Skip to content

Secrets

Secrets Management

General

Tool Description
yopass Secure sharing for secrets, passwords and files
sops Secrets management
chamber CLI for managing secrets
daytona
  • Lighter, alternative, implementation of the Vault client CLI primarily for services and containers
  • Its core features are the ability to automate authentication, fetching of secrets, and automated token renewal
harp Secret management toolchain from the Elastic team
aws-vault A vault for securely storing and accessing AWS credentials in development environments
Google Secrets Manager
  • Store API keys, passwords, certificates, and other sensitive data
  • CLI library
knox Service for storing and rotation of secrets, keys, and passwords used by other services
op-vscode A set of tools to integrate your development workflow with 1Password, powered by the 1Password CLI

Kubernetes Specific

Tool Description
vault-k8s
kubernetes-external-secrets Allows to use external secret management systems (e.g., AWS Secrets Manager, GCP Secrets Manager, Vault, etc.) to add secrets in Kubernetes
kube-secrets-init Admission webhook that mutates any Pod that is using specially prefixed environment variables, directly or from Kubernetes as Secret or ConfigMap
kamus Git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications
sealed-secrets A Kubernetes controller and tool for one-way encrypted Secrets
kiss
  • AWS-based secrets management for Kubernetes
  • Leverages users' Kubernetes OIDC authentication tokens for AWS Secrets Manager secrets management
Secret Store CSI Driver Google Secret Manager provider for the Secret Store CSI Driver
aws-secret-sidecar-injector Kubernetes mutating webhook to fetch secrets from AWS Secrets Manager.

Hooks

Tool Description
detect-secrets Implement pre-commit hooks for secret detection
git-secrets Prevents you from committing secrets and credentials into git repositories
talisman Prevents you from committing authorization tokens and private keys

Scanners

Tool Description
KeyHacks Verify if disclosed API keys are still valid
Gitrob
  • Reconnaissance tool for GitHub organizations
  • Usage:
    • $ export GITROB_ACCESS_TOKEN=<TOKEN>
    • $ gitrob <TARGET>
Gitleaks Searches full repo history for secrets and keys
ggshield Detect secrets in source code, scan git repos, and use pre commit hooks to prevent API key leaks
TruffleHog Searches through git repositories for high entropy strings and secrets
Whispers Static code analysis tool which identifies hardcoded secrets and dangerous behaviours
gitlab-watchman Uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally