Skip to content

Latest commit

 

History

History
31 lines (26 loc) · 3.84 KB

secrets-management.md

File metadata and controls

31 lines (26 loc) · 3.84 KB
description
Manage your secrets the way is meant to be

Secrets Management

About

Software secrets management involves handling and protecting sensitive information, such as API keys, passwords, tokens, and encryption keys, that are used within a software system. These "secrets" are critical for the operation of many applications, providing access to databases, third-party services, cloud infrastructures, and other important resources. If these secrets are compromised, it could lead to data breaches, unauthorized access, or other security incidents.

Tools / Solutions / Products

  • Azure Key Vault: safeguard cryptographic keys and other secrets used by cloud apps and services.
  • AWS Secrets Manager: helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycles.
  • AWS Key Management Service (KMS): create and control keys used to encrypt or digitally sign your data.
  • Google Cloud Secret Manager: a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data.
  • Google Cloud Key Management: manage encryption keys on Google Cloud.
  • HashiCorp Vault: manage access to secrets and protect sensitive data.
  • StackExchange Blackbox: Safely store secrets in a VCS repo (i.e. Git, Mercurial, Subversion or Perforce).
  • Akeyless Vault Platform: enable developers with a secure vault for credentials, certificates and keys.
  • Doppler: the uncomplicated way to sync, manage, orchestrate, and rotate secrets across any environment or app config with easy to use tools.
  • Mozilla SOPS (Secrets OPerationS): simple and flexible tool for managing secrets.
  • Teller (web): a productivity secret manager for developers supporting cloud-native apps and multiple cloud providers. Mix and match all vaults and other key stores and safely use secrets as you code, test, and build applications.
  • CyberArk Conjur (web): automatically secures secrets used by privileged users and machine identities.
  • GoPass (web): the slightly more awesome standard UNIX password manager for teams.
  • Spectral Keyscope: a key and secret workflow (validation, invalidation, etc.) tool built in Rust.
  • Pinterest Knox: a service for storing and rotation of secrets, keys, and passwords used by other services.
  • Git-tresor: Encrypt and decrypt files to store them inside a git repository. git-tresor uses AES-256 encryption. Every file or directory has it's own password. This enables you to commit encrypted files either in a separate git repository or inside the same repository where your secret files are needed (f.e. Android-Keystores or Signing-Certificates for Apple).
  • Ansible Vault: encryption/decryption utility for Ansible data files.
  • Chef Vault: securely manage passwords, certs, and other secrets in Chef.
  • CredStash (⚠️): a very simple, easy to use credential management and distribution system that uses AWS Key Management Service (KMS) for key wrapping and master-key storage, and DynamoDB for credential storage and sharing.