Secrets
Secrets Management¶
General¶
Tool | Description |
---|---|
yopass | Secure sharing for secrets, passwords and files |
sops | Secrets management |
chamber | CLI for managing secrets |
daytona |
|
harp | Secret management toolchain from the Elastic team |
aws-vault | A vault for securely storing and accessing AWS credentials in development environments |
Google Secrets Manager |
|
knox | Service for storing and rotation of secrets, keys, and passwords used by other services |
op-vscode | A set of tools to integrate your development workflow with 1Password, powered by the 1Password CLI |
Kubernetes Specific¶
Tool | Description |
---|---|
vault-k8s |
|
kubernetes-external-secrets | Allows to use external secret management systems (e.g., AWS Secrets Manager, GCP Secrets Manager, Vault, etc.) to add secrets in Kubernetes |
kube-secrets-init | Admission webhook that mutates any Pod that is using specially prefixed environment variables, directly or from Kubernetes as Secret or ConfigMap |
kamus | Git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications |
sealed-secrets | A Kubernetes controller and tool for one-way encrypted Secrets |
kiss |
|
Secret Store CSI Driver | Google Secret Manager provider for the Secret Store CSI Driver |
aws-secret-sidecar-injector | Kubernetes mutating webhook to fetch secrets from AWS Secrets Manager. |
Hooks¶
Tool | Description |
---|---|
detect-secrets | Implement pre-commit hooks for secret detection |
git-secrets | Prevents you from committing secrets and credentials into git repositories |
talisman | Prevents you from committing authorization tokens and private keys |
Scanners¶
Tool | Description |
---|---|
KeyHacks | Verify if disclosed API keys are still valid |
Gitrob |
|
Gitleaks | Searches full repo history for secrets and keys |
ggshield | Detect secrets in source code, scan git repos, and use pre commit hooks to prevent API key leaks |
TruffleHog | Searches through git repositories for high entropy strings and secrets |
Whispers | Static code analysis tool which identifies hardcoded secrets and dangerous behaviours |
gitlab-watchman | Uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally |