Displaying 1 to 11 from 11 results

kubernetes-external-secrets - 💂 Kubernetes External Secrets

  •    Javascript

Kubernetes External Secrets allows you to use external secret management systems (e.g., AWS Secrets Manager) to securely add secrets in Kubernetes. Read more about the design and motivation for Kubernetes External Secrets on the GoDaddy Engineering Blog. The project extends the Kubernetes API by adding a ExternalSecrets object using Custom Resource Definition and a controller to implement the behavior of the object itself.

berglas - A tool for managing secrets on Google Cloud

  •    Go

Berglas is a command line tool and library for storing and and retrieving secrets on Google Cloud. Secrets are encrypted with Cloud KMS and stored in Cloud Storage. As a CLI, berglas automates the process of encrypting, decrypting, and storing data on Google Cloud.

privnote-cli - :key: the power of privnote.com in your terminal

  •    Javascript

Privnote allows you to create one-time-pad encrypted, burn-after-reading notes over the internet. It's a great way to share passwords or other sensitive peices of information. But, you have to use a web browser! Or, should I say, had to. You bring the plaintext; privnote will print the link to stdout and the clipboard.

t-vault - Simplified secrets management solution

  •    Java

T-Vault is built to simplify the process of secrets management. We wanted to build an intuitive and easy to use tool that application developers can easily adopt without sacrificing their agility while still following best practices for secrets management. It uses a few open source products internally including, at its heart Hashicorp Vault. Hashicorp vault provides the core functionality of safely storing secrets at rest and access control to those secrets. T-Vault builds on that base to provide a higher-level of abstraction called Safe. Safes are logical abstractions, internally using the concept of paths within vault. T-Vault simplifies the access management to secrets by hiding away all the complexities of managing polices. A very intuitive web UI provides a nice layer of abstraction and hides all the complexities of managing paths, policies, token management, etc. T-Vault introduces two new personas, a 'Safe User' and 'Safe Administrator'. Safe admins will create Safes and grant access to individuals or a LDAP group or an application. Individuals with access to a Safe can use the web UI or API to do CRUD operations on secrets within their Safe.




summon-aws-secrets - Summon provider for AWS Secrets Manager

  •    Go

Use the auto-install script. This will install the latest version of summon-aws-secrets. The script requires sudo to place summon-aws-secrets in /usr/local/lib/summon. Otherwise, download the latest release and extract it to the directory /usr/local/lib/summon.

terraform-aws-ssm-parameter-store - Terraform module to populate AWS Systems Manager (SSM) Parameter Store with values from Terraform

  •    HCL

Terraform module for providing read and write access to the AWS SSM Parameter Store. This project is part of our comprehensive "SweetOps" approach towards DevOps.

vault-plugin-secrets-ad - Active Directory (AD) Secrets Plugin for Vault

  •    Go

This is a standalone backend plugin for use with Hashicorp Vault. This plugin provides Active Directory functionality to Vault. Please note: We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault, please responsibly disclose by contacting us at security@hashicorp.com.

secrets-in-serverless - A collection of examples for doing secrets management in serverless lambda or cloud functions

  •    Go

This repository contains a collection of samples and examples for managing secrets in serverless lambda applications and cloud functions. The samples correspond to my Secrets in Serverless blog post. There are examples in Go, Node, and Python for each of the examples. The examples use Google Cloud Functions, but the concepts are largely applicable to other serverless technologies like AWS Lambda.


k8s-secret-projector - Kubernetes Secret generation from secure credential repos

  •    Go

At Tumblr, we wanted a way to allow applications to declare their dependencies on secrets (passwords, certificates, etc) without needing to create configurations that are aware of specific secret files. A system like this will allow automation to ensure applications always have the appropriate secrets at runtime, while enabling automated systems (cert refreshers, DB password rotations, etc) to automatically manage and update these credentials, and not require the application to redeploy/restart. Additionally, we wanted a system to limit the scope and access of any application to the minimum set of credentials necessary to run, minimizing a compromise blast radius. Builds are performed by Travis and Docker Hub. If you want to build this yourself, see below.

gitops-helm - Managing Helm releases with Weave Flux Helm Operator

  •    Smarty

GitOps is a way to do Continuous Delivery, it works by using Git as a source of truth for declarative infrastructure and workloads. For Kubernetes this means using git push instead of kubectl create/apply or helm install/upgrade. In a traditional CICD pipeline, CD is an implementation extension powered by the continuous integration tooling to promote build artifacts to production. In the GitOps pipeline model, any change to production must be committed in source control (preferable via a pull request) prior to being applied on the cluster. This way rollback and audit logs are provided by Git. If the entire production state is under version control and described in a single Git repository, when disaster strikes, the whole infrastructure can be quickly restored from that repository.

drone-vault - Drone plugin for integrating with the Vault secrets manager

  •    Go

A secret extension that provides optional support for sourcing secrets from Vault. Please note this project requires Drone server version 1.3 or higher. Update your Drone agent configuration to include the plugin address and the shared secret.