Secrets Management

About

Software secrets management involves handling and protecting sensitive information, such as API keys, passwords, tokens, and encryption keys, that are used within a software system. These "secrets" are critical for the operation of many applications, providing access to databases, third-party services, cloud infrastructures, and other important resources. If these secrets are compromised, it could lead to data breaches, unauthorized access, or other security incidents.

Tools / Solutions / Products

• Azure Key Vault: safeguard cryptographic keys and other secrets used by cloud apps and services.

• AWS Secrets Manager: helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycles.

• AWS Key Management Service (KMS): create and control keys used to encrypt or digitally sign your data.

• Google Cloud Secret Manager: a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data.

• Google Cloud Key Management: manage encryption keys on Google Cloud.

• HashiCorp Vault: manage access to secrets and protect sensitive data.

• StackExchange Blackbox: Safely store secrets in a VCS repo (i.e. Git, Mercurial, Subversion or Perforce).

• Akeyless Vault Platform: enable developers with a secure vault for credentials, certificates and keys.

• Doppler: the uncomplicated way to sync, manage, orchestrate, and rotate secrets across any environment or app config with easy to use tools.

• Mozilla SOPS (Secrets OPerationS): simple and flexible tool for managing secrets.

• Teller (web): a productivity secret manager for developers supporting cloud-native apps and multiple cloud providers. Mix and match all vaults and other key stores and safely use secrets as you code, test, and build applications.

• CyberArk Conjur (web): automatically secures secrets used by privileged users and machine identities.

• GoPass (web): the slightly more awesome standard UNIX password manager for teams.

• Spectral Keyscope: a key and secret workflow (validation, invalidation, etc.) tool built in Rust.

• Pinterest Knox: a service for storing and rotation of secrets, keys, and passwords used by other services.

• Git-tresor: Encrypt and decrypt files to store them inside a git repository. git-tresor uses AES-256 encryption. Every file or directory has it's own password. This enables you to commit encrypted files either in a separate git repository or inside the same repository where your secret files are needed (f.e. Android-Keystores or Signing-Certificates for Apple).

• Ansible Vault: encryption/decryption utility for Ansible data files.

• Chef Vault: securely manage passwords, certs, and other secrets in Chef.

• CredStash (⚠️): a very simple, easy to use credential management and distribution system that uses AWS Key Management Service (KMS) for key wrapping and master-key storage, and DynamoDB for credential storage and sharing.