Displaying 1 to 20 from 24 results

kubernetes-external-secrets - 💂 Kubernetes External Secrets

  •    Javascript

Kubernetes External Secrets allows you to use external secret management systems (e.g., AWS Secrets Manager) to securely add secrets in Kubernetes. Read more about the design and motivation for Kubernetes External Secrets on the GoDaddy Engineering Blog. The project extends the Kubernetes API by adding a ExternalSecrets object using Custom Resource Definition and a controller to implement the behavior of the object itself.

berglas - A tool for managing secrets on Google Cloud

  •    Go

Berglas is a command line tool and library for storing and and retrieving secrets on Google Cloud. Secrets are encrypted with Cloud KMS and stored in Cloud Storage. As a CLI, berglas automates the process of encrypting, decrypting, and storing data on Google Cloud.

daytona - a vault client, but for containers and servers.

  •    Go

This is intended to be a lighter, alternative, implementation of the Vault client CLI primarily for services and containers. Its core features are the ability to automate authentication, fetching of secrets, and automated token renewal. Instead, a single binary can be used to accomplish most of these goals.

privnote-cli - :key: the power of privnote.com in your terminal

  •    Javascript

Privnote allows you to create one-time-pad encrypted, burn-after-reading notes over the internet. It's a great way to share passwords or other sensitive peices of information. But, you have to use a web browser! Or, should I say, had to. You bring the plaintext; privnote will print the link to stdout and the clipboard.

t-vault - Simplified secrets management solution

  •    Java

T-Vault is built to simplify the process of secrets management. We wanted to build an intuitive and easy to use tool that application developers can easily adopt without sacrificing their agility while still following best practices for secrets management. It uses a few open source products internally including, at its heart Hashicorp Vault. Hashicorp vault provides the core functionality of safely storing secrets at rest and access control to those secrets. T-Vault builds on that base to provide a higher-level of abstraction called Safe. Safes are logical abstractions, internally using the concept of paths within vault. T-Vault simplifies the access management to secrets by hiding away all the complexities of managing polices. A very intuitive web UI provides a nice layer of abstraction and hides all the complexities of managing paths, policies, token management, etc. T-Vault introduces two new personas, a 'Safe User' and 'Safe Administrator'. Safe admins will create Safes and grant access to individuals or a LDAP group or an application. Individuals with access to a Safe can use the web UI or API to do CRUD operations on secrets within their Safe.

summon-aws-secrets - Summon provider for AWS Secrets Manager

  •    Go

Use the auto-install script. This will install the latest version of summon-aws-secrets. The script requires sudo to place summon-aws-secrets in /usr/local/lib/summon. Otherwise, download the latest release and extract it to the directory /usr/local/lib/summon.

terraform-aws-ssm-parameter-store - Terraform module to populate AWS Systems Manager (SSM) Parameter Store with values from Terraform

  •    HCL

Terraform module for providing read and write access to the AWS SSM Parameter Store. This project is part of our comprehensive "SweetOps" approach towards DevOps.

vault-plugin-secrets-ad - Active Directory (AD) Secrets Plugin for Vault

  •    Go

This is a standalone backend plugin for use with Hashicorp Vault. This plugin provides Active Directory functionality to Vault. Please note: We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault, please responsibly disclose by contacting us at security@hashicorp.com.

secrets-in-serverless - A collection of examples for doing secrets management in serverless lambda or cloud functions

  •    Go

This repository contains a collection of samples and examples for managing secrets in serverless lambda applications and cloud functions. The samples correspond to my Secrets in Serverless blog post. There are examples in Go, Node, and Python for each of the examples. The examples use Google Cloud Functions, but the concepts are largely applicable to other serverless technologies like AWS Lambda.

k8s-secret-projector - Kubernetes Secret generation from secure credential repos

  •    Go

At Tumblr, we wanted a way to allow applications to declare their dependencies on secrets (passwords, certificates, etc) without needing to create configurations that are aware of specific secret files. A system like this will allow automation to ensure applications always have the appropriate secrets at runtime, while enabling automated systems (cert refreshers, DB password rotations, etc) to automatically manage and update these credentials, and not require the application to redeploy/restart. Additionally, we wanted a system to limit the scope and access of any application to the minimum set of credentials necessary to run, minimizing a compromise blast radius. Builds are performed by Travis and Docker Hub. If you want to build this yourself, see below.

gitops-helm - Managing Helm releases with Weave Flux Helm Operator

  •    Smarty

GitOps is a way to do Continuous Delivery, it works by using Git as a source of truth for declarative infrastructure and workloads. For Kubernetes this means using git push instead of kubectl create/apply or helm install/upgrade. In a traditional CICD pipeline, CD is an implementation extension powered by the continuous integration tooling to promote build artifacts to production. In the GitOps pipeline model, any change to production must be committed in source control (preferable via a pull request) prior to being applied on the cluster. This way rollback and audit logs are provided by Git. If the entire production state is under version control and described in a single Git repository, when disaster strikes, the whole infrastructure can be quickly restored from that repository.

drone-vault - Drone plugin for integrating with the Vault secrets manager

  •    Go

A secret extension that provides optional support for sourcing secrets from Vault. Please note this project requires Drone server version 1.3 or higher. Update your Drone agent configuration to include the plugin address and the shared secret.

hush - Runtime configuration loader extensible with providers

  •    Elixir

Hush is designed to help developers configure their applications at runtime and in release mode, retrieving configuration from multiple providers, without having to depend on secret files or hardcoded configuration. Documentation can be found at https://hexdocs.pm/hush.

hush_gcp_secret_manager - A Google Secret Manager Provider for Hush

  •    Elixir

This package provides a Hush Provider to resolve Google Cloud Platform's Secret Manager secrets. Documentation can be found at https://hexdocs.pm/hush_gcp_secret_manager.

seclip - A CLI utility to secretly copy secrets to clipboard. :lock::memo:

  •    Rust

When working in shared environments, sharing your screen, or you're at a public place, reading secret tokens could expose it to prying eyes, that's where seclip can help you. Just give the path to the private key or the environment variable, the secret value will be copied to your clipboard. In instances where you might forget that you copied a secret value, you can use the -c / --clear feature to automatically clear your clipboard in a given time.

conjur-quickstart - Start securing your secrets and infrastructure by installing Conjur, using Docker and the official Conjur containers on DockerHub

  •    Shell

This repository guides you through a sample installation of Conjur Open Source using Docker Compose. This repo is a Community level project. It's a community contributed project that is not reviewed or supported by CyberArk. For more detailed information on our certification levels, see our community guidelines.

AuthJanitor - Manage the lifecycle of application tokens, keys, and secrets in Azure

  •    CSharp

Manage the lifecycle of your application secrets in Azure with ease. Migrate to more secure, auditable operations standards on your own terms. AuthJanitor supports varying levels of application secret security, based on your organization's security requirements. Disclaimer: Using AuthJanitor does not guarantee the security of your application. There is no substitute for a proper security review from a reputable cybersecurity and/or auditing partner.

nodejs-secret-manager - A cloud-hosted service that provides a secure and convenient tool for storing API keys, passwords, certificates, and other sensitive data

  •    TypeScript

A comprehensive list of changes in each version may be found in the CHANGELOG. Read more about the client libraries for Cloud APIs, including the older Google APIs Client Libraries, in Client Libraries Explained.

sopstool - SOPS multi-file wrapper

  •    Go

sopstool is a multi-file wrapper around sops. It uses the sops binary to encrypt and decrypt files, and piggybacks off the .sops.yaml configuration file. sopstool provides functionality to manage multiple secret files at once, and even use as an entrypoint to decrypt at startup, for container images. Much of this behavior is inspired by the great blackbox project.

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.