Secure storage, and delivery for tokens, passwords, API keys, and other secrets using HTTP API, Swagger UI or Python Package.
TL;DR: Poor Man's Hashi Corp Vault
Hashi Corp Vault works well but it was meant for enterprises. Therefore, it was heavy and non-portable (atleast difficult) for my homelab setup. So I wanted to build a Secrets Manager intended for small scale setups that could also scale well.
- A lightweight system that sucks less power out of the wall. Therefore, minimal background jobs and reduced resource utilizations.
- Should be compatible on both
x86-64andarm64v8(mainly Raspberry Pi 4). - High stability, availability and easy scalability.
| Secret Engine | Description |
|---|---|
kv |
Key-Value engine is used to store arbitrary secrets. |
| Auth Methods | Description |
|---|---|
userpass |
Allows users to authenticate using a username and password combination. |
token |
Allows users to authenticate using a token. Token generation requires users to be authenticated via userpass |
- Secret engines for certificates (PKI), SSH and databases.
- Encrypting secrets before writing to a persistent storage, so gaining access to the raw storage isn't enough to access your secrets.
Automated Install: docker-compose (Recommended)
- Run the stack by executing
docker-compose up -d.
- Clone our repository and run
git clone --depth 1 https://github.com/bearlike/simple-secrets-manager simple-secrets-manager
cd "simple-secrets-manager"- Start a Mongo database server.
- Create a
.envfile in the project root with the following values
CONNECTION_STRING=mongodb://username:password@mongo.hostname:27017
- Install the required python packages by executing
pip3 install -r requirements.txt - You will need atleast
python3.7. Start the server by runningserver.py. - Visit the application via
http://server_hostname:5000/api(default port is5000) to visit the Swagger UI.