keystash - ๐Ÿ”‘๐Ÿ’Œ Save secrets in S3 using KMS envelope encryption

  •        19

Run keystash --help to see short switches. Use this module in npm scripts.

https://github.com/smallwins/keystash

Dependencies:

@smallwins/validate : ^4.3.0
aws-sdk : ^2.108.0
chalk : ^2.3.2
locks : ^0.2.2
lodash.padend : ^4.6.1
lodash.padstart : ^4.6.1
run-parallel : ^1.1.6
run-waterfall : ^1.1.3
strftime : ^0.10.0
yargs : ^8.0.2

Tags
Implementation
License
Platform

   




Related Projects

kamus - An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications

  •    CSharp

An open source, GitOps, zero-trust secrets encryption and decryption solution for Kubernetes applications. Kamus enable users to easily encrypt secrets than can be decrypted only by the application running on Kubernetes. The encryption is done using strong encryption providers (currently supported: Azure KeyVault, Google Cloud KMS and AES). To learn more about Kamus, check out the blog post and slides. If you're running Kamus locally the Kamus URL will be like http://localhost:<port>. So you need to add --allow-insecure-url flag to enable http protocol.

SOPS: Simple and flexible tool for managing secrets

  •    Go

sops is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault and PGP.

sneaker - A tool for securely storing secrets on S3 using Amazon KMS.

  •    Go

Setec Astronomy? Keynote Shogun.sneaker is a utility for storing sensitive information on AWS using S3 and the Key Management Service (KMS) to provide durability, confidentiality, and integrity.

Convox Rack - Open-source PaaS, Built entirely on AWS cloud services for maximum privacy and minimum upkeep

  •    Go

Convox Rack is open source PaaS built on top of expert infrastructure automation and devops best practices. Rack gives you a simple developer-focused API that lets you build, deploy, scale and manage apps on private infrastructure with ease.

Confidant - Your Secret Keeper. Stores secrets in DynamoDB, encrypted at rest.

  •    Python

Confidant is a open source secret management service that provides user-friendly storage and access to secrets in a secure way, from the developers at Lyft. Confidant stores secrets in an append-only way in DynamoDB, generating a unique KMS data key for every revision of every secret, using Fernet symmetric authenticated cryptography.


cross-env - ๐Ÿ”€ Cross platform setting of environment scripts

  •    Javascript

Most Windows command prompts will choke when you set environment variables with NODE_ENV=production like that. (The exception is Bash on Windows, which uses native Bash.) Similarly, there's a difference in how windows and POSIX commands utilize environment variables. With POSIX, you use: $ENV_VAR and on windows you use %ENV_VAR%.cross-env makes it so you can have a single command without worrying about setting or using the environment variable properly for the platform. Just set it like you would if it's running on a POSIX system, and cross-env will take care of setting it properly.

s3-parallel-put - Parallel uploads to Amazon AWS S3

  •    Python

s3-parallel-put speeds the uploading of many small keys to Amazon AWS S3 by executing multiple PUTs in parallel. The program reads your credentials from the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.

sync-dotenv - Keep your .env in sync with .env.example

  •    TypeScript

Projects often rely on environmental variables stored in a .env file to run... and because these variables sometimes contain sensitive data, we never add them to source control. Instead, these variables are added e.g. to a .env.example file so it's easy to get the project running for other developers. However, it's very easy to forget to update this file when a variable is added/updated in .env (during development). This can make it difficult for devs to get the project running (locally) because they rely on .env.example file to setup their environment (with their own configs). sync-dotenv automates the process of keeping your .env in sync with .env.example.

godotenv - A Go port of Ruby's dotenv library (Loads environment variables from `.env`.)

  •    Go

Storing configuration in the environment is one of the tenets of a twelve-factor app. Anything that is likely to change between deployment environments–such as resource handles for databases or credentials for external services–should be extracted from the code into environment variables. But it is not always practical to set environment variables on development machines or continuous integration servers where multiple projects are run. Dotenv load variables from a .env file into ENV when the environment is bootstrapped.

dotenv - Loads environment variables from .env for nodejs projects.

  •    Javascript

Dotenv is a zero-dependency module that loads environment variables from a .env file into process.env. Storing configuration in the environment separate from code is based on The Twelve-Factor App methodology.As early as possible in your application, require and configure dotenv.

dotenv - A Ruby gem to load environment variables from `.env`.

  •    Ruby

Shim to load environment variables from .env into ENV in development. Storing configuration in the environment is one of the tenets of a twelve-factor app. Anything that is likely to change between deployment environments–such as resource handles for databases or credentials for external services–should be extracted from the code into environment variables.

dotenv-safe - Load environment variables from .env and ensure they are all present

  •    Javascript

Identical to dotenv, but ensures that all necessary environment variables are defined after reading from .env. These needed variables are read from .env.example, which should be commited along with your project. If all the required variables were successfully read but an error was thrown when trying to read the .env file, the error will be included in the result object under the error key.

react-native-config - Bring some 12 factor love to your mobile apps!

  •    Objective-C

Module to expose config variables to your javascript code in React Native, supporting both iOS and Android. Keep in mind this module doesn't obfuscate or encrypt secrets for packaging, so do not store sensitive keys in .env. It's basically impossible to prevent users from reverse engineering mobile app secrets, so design your app (and APIs) with that in mind.

berglas - A tool for managing secrets on Google Cloud

  •    Go

Berglas is a command line tool and library for storing and and retrieving secrets on Google Cloud. Secrets are encrypted with Cloud KMS and stored in Cloud Storage. As a CLI, berglas automates the process of encrypting, decrypting, and storing data on Google Cloud.

S3 - Node.js implementation of a server handling the Amazon S3 protocol

  •    Javascript

CloudServer (formerly S3 Server) is an open-source Amazon S3-compatible object storage server that is part of Zenko, Scality’s Open Source Multi-Cloud Data Controller.CloudServer provides a single AWS S3 API interface to access multiple backend data storage both on-premise or public in the cloud.

chamber - CLI for managing secrets

  •    Go

Chamber is a tool for managing secrets. Currently it does so by storing secrets in SSM Parameter Store, an AWS service for storing secrets. Starting with version 2.0, chamber uses parameter store's path based API by default. Chamber pre-2.0 supported this API using the CHAMBER_USE_PATHS environment variable. The paths based API has performance benefits and is the recommended best practice by AWS.

node-express-mongoose-demo - A simple demo app using express, mongoose, passport for beginners

  •    Javascript

This is a demo node.js application illustrating various features used in everyday web development, with a fine touch of best practices. The demo app is a blog application where users (signing up using facebook, twitter, github and simple registrations) can create an article, delete an article and add comments on the article. and replace the values there. In production env, it is not safe to keep the ids and secrets in a file, so you need to set it up via commandline. If you are using heroku checkout how environment variables are set here.

docker-lambda - Docker images and test runners that replicate the live AWS Lambda environment

  •    Javascript

A sandboxed local environment that replicates the live AWS Lambda environment almost identically – including installed software and libraries, file structure and permissions, environment variables, context objects and behaviors – even the user and running process are the same.You can use it for testing your functions in the same strict Lambda environment, knowing that they'll exhibit the same behavior when deployed live. You can also use it to compile native dependencies knowing that you're linking to the same library versions that exist on AWS Lambda and then deploy using the AWS CLI.