VMware Secrets Manager (VSecM) redefines secrets management for cloud native apps.
By using VSecM you can #sleepmore
while keeping your secrets… secret.
Want to get started quickly? Check out our quickstart tutorial.
🐢⚡️
VMware Secrets Manager is a delightfully-secure Kubernetes-native secrets store.
VMware Secrets Manager (VSecM) keeps your secrets secret.
With VMware Secrets Manager, you can rest assured that your sensitive data is always secure and protected.
VMware Secrets Manager is perfect for securely storing arbitrary configuration information at a central location and securely dispatching it to workloads.
VMware Secrets Manager is a cloud-native secure store for secrets management. It provides a minimal and intuitive API, ensuring practical security without compromising user experience.
VMware Secrets Manager is resilient and secure by default, storing sensitive data in memory and encrypting any data saved to disk.
Endorsed by industry experts, VMware Secrets Manager is a ground-up re-imagination of secrets management, leveraging SPIFFE for authentication and providing a cloud-native way to manage secrets end-to-end.
Before trying VMware Secrets Manager, you might want to learn about its architecture and design goals.
Once you are ready to start, see the Quickstart guide.
Or, if you are one of those who "learn by doing", you might want to dig into the implementation details later. If that's the case, you can directly jump to the fun part and follow the steps here to install VMware Secrets Manager to your Kubernetes cluster.
There are several examples demonstrating VMware Secrets Manager sample use
cases inside the ./examples/
folder.
Pre-built container images of VMware Secrets Manager components can be found at: https://hub.docker.com/u/vsecm.
You can also build VMware Secrets Manager from the source.
VMware Secrets Manager is under dynamic and progressive development.
The code we've officially signed and released maintains a high standard of stability and dependability. However, we do encourage it to be used in a production environment (at your own risk--see LICENSE).
It's important to note that, technically speaking, VMware Secrets Manager
currently holds the status of an alpha software. This means that as we
journey towards our milestone of v1.0.0
, it's possible for changes to
occur--both major and minor. While this might mean some aspects are not backward
compatible, it's a testament to our unwavering commitment to refining and
enhancing VMware Secrets Manager.
In a nutshell, we are ceaselessly pushing the boundaries of what's possible while ensuring our software stays dependable and effective for production use.
We take VMware Secrets Manager's security seriously. If you believe you have found a vulnerability, please follow this guideline to responsibly disclose it.
Check out this quickstart guide for an overview of VMware Secrets Manager.
Open Source is better together.
If you are a security enthusiast, join these communities and let us change the world together 🤘:
- Join VMware Secrets Manager's Slack Workspace
- Join the VMware Secrets Manager channel on Kampus' Discord Server
- Homepage and Docs: https://vsecm.com/
- Changelog
- Community:
- Contact
- Installation and Quickstart
- Local Development Instructions
- Developer SDK
- CLI
- Architecture
- Configuration
- Production Deployment Tips
Check out this quickstart guide for an overview of VMware Secrets Manager, which also covers installation and uninstallation instructions.
You need a Kubernetes cluster and sufficient admin rights on that cluster to install VMware Secrets Manager.
Here is a list of step-by-step tutorials covers several usage scenarios that can show you where and how VMware Secrets Manager could be used.
Check out this VMware Secrets Manager Deep Dive article for an overview of VMware Secrets Manager system design and how each component fits together.
VSecM == "VMware Secrets Manager for Cloud-Native Apps"
Here are the important folders and files in this repository:
./app
: Contains core VSecM components' source code../app/init_container
: Contains the source code for the VSecM Init Container../app/inspector
: Contains the source code for the VSecM Inspector../app/keygen
: Contains the source code for the VSecM Keygen../app/keystone
: Contains the VSecM KeyStone source code../app/safe
: Contains the VSecM Safe source code../app/sentinel
: Contains the source code for the VSecM Sentinel../app/sidecar
: Contains the source code for the VSecM Sidecar.
./ci
: Automation and CI/CD scripts../lib
: Contains independent code that can be used in other projects too../helm-charts
: Contains VSecM helm charts../core
: Contains core modules shared across VSecM components../dockerfiles
: Contains Dockerfiles for building VSecM container images../examples
: Contains the source code of example use cases../hack
: Contains scripts for building, publishing, development , and testing../k8s
: Contains Kubernetes manifests that are used to deploy VSecM and its use cases../sdk
: Contains the source code of the VSecM Developer Go SDK../sdk-cpp
: Contains the source code of the VSecM Developer C++ SDK../sdk-java
: Contains the source code of the VSecM Developer Java SDK../sdk-python
: Contains the source code of the VSecM Developer Python SDK../sdk-rust
: Contains the source code of the VSecM Developer Rust SDK../docs
: Contains the source code of the VSecM Documentation website (https://vsecm.com)../CODE_OF_CONDUCT.md
: Contains VSecM Code of Conduct../CONTRIBUTING_DCO.md
: Contains VSecM Contributing Guidelines../SECURITY.md
: Contains VSecM Security Policy../LICENSE
: Contains VSecM License../Makefile
: TheMakefile
used for building, publishing, deploying, and testing the project.
There are special long-living branches that the project maintains.
main
: This is the source code that is in active development. We try out best to keep it stable; however, there is no guarantees. We tag stable releases off of this branch during every release cut.gh-pages
: This branch is where VSecM Helm charts are maintained. ArtifactHub references this branch.docs
: This branch contains versioned documentation snapshots that we take
during releases.tcx
: This is an internal "experimental" branch that is not meant for public consumption.
You can find the changelog and migration/upgrade instructions (if any) on VMware Secrets Manager's Changelog Page.
To contribute to VMware Secrets Manager, follow the contributing guidelines to get started.
Use GitHub issues to request features or file bugs.
Check out the Maintainers Page for a list of maintainers of VMware Secrets Manager.
Please send your feedback, suggestions, recommendations, and comments to feedback@vsecm.com.
We'd love to have them.