Secure storage, and delivery for tokens, passwords, API keys, and other secrets using HTTP API, Swagger UI or Python Package.
TL;DR
: Poor Man's Hashi Corp Vault
Hashi Corp Vault works well but it was meant for enterprises. Therefore, it was heavy and non-portable (atleast difficult) for my homelab setup. So I wanted to build a Secrets Manager intended for small scale setups that could also scale well.
- A lightweight system that sucks less power out of the wall. Therefore, minimal background jobs and reduced resource utilizations.
- Should be compatible on both
x86-64
andarm64v8
(mainly Raspberry Pi 4). - High stability, availability and easy scalability.
Secret Engine | Description |
---|---|
kv |
Key-Value engine is used to store arbitrary secrets. |
Auth Methods | Description |
---|---|
userpass |
Allows users to authenticate using a username and password combination. |
token |
Allows users to authenticate using a token. Token generation requires users to be authenticated via userpass |
- Secret engines for certificates (PKI), SSH and databases.
- Encrypting secrets before writing to a persistent storage, so gaining access to the raw storage isn't enough to access your secrets.
Automated Install: docker-compose
(Recommended)
- Run the stack by executing
docker-compose up -d
.
- Clone our repository and run
git clone --depth 1 https://github.com/bearlike/simple-secrets-manager simple-secrets-manager
cd "simple-secrets-manager"
- Start a Mongo database server.
- Create a
.env
file in the project root with the following values
CONNECTION_STRING=mongodb://username:password@mongo.hostname:27017
- Install the required python packages by executing
pip3 install -r requirements.txt
- You will need atleast
python3.7
. Start the server by runningserver.py
. - Visit the application via
http://server_hostname:5000/api
(default port is5000
) to visit the Swagger UI.