated TLS (mTLS) to retrieve secrets they have access to. Authenticated users administer Keywhiz via CLI or web app UI. To enable workflows, Keywhiz has automation APIs over mTLS and support for simple secret generation plugins.

teller - A secrets management tool for developers built in Go - never leave your command line for secrets

  •    Go

Never leave your terminal to use secrets while developing, testing, and building your apps. Instead of custom scripts, tokens in your .zshrc files, visible EXPORTs in your bash history, misplaced .env.production files and more around your workstation -- just use teller and connect it to any vault, key store, or cloud service you like (Teller support Hashicorp Vault, AWS Secrets Manager, Google Secret Manager, and many more).

pass-tomb - A pass extension that helps you to keep the whole tree of password encrypted inside a tomb

  •    Shell

Due to the structure of pass, file- and directory names are not encrypted in the password store. pass-tomb provides a convenient solution to put your password store in a Tomb and then keep your password tree encrypted when you are not using it. It uses the same GPG key to encrypt passwords and tomb, therefore you don't need to manage more key or secret. Moreover, you can ask pass-tomb to automatically close your store after a given time.

sops-nix - Atomic secret provisioning for NixOS based on sops

  •    Go

Atomic secret provisioning for NixOS based on sops. Sops-nix decrypts secrets sops files on the target machine to files specified in the NixOS configuration at activation time. It also adjusts file permissions/owner/group. It uses either host ssh keys or GPG keys for decryption. In future we will also support cloud key management APIs such as AWS KMS, GCP KMS, Azure Key Vault or Hashicorp's vault.

SOPS: Simple and flexible tool for managing secrets

  •    Go

sops is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault and PGP.

Openxpki - Manage Keys and Certificate

  •    Perl

The OpenXPKI project has the vision to publish a software stack that provides all necessary components to manage keys and certificates primarily based on the X509v3 cryptography standard.

Dogtag - Certificate System

  •    Java

The Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system, and has been hardened by real-world deployments. It supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much more. It supports Certificate issuance, revocation, and retrieval, Certificate Revocation List (CRL) generation and publishing, Encryption key archival and recovery and lot more.

kubernetes-external-secrets - 💂 Kubernetes External Secrets

  •    Javascript

Kubernetes External Secrets allows you to use external secret management systems (e.g., AWS Secrets Manager) to securely add secrets in Kubernetes. Read more about the design and motivation for Kubernetes External Secrets on the GoDaddy Engineering Blog. The project extends the Kubernetes API by adding a ExternalSecrets object using Custom Resource Definition and a controller to implement the behavior of the object itself.

git-secret - :busts_in_silhouette: A bash-tool to store your private data inside a git repository.

  •    Shell

git-secret is a bash tool which stores private data inside a git repo. git-secret encrypts tracked files with public keys for users whom you trust using gpg, allowing permitted users to access encrypted data using their secret keys. With git-secret, changes to access rights are made easy and private-public key issues are handled for you. Passwords do not need to be changed with git-secret when someone's permission is revoked - just remove their key from the keychain using git secret killperson, and re-encrypt the files, and they won't be able to decrypt secrets anymore. It also supports apt and yum. You can also use make if you want to. See the installation section for the details.

certificates - 🛡️ An online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere

  •    Go

An online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere. For more information and docs see the Step website and the blog post announcing Step Certificate Authority.

berglas - A tool for managing secrets on Google Cloud

  •    Go

Berglas is a command line tool and library for storing and and retrieving secrets on Google Cloud. Secrets are encrypted with Cloud KMS and stored in Cloud Storage. As a CLI, berglas automates the process of encrypting, decrypting, and storing data on Google Cloud.

ssh-cert-authority - An implementation of an SSH certificate authority.

  •    Go

A democratic SSH certificate authority. Operators of ssh-cert-authority want to use SSH certificates to provide fine-grained access control to servers they operate, keep their certificate signing key a secret and not need to be required to get involved to actually sign certificates. A tall order.

Secret Squirrel

  •    Java

Secret Squirrel is a basic password management application written in Java. It uses Blowfish and SHA-384, performs password generation using the Java secure random object (fully configurable), and supports password groups.

EnvKey - Protect API keys and credentials, Keep configuration in sync everywhere.

  •    Javascript

This is EnvKey's cross-platform native application. It supports Mac, Windows, and Linux. EnvKey is an end-to-end encrypted secrets and configuration management tool. It keeps your configuration securely and automatically in sync for all your developers and servers.

KeePassX - Cross Platform Password Manager

  •    C++

KeePassX is an application for people with extremely high demands on secure personal data management. KeePassX saves many different information e.g. user names, passwords, urls, attachments and comments in one single database. For a better management user-defined titles and icons can be specified for each single entry. Furthermore the entries are sorted in groups, which are customizable as well. The integrated search function allows to search in a single group or the complete database. KeePassX offers a little utility for secure password generation. The password generator is very customizable, fast and easy to use. Especially someone who generates passwords frequently will appreciate this feature.

cert-manager - Automatically provision and manage TLS certificates in Kubernetes

  •    Go

cert-manager is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources. It will ensure certificates are valid and up to date periodically, and attempt to renew certificates at an appropriate time before expiry.

passcore - A self-service password management tool for Active Directory

  •    CSharp

PassCore is a very simple 1-page web application written in C#, using ASP.NET 5, Angular Material, Angular and Microsoft Directory Services. It allows users to change their Active Directory password on their own, provided the user is not disabled.PassCore does not require any configuration, as it obtains the principal context from the current domain. I wrote this because a number of people have requested several features that the original version did not have. The original version of this tool was downloaded around 8000 times in 2.5 years. My hope is that the new version continues to be just as popular. There really is no free alternative out there (that I know of) so hopefully this saves someone else some time and money.

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.