Keywhiz - A system for distributing and managing secrets

  •        529

Keywhiz is a system for managing and distributing secrets. Keywhiz servers in a cluster centrally store secrets encrypted in a database. Clients use mutually authenticated TLS (mTLS) to retrieve secrets they have access to. Authenticated users administer Keywhiz via CLI or web app UI. To enable workflows, Keywhiz has automation APIs over mTLS and support for simple secret generation plugins.

https://square.github.io/keywhiz/
https://github.com/square/keywhiz

Tags
Implementation
License
Platform

   




Related Projects

Confidant - Your Secret Keeper. Stores secrets in DynamoDB, encrypted at rest.

  •    Python

Confidant is a open source secret management service that provides user-friendly storage and access to secrets in a secure way, from the developers at Lyft. Confidant stores secrets in an append-only way in DynamoDB, generating a unique KMS data key for every revision of every secret, using Fernet symmetric authenticated cryptography.

Vault - A tool for managing secrets

  •    Go

Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, and auditing. Vault presents a unified API to access multiple backends: HSMs, AWS IAM, SQL databases, raw key/value, and more.

Openxpki - Manage Keys and Certificate

  •    Perl

The OpenXPKI project has the vision to publish a software stack that provides all necessary components to manage keys and certificates primarily based on the X509v3 cryptography standard.

Dogtag - Certificate System

  •    Java

The Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system, and has been hardened by real-world deployments. It supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much more. It supports Certificate issuance, revocation, and retrieval, Certificate Revocation List (CRL) generation and publishing, Encryption key archival and recovery and lot more.

git-secret - :busts_in_silhouette: A bash-tool to store your private data inside a git repository.

  •    Shell

git-secret is a bash tool which stores private data inside a git repo. git-secret encrypts tracked files with public keys for users whom you trust using gpg, allowing permitted users to access encrypted data using their secret keys. With git-secret, changes to access rights are made easy and private-public key issues are handled for you. Passwords do not need to be changed with git-secret when someone's permission is revoked - just remove their key from the keychain using git secret killperson their@email.com, and re-encrypt the files, and they won't be able to decrypt secrets anymore. It also supports apt and yum. You can also use make if you want to. See the installation section for the details.


certificates - 🛡️ An online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere

  •    Go

An online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere. For more information and docs see the Step website and the blog post announcing Step Certificate Authority.

ssh-cert-authority - An implementation of an SSH certificate authority.

  •    Go

A democratic SSH certificate authority. Operators of ssh-cert-authority want to use SSH certificates to provide fine-grained access control to servers they operate, keep their certificate signing key a secret and not need to be required to get involved to actually sign certificates. A tall order.

Secret Squirrel

  •    Java

Secret Squirrel is a basic password management application written in Java. It uses Blowfish and SHA-384, performs password generation using the Java secure random object (fully configurable), and supports password groups.

EnvKey - Protect API keys and credentials, Keep configuration in sync everywhere.

  •    Javascript

This is EnvKey's cross-platform native application. It supports Mac, Windows, and Linux. EnvKey is an end-to-end encrypted secrets and configuration management tool. It keeps your configuration securely and automatically in sync for all your developers and servers.

KeePassX - Cross Platform Password Manager

  •    C++

KeePassX is an application for people with extremely high demands on secure personal data management. KeePassX saves many different information e.g. user names, passwords, urls, attachments and comments in one single database. For a better management user-defined titles and icons can be specified for each single entry. Furthermore the entries are sorted in groups, which are customizable as well. The integrated search function allows to search in a single group or the complete database. KeePassX offers a little utility for secure password generation. The password generator is very customizable, fast and easy to use. Especially someone who generates passwords frequently will appreciate this feature.

passcore - A self-service password management tool for Active Directory

  •    CSharp

PassCore is a very simple 1-page web application written in C#, using ASP.NET 5, Angular Material, Angular and Microsoft Directory Services. It allows users to change their Active Directory password on their own, provided the user is not disabled.PassCore does not require any configuration, as it obtains the principal context from the current domain. I wrote this because a number of people have requested several features that the original version did not have. The original version of this tool was downloaded around 8000 times in 2.5 years. My hope is that the new version continues to be just as popular. There really is no free alternative out there (that I know of) so hopefully this saves someone else some time and money.

kubernetes-external-secrets - 💂 Kubernetes External Secrets

  •    Javascript

Kubernetes External Secrets allows you to use external secret management systems (e.g., AWS Secrets Manager) to securely add secrets in Kubernetes. Read more about the design and motivation for Kubernetes External Secrets on the GoDaddy Engineering Blog. The project extends the Kubernetes API by adding a ExternalSecrets object using Custom Resource Definition and a controller to implement the behavior of the object itself.

certify - SSL Certificate Manager UI for Windows, powered by Let's Encrypt

  •    CSharp

The SSL/TLS Certificate Management GUI for Windows, powered by Let's Encrypt, allowing you to generate and install free SSL certificates for Windows/IIS (with automated renewal). Advanced users can explore the different validation modes, deployment modes and other advanced options.

X509 Certificate management tools

  •    

Windows based utilities for viewing and managing X509 certificates. Intended to be a replacement/addition for the standard MMC certificate viewer.

OpenCA - PKI Management Software

  •    Javascript

The OpenCA PKI Development Project is a collaborative effort to develop a robust, full-featured and Open Source out-of-the-box Certification Authority implementing the most used protocols with full-strength cryptography world-wide. The project development is divided in two main tasks: studying and refining the security scheme that guarantees the best model to be used in a CA and developing software to easily setup and manage a Certification Authority.

KeePass - Password Manager

  •    C++

KeePass is a free, open source, light-weight and easy-to-use password manager for Windows, Linux, Mac OS X and mobile devices. You can store your passwords in a highly-encrypted database, which is locked with one master password or key file.

Zen Cart - A PHP based e-Commerce Shopping Cart Software

  •    PHP

ZenCart is a PHP based e-Commerce Shopping Cart Software. ZenCart is easy to install. Products, Customers, Pricing, Payment and Shipping could be easily managed by administrators. It is built on top of osCommerce. It supports Multiple gateway services, Sales, Discounts, Gift certificate, Audit trail, Newsletter manager, Advertising banners, Tax rate configuration, multiple shipping options and lot more.

trillian - Trillian implements a Merkle tree whose contents are served from a data storage layer, to allow scalability to extremely large trees

  •    Go

Trillian is an implementation of the concepts described in the Verifiable Data Structures white paper, which in turn is an extension and generalisation of the ideas which underpin Certificate Transparency.Note that Trillian requires particular applications to provide their own personalities on top of the core transparent data store functionality; example code for a certificate transparency log and for a log-derived map are included to help with this.

keychain-swift - Helper functions for saving text in Keychain securely for iOS, OS X, tvOS and watchOS

  •    Swift

Keychain is a secure storage. You can store all kind of sensitive data in it: user passwords, credit card numbers, secret tokens etc. Once stored in Keychain this information is only available to your app, other apps can't see it. Besides that, operating system makes sure this information is kept and processed securely. For example, text stored in Keychain can not be extracted from iPhone backup or from its file system. Apple recommends storing only small amount of data in the Keychain. If you need to secure something big you can encrypt it manually, save to a file and store the key in the Keychain. There are four ways you can add KeychainSwift to your project.