Skip to content

VMware Secrets Manager is a lightweight secrets manager to protect your sensitive data. It’s perfect for edge deployments where energy and footprint requirements are strict—See more: https://vsecm.com/

License

Notifications You must be signed in to change notification settings

vmware-tanzu/secrets-manager

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

VMware Secrets Manager for cloud-native apps

VSecM Logo

Project Status

Active Maintenance Mode

We are currently focusing our development efforts on SPIKE to reach its v1.0 milestone.

During this period:

  • Security Issues: We will promptly address any security vulnerabilities or CVE announcements in VSecM.
  • Feature Development: New feature implementations will be deferred until SPIKE achieves v1.0.
  • Community Contributions: We welcome and encourage community contributions to VSecM during this time. We will review and merge PRs as quickly as possible. We will provide guidance and support to contributors.

Thank you for your understanding and continued support.

About

VMware Secrets Manager (VSecM) redefines secrets management for cloud native apps.

By using VSecM you can #sleepmore while keeping your secrets… secret.

Want to get started quickly? Check out our quickstart tutorial.

🐢⚡️


OpenSSF Best Practices Version Contributors Slack Twitch Artifact Hub License Go Report Card Go Coverage Using Better Commits

The Elevator Pitch

VMware Secrets Manager is a delightfully-secure Kubernetes-native secrets store.

VMware Secrets Manager (VSecM) keeps your secrets secret.

With VMware Secrets Manager, you can rest assured that your sensitive data is always secure and protected.

VMware Secrets Manager is perfect for securely storing arbitrary configuration information at a central location and securely dispatching it to workloads.

Tell Me More

VMware Secrets Manager is a cloud-native secure store for secrets management. It provides a minimal and intuitive API, ensuring practical security without compromising user experience.

VMware Secrets Manager is resilient and secure by default, storing sensitive data in memory and encrypting any data saved to disk.

Endorsed by industry experts, VMware Secrets Manager is a ground-up re-imagination of secrets management, leveraging SPIFFE for authentication and providing a cloud-native way to manage secrets end-to-end.

Getting Your Hands Dirty

Before trying VMware Secrets Manager, you might want to learn about its architecture and design goals.

Once you are ready to start, see the Quickstart guide.

Or, if you are one of those who "learn by doing", you might want to dig into the implementation details later. If that's the case, you can directly jump to the fun part and follow the steps here to install VMware Secrets Manager to your Kubernetes cluster.

Dive Into Example Use Cases

There are several examples demonstrating VMware Secrets Manager sample use cases inside the ./examples/ folder.

Container Images

Pre-built container images of VMware Secrets Manager components can be found at: https://hub.docker.com/u/vsecm.

Build VMware Secrets Manager From the Source

You can also build VMware Secrets Manager from the source.

Status of This Software

VMware Secrets Manager is under dynamic and progressive development.

The code we've officially signed and released maintains a high standard of stability and dependability. However, we do encourage it to be used in a production environment (at your own risk--see LICENSE).

It's important to note that, technically speaking, VMware Secrets Manager currently holds the status of an alpha software. This means that as we journey towards our milestone of v1.0.0, it's possible for changes to occur--both major and minor. While this might mean some aspects are not backward compatible, it's a testament to our unwavering commitment to refining and enhancing VMware Secrets Manager.

In a nutshell, we are ceaselessly pushing the boundaries of what's possible while ensuring our software stays dependable and effective for production use.

🦆🦆🦆 (Docs)

A Note on Security

We take VMware Secrets Manager's security seriously. If you believe you have found a vulnerability, please follow this guideline to responsibly disclose it.

A Tour Of VMware Secrets Manager

Check out this quickstart guide for an overview of VMware Secrets Manager.

Community

Open Source is better together.

If you are a security enthusiast, join these communities and let us change the world together 🤘:

Links

General Links

Guides and Tutorials

Installation

Check out this quickstart guide for an overview of VMware Secrets Manager, which also covers installation and uninstallation instructions.

You need a Kubernetes cluster and sufficient admin rights on that cluster to install VMware Secrets Manager.

Usage

Here is a list of step-by-step tutorials covers several usage scenarios that can show you where and how VMware Secrets Manager could be used.

Architecture Details

Check out this VMware Secrets Manager Deep Dive article for an overview of VMware Secrets Manager system design and how each component fits together.

Folder Structure

VSecM == "VMware Secrets Manager for Cloud-Native Apps"

Here are the important folders and files in this repository:

  • ./app: Contains core VSecM components' source code.
    • ./app/init_container: Contains the source code for the VSecM Init Container.
    • ./app/inspector: Contains the source code for the VSecM Inspector.
    • ./app/keygen: Contains the source code for the VSecM Keygen.
    • ./app/keystone: Contains the VSecM KeyStone source code.
    • ./app/safe: Contains the VSecM Safe source code.
    • ./app/sentinel: Contains the source code for the VSecM Sentinel.
    • ./app/sidecar: Contains the source code for the VSecM Sidecar.
  • ./ci: Automation and CI/CD scripts.
  • ./lib: Contains independent code that can be used in other projects too.
  • ./helm-charts: Contains VSecM helm charts.
  • ./core: Contains core modules shared across VSecM components.
  • ./dockerfiles: Contains Dockerfiles for building VSecM container images.
  • ./examples: Contains the source code of example use cases.
  • ./hack: Contains scripts for building, publishing, development , and testing.
  • ./k8s: Contains Kubernetes manifests that are used to deploy VSecM and its use cases.
  • ./sdk: Contains the source code of the VSecM Developer Go SDK.
  • ./sdk-cpp: Contains the source code of the VSecM Developer C++ SDK.
  • ./sdk-java: Contains the source code of the VSecM Developer Java SDK.
  • ./sdk-python: Contains the source code of the VSecM Developer Python SDK.
  • ./sdk-rust: Contains the source code of the VSecM Developer Rust SDK.
  • ./docs: Contains the source code of the VSecM Documentation website (https://vsecm.com).
  • ./CODE_OF_CONDUCT.md: Contains VSecM Code of Conduct.
  • ./CONTRIBUTING_DCO.md: Contains VSecM Contributing Guidelines.
  • ./SECURITY.md: Contains VSecM Security Policy.
  • ./LICENSE: Contains VSecM License.
  • ./Makefile: The Makefile used for building, publishing, deploying, and testing the project.

Branches

There are special long-living branches that the project maintains.

  • main: This is the source code that is in active development. We try out best to keep it stable; however, there is no guarantees. We tag stable releases off of this branch during every release cut.
  • gh-pages: This branch is where VSecM Helm charts are maintained. ArtifactHub references this branch.
  • docs: This branch contains versioned documentation snapshots that we take
    during releases.
  • tcx: This is an internal "experimental" branch that is not meant for public consumption.

Changelog

You can find the changelog and migration/upgrade instructions (if any) on VMware Secrets Manager's Changelog Page.

Code Of Conduct

Be a nice citizen.

Contributing

To contribute to VMware Secrets Manager, follow the contributing guidelines to get started.

Use GitHub issues to request features or file bugs.

Communications

Maintainers

Check out the Maintainers Page for a list of maintainers of VMware Secrets Manager.

Please send your feedback, suggestions, recommendations, and comments to [email protected].

We'd love to have them.

License

BSD 2-Clause License.