Secrets

Secrets Management

Tool	Description
yopass	Secure sharing for secrets, passwords and files
vault-k8s	Agent Sidecar Injector Vault-K8S integration that enables apps to leverage static and dynamic secrets sourced from Vault How-To: Dynamic Database Credentials with Vault and Kubernetes
kubernetes-external-secrets	Allows to use external secret management systems (e.g., AWS Secrets Manager, GCP Secrets Manager, Vault, etc.) to add secrets in Kubernetes
kube-secrets-init	Admission webhook that mutates any Pod that is using specially prefixed environment variables, directly or from Kubernetes as Secret or ConfigMap
daytona	Lighter, alternative, implementation of the Vault client CLI primarily for services and containers Its core features are the ability to automate authentication, fetching of secrets, and automated token renewal
kamus	Git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications
sealed-secrets	A Kubernetes controller and tool for one-way encrypted Secrets
aws-vault	A vault for securely storing and accessing AWS credentials in development environments
sops	Secrets management
chamber	CLI for managing secrets
Google Secrets Manager	Store API keys, passwords, certificates, and other sensitive data CLI library
kiss	AWS-based secrets management for Kubernetes Leverages users' Kubernetes OIDC authentication tokens for AWS Secrets Manager secrets management
Secret Store CSI Driver	Google Secret Manager provider for the Secret Store CSI Driver

Hooks

Tool	Description
detect-secrets	Implement pre-commit hooks for secret detection
git-secrets	Prevents you from committing secrets and credentials into git repositories
talisman	Prevents you from committing authorization tokens and private keys

Scanners

Tool	Description
KeyHacks	Verify if disclosed API keys are still valid
Gitrob	Reconnaissance tool for GitHub organizations Usage: $ export GITROB_ACCESS_TOKEN=<TOKEN> $ gitrob <TARGET>
Gitleaks	Searches full repo history for secrets and keys
TruffleHog	Searches through git repositories for high entropy strings and secrets
Whispers	Static code analysis tool which identifies hardcoded secrets and dangerous behaviours
gitlab-watchman	Uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally