Skip to content

Secrets

Secrets Management

Tool Description
yopass
  • Secure sharing for secrets, passwords and files
vault-k8s
kubernetes-external-secrets
  • Allows to use external secret management systems (e.g., AWS Secrets Manager, GCP Secrets Manager, Vault, etc.) to add secrets in Kubernetes
kube-secrets-init
  • Admission webhook that mutates any Pod that is using specially prefixed environment variables, directly or from Kubernetes as Secret or ConfigMap
daytona
  • Lighter, alternative, implementation of the Vault client CLI primarily for services and containers
  • Its core features are the ability to automate authentication, fetching of secrets, and automated token renewal
kamus
  • Git-ops, zero-trust secret encryption and decryption solution for Kubernetes applicationsĀ 
sealed-secrets
  • A Kubernetes controller and tool for one-way encrypted Secrets
aws-vault
  • A vault for securely storing and accessing AWS credentials in development environments
sops
  • Secrets management
chamber
  • CLI for managing secrets
Google Secrets Manager
  • Store API keys, passwords, certificates, and other sensitive data
  • CLI library
kiss
  • AWS-based secrets management for Kubernetes
  • Leverages users' Kubernetes OIDC authentication tokens for AWS Secrets Manager secrets management
Secret Store CSI Driver
  • Google Secret Manager provider for the Secret Store CSI Driver

Hooks

Tool Description
detect-secrets
  • Implement pre-commit hooks for secret detection
git-secrets
  • Prevents you from committing secrets and credentials into git repositories
talisman
  • Prevents you from committing authorization tokens and private keys

Scanners

Tool Description
KeyHacks
  • Verify if disclosed API keys are still valid
Gitrob
  • Reconnaissance tool for GitHub organizations
  • Usage:
    • $ export GITROB_ACCESS_TOKEN=<TOKEN>
    • $ gitrob <TARGET>
Gitleaks
  • Searches full repo history for secrets and keys
TruffleHog
  • Searches through git repositories for high entropy strings and secrets
Whispers
  • Static code analysis tool which identifies hardcoded secrets and dangerous behaviours
gitlab-watchman
  • Uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally
Back to top