Skip to content


Secrets Management


Tool Description
yopass Secure sharing for secrets, passwords and files
sops Secrets management
chamber CLI for managing secrets
  • Lighter, alternative, implementation of the Vault client CLI primarily for services and containers
  • Its core features are the ability to automate authentication, fetching of secrets, and automated token renewal
harp Secret management toolchain from the Elastic team
aws-vault A vault for securely storing and accessing AWS credentials in development environments
Google Secrets Manager
  • Store API keys, passwords, certificates, and other sensitive data
  • CLI library
knox Service for storing and rotation of secrets, keys, and passwords used by other services
op-vscode A set of tools to integrate your development workflow with 1Password, powered by the 1Password CLI

Kubernetes Specific

Tool Description
kubernetes-external-secrets Allows to use external secret management systems (e.g., AWS Secrets Manager, GCP Secrets Manager, Vault, etc.) to add secrets in Kubernetes
kube-secrets-init Admission webhook that mutates any Pod that is using specially prefixed environment variables, directly or from Kubernetes as Secret or ConfigMap
kamus Git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications
sealed-secrets A Kubernetes controller and tool for one-way encrypted Secrets
  • AWS-based secrets management for Kubernetes
  • Leverages users' Kubernetes OIDC authentication tokens for AWS Secrets Manager secrets management
Secret Store CSI Driver Google Secret Manager provider for the Secret Store CSI Driver
aws-secret-sidecar-injector Kubernetes mutating webhook to fetch secrets from AWS Secrets Manager.


Tool Description
detect-secrets Implement pre-commit hooks for secret detection
git-secrets Prevents you from committing secrets and credentials into git repositories
talisman Prevents you from committing authorization tokens and private keys


Tool Description
KeyHacks Verify if disclosed API keys are still valid
  • Reconnaissance tool for GitHub organizations
  • Usage:
    • $ gitrob <TARGET>
Gitleaks Searches full repo history for secrets and keys
ggshield Detect secrets in source code, scan git repos, and use pre commit hooks to prevent API key leaks
TruffleHog Searches through git repositories for high entropy strings and secrets
Whispers Static code analysis tool which identifies hardcoded secrets and dangerous behaviours
gitlab-watchman Uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally


Tool Description
How to Rotate Leaked API Keys A collection of API key rotation tutorials for AWS, GCP, GitHub, and more