I want a centralized way to manage keys and secrets. And some service users with little privileges over a subset of the secrets. Ideally, a service user only should be able to read its own subset of secrets. So, let’s say, if a container gets pwned it will only read its secrets and no more. It should be FOSS and self-hostable.

And a beautiful nice-to-have feature would be access log, to know who read what and when.

My only experience with something similar is Hashicorp Vault, but I don’t want to be near any Hashicorp stuff ever again.

Do you know a FOSS alternative to Vault?

  • kersplomp@programming.dev
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    2
    ·
    edit-2
    4 months ago

    They just added a fee so that AWS can’t copy it without paying. What’s the big deal.

    • vsisOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      It’s no longer open source. Big Deal in my books.