【数据安全】密钥库和密钥管理解决方案
视频号
微信公众号
知识星球
https://github.com/Infisical/infisical
Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure and prevent secret leaks.
https://github.com/bitwarden/sdk
Secrets Manager SDK
https://github.com/tellerops/teller
Cloud native secrets management for developers - never leave your command line for secrets.
https://github.com/eth0izzle/shhgit
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.
https://github.com/bitwarden/server
The core infrastructure backend (API, database, Docker, etc).
https://github.com/square/keywhiz
A system for distributing and managing secrets
https://github.com/sniptt-official/ots
Share end-to-end encrypted secrets with others via a one-time URL
https://github.com/manifoldco/torus-cli
A secure, shared workspace for secrets
https://github.com/deepfence/SecretScanner
Find secrets and passwords in container images and file systems
https://github.com/GoogleCloudPlatform/berglas
A tool for managing secrets on Google Cloud
the Crypto Undertaker
https://github.com/jkroepke/helm-secrets
A helm plugin that help manage secrets with Git workflow and store them anywhere
https://github.com/freeipa/freeipa
Mirror of FreeIPA, an integrated security information management solution
https://github.com/stakater/Reloader
A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig – [✩Star] if you're using it!
https://github.com/trufflesecurity/trufflehog
Find and verify credentials
https://github.com/tink-crypto/tink-java
https://github.com/tink-crypto
A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. See also: https://developers.google.com/tink.
The Tink Cryptography Library is split into multiple repositories.
Tink implementation | Repository |
---|---|
Tink Java | tink-crypto/tink-java |
Tink C++ | tink-crypto/tink-cc |
Tink Go | tink-crypto/tink-go |
Tink Python | tink-crypto/tink-py |
Tink Obj-C | tink-crypto/tink-objc |
We provide a command line interface for key management, named Tinkey
We also provide integrations with various key management systems (KMS) and other systems.
Tink extension | Repository |
---|---|
Tink Java AWS KMS extension | tink-crypto/tink-java-awskms |
Tink Java Google Cloud KMS extension | tink-crypto/tink-java-gcpkms |
Tink Java apps extension | tink-crypto/tink-java-apps |
Tink C++ AWS KMS extension | tink-crypto/tink-cc-awskms |
Tink C++ Google Cloud KMS extension | tink-crypto/tink-cc-gcpkms |
Tink Go AWS KMS extension | tink-crypto/tink-go-awskms |
Tink Go Google Cloud KMS extension | tink-crypto/tink-go-gcpkms |
Tink Go HashiCorp Vault KMS extension | tink-crypto/tink-go-hcvault |
https://github.com/pac4j/pac4j
https://github.com/cryptomator/cryptomator
Multi-platform transparent client-side encryption of your files in the cloud
https://medium.com/@cyberlands.io/best-secrets-management-solution-hash…
Best Secrets Management Solution: Hashicorp vs KeyWhiz
Encrypting Confidential Data at Rest
https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/
https://kubernetes.io/docs/concepts/configuration/secret/
https://external-secrets.io/main/introduction/overview/
The External Secrets Operator extends Kubernetes with Custom Resources, which define where secrets live and how to synchronize them. The controller fetches secrets from an external API and creates Kubernetes secrets. If the secret from the external API changes, the controller will reconcile the state in the cluster and update the secrets accordingly.
https://cloud.yandex.com/en/services/lockbox
A service for creating and storing secrets in the Yandex Cloud infrastructure.
Create secrets in the management console or using the API.
https://walkingtree.tech/secrets-management-using-mozilla-sops/
As automation is taking place at a rapid pace, the areas where human intervention is involved are appearing as huge speed breakers. One such task is keeping the secret information with humans and providing necessary approvals as and when needed. This task does not involve a lot of logical thinking but the important aspect is keeping trustworthy information and using it for regular activity.
Keeping the secrets in a file and allowing access to information to a wider set of people will be a serious challenge. One way to solve this problem is to keep the secrets in a file but in an encrypted format and ensure only the target environment can decrypt. This way we can still allow the automation to happen and keep the environments secured.
In this blog, I will be touching upon the basics of securing secrets, introduce you to SOPS, explain to you how SOPS works and its effective use in building cloud-agnostic applications.
Manage Your Secrets with Mozilla SOPS and GitOps Toolkit (Flux CD v2)
https://medium.com/picus-security-engineering/manage-your-secrets-with-…
"Sealed Secrets" for Kubernetes
https://github.com/bitnami-labs/sealed-secrets
Safe storage of Kubernetes Secrets with Mozilla SOPS and IaC
https://softwaremill.com/safe-storage-of-kubernetes-secrets-with-mozill…
SOPS (Secrets OPerationS – Kubernetes Operator): Secure your sensitive data, while maintaining ease of use
https://deyan7.de/en/sops-secrets-operations-kubernetes-operator-secure…
Simplify and Secure Your Kubernetes Deployments with Mozilla SOPS
https://systemweakness.com/simplify-and-secure-your-aks-deployments-wit…
How to commit encrypted files to Git with Mozilla SOPS
https://blog.thenets.org/how-to-commit-encrypted-files-to-git-with-mozi…
Encrypt your Kubernetes Secrets with Mozilla SOPS
https://www.thorsten-hans.com/encrypt-your-kubernetes-secrets-with-mozi…
- 23 次浏览