Skip to content

bank-vaults/secret-sync

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

220 Commits

.github

.github

 
 

cmd

cmd

 
 

dev/vault

dev/vault

 
 

docs

docs

 
 

examples

examples

 
 

pkg

pkg

 
 

.editorconfig

.editorconfig

 
 

.envrc

.envrc

 
 

.gitignore

.gitignore

 
 

.golangci.yaml

.golangci.yaml

 
 

.goreleaser.yaml

.goreleaser.yaml

 
 

.licensei.toml

.licensei.toml

 
 

.yamllint.yaml

.yamllint.yaml

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

flake.lock

flake.lock

 
 

flake.nix

flake.nix

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

Repository files navigation

Secret Sync

Go Report Card Go Version go.dev - references GitHub Workflow Status OpenSSF Scorecard OpenSSF Best Practices

Secret Sync exposes a generic way to interact with external secret storage systems like HashiCorp Vault and provides a set of API models to interact and orchestrate the synchronization of secrets between them.

Important

This is an early alpha version and breaking changes are expected. As such, it is not recommended for usage in production. We are actively working on expanding the list of supported stores and consolidating our APIs.

You can support us with your feedback, bug reports, and feature requests.

Features

  • Simple integration with a variety of secret storage systems
  • User-friendly API to facilitate interaction between different storage systems
  • Pipeline-like syntax for defining synchronization actions on a secret level
  • Advanced templating capabilities for transforming secrets
Supported store Status
HashiCorp Vault alpha
[Local Provider] alpha
AWS Secrets Manager planned
Google Secrets Manager planned
Azure Key Vault planned
Kubernetes Secret planned

Check details about upcoming features by visiting the project issue board.

Goals

  • Provide safe and simple way to work with secrets
  • Expose common API for secret management regardless of the store backend
  • Give total control of the secret synchronization process

Consider a situation where Dev teams need access to secrets from different environments. Ops teams can provide access to secrets in the form of an isolated environment (e.g. new Vault instance) synced only with secrets Devs require; all in GitOps way.

Getting started

To get familiarized, check out the collection of different examples using this tool.

Documentation

Check out the project documentation or pkg.go.dev.

Development

For an optimal developer experience, it is recommended to install Nix and direnv.

Alternatively, install Go on your computer then run make deps to install the rest of the dependencies.

Fetch required tools:

make deps

Build the CLI:

make build

Run the test suite:

make test

Run linters:

make lint # pass -j option to run them in parallel

Some linter violations can automatically be fixed:

make fmt

License

The project is licensed under the Apache 2.0 License.

About

Synchronise secrets between secret stores in a configurable manner

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

14 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases 3

v0.1.2 Latest
Mar 8, 2024
+ 2 releases

Packages 1

 

Contributors 6

Languages