Skip to content

Secure storage, and delivery for tokens, passwords, API keys, PKI and other secrets using HTTP API or Swagger UI.

License

Notifications You must be signed in to change notification settings

bearlike/simple-secrets-manager

Repository files navigation

Simple Secrets Manager

Docker Image Latest Version Docker Image Architecture GitHub Repository License

Secure storage, and delivery for tokens, passwords, API keys, and other secrets using HTTP API, Swagger UI or Python Package.

TL;DR: Poor Man's Hashi Corp Vault

Why does this exist?

Hashi Corp Vault works well but it was meant for enterprises. Therefore, it was heavy and non-portable (atleast difficult) for my homelab setup. So I wanted to build a Secrets Manager intended for small scale setups that could also scale well.

Goals

  • A lightweight system that sucks less power out of the wall. Therefore, minimal background jobs and reduced resource utilizations.
  • Should be compatible on both x86-64 and arm64v8 (mainly Raspberry Pi 4).
  • High stability, availability and easy scalability.

Available secret engines

Secret Engine Description
kv Key-Value engine is used to store arbitrary secrets.

Available authentication methods

Auth Methods Description
userpass Allows users to authenticate using a username and password combination.
token Allows users to authenticate using a token. Token generation requires users to be authenticated via userpass

Future

  • Secret engines for certificates (PKI), SSH and databases.
  • Encrypting secrets before writing to a persistent storage, so gaining access to the raw storage isn't enough to access your secrets.

Getting started

Automated Install: docker-compose (Recommended)

  1. Run the stack by executing docker-compose up -d.

Manual Install

  1. Clone our repository and run
git clone --depth 1 https://github.com/bearlike/simple-secrets-manager simple-secrets-manager
cd "simple-secrets-manager"
  1. Start a Mongo database server.
  2. Create a .env file in the project root with the following values
CONNECTION_STRING=mongodb://username:password@mongo.hostname:27017
  1. Install the required python packages by executing pip3 install -r requirements.txt
  2. You will need atleast python3.7. Start the server by running server.py.
  3. Visit the application via http://server_hostname:5000/api (default port is 5000) to visit the Swagger UI.

About

Secure storage, and delivery for tokens, passwords, API keys, PKI and other secrets using HTTP API or Swagger UI.

Topics

Resources

License

Stars

Watchers

Forks