# Container Secret Injection Tools > Search results for `deliver secrets into running containers at deploy time` on awesome-repositories.com. 110 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/deliver-secrets-into-running-containers-at-deploy-time **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/deliver-secrets-into-running-containers-at-deploy-time).** ## Results - [external-secrets/external-secrets](https://awesome-repositories.com/repository/external-secrets-external-secrets.md) (6,697 ⭐) — External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets. - [awslabs/git-secrets](https://awesome-repositories.com/repository/awslabs-git-secrets.md) (13,177 ⭐) — Git-secrets is a security utility designed to prevent the accidental exposure of sensitive credentials by integrating automated scanning directly into the version control commit lifecycle. It functions as a commit scanner that evaluates staged files and commit messages against defined security policies before changes are finalized in a repository. The tool utilizes regular expression pattern matching to identify potential secrets and supports the registration of custom patterns to address specific organizational security requirements. To manage operational friction, it includes mechanisms for false-positive filtering through allowlists and provides options to bypass validation for specific commits when necessary. Beyond real-time interception, the software supports retrospective security analysis by performing linear history traversals to audit entire project timelines for previously committed sensitive data. It also offers extensibility by allowing the delegation of validation logic to external scripts or binaries, enabling integration with dynamic secret checking workflows. - [infisical/infisical](https://awesome-repositories.com/repository/infisical-infisical.md) (27,374 ⭐) — Infisical is a centralized secrets management platform designed to store, synchronize, and control access to sensitive credentials and configuration data across distributed development, staging, and production environments. It employs client-side encryption to ensure that secrets remain unreadable to the underlying storage infrastructure, while providing a hierarchical permission model to govern both user and machine access. The platform distinguishes itself through dynamic credential provisioning, which generates short-lived access tokens that are automatically revoked after use. It supports complex security workflows by integrating with external identity providers for federated authentication and offering a reverse tunneling gateway that allows secure access to private network resources without exposing inbound ports. Additionally, the system includes an event-driven audit engine that maintains an immutable record of all configuration changes and access requests to support compliance requirements. Beyond core secret storage, the platform provides comprehensive orchestration capabilities, including automated secret injection into containerized environments and infrastructure pipelines. It also features integrated public key infrastructure management for the lifecycle of digital certificates and automated scanning to detect hardcoded secrets in source code and CI pipelines. The platform supports flexible deployment models, allowing teams to either utilize managed cloud services or self-host the infrastructure within their own private networks. It provides a broad ecosystem of SDKs and a command-line interface to facilitate integration across various programming languages and deployment workflows. - [bitwarden/server](https://awesome-repositories.com/repository/bitwarden-server.md) (18,074 ⭐) — This project provides a comprehensive, self-hosted platform for zero-knowledge credential management and enterprise secrets orchestration. It functions as a secure vault that ensures all encryption and decryption processes occur exclusively on the client side, preventing the server from ever accessing plaintext data. By combining identity federation with robust access controls, the system enables organizations to centralize the management of passwords, passkeys, and sensitive infrastructure credentials. The platform distinguishes itself through its focus on both human-centric security and automated machine-to-machine workflows. It supports advanced authentication methods including hardware security keys, passkeys, and biometric unlocking, while simultaneously offering programmatic interfaces for injecting secrets directly into development pipelines and automated infrastructure deployments. This dual-purpose design allows teams to maintain strict data sovereignty through local hosting and containerized deployments while enforcing granular governance across their entire user base. Beyond core storage, the system includes extensive observability and compliance tools, such as immutable audit logging, credential risk analysis, and integration with external security information and event management platforms. It also facilitates secure collaboration through encrypted information sharing, emergency access delegation, and automated identity provisioning. The software is designed for flexible deployment across diverse infrastructure environments and includes command-line utilities for administrative tasks, bulk data migration, and secret retrieval. - [bitwarden/clients](https://awesome-repositories.com/repository/bitwarden-clients.md) (13,114 ⭐) — This project is a comprehensive zero-knowledge security suite designed for enterprise credential management, secrets orchestration, and password management. It provides a secure, end-to-end encrypted vault that allows users to store, synchronize, and manage sensitive information, including passwords, passkeys, and infrastructure secrets, across desktop, mobile, and browser environments. The platform distinguishes itself through a strict zero-knowledge architecture where all encryption and decryption occur locally on the client, ensuring that plaintext data remains inaccessible to the server. It supports flexible deployment models, allowing organizations to choose between managed cloud services or self-hosted infrastructure to meet specific data sovereignty and compliance requirements. Furthermore, the system integrates with external identity providers to streamline user provisioning and authentication, while offering advanced administrative controls for policy enforcement and security auditing. Beyond core storage, the platform provides extensive tools for DevOps and automated workflows, including command-line interfaces for secret injection and programmatic SDKs for custom integrations. It also includes robust collaboration features for secure data sharing, team resource management, and credential health monitoring to help organizations maintain a strong security posture. - [jetify-com/devbox](https://awesome-repositories.com/repository/jetify-com-devbox.md) (12,105 ⭐) — Devbox is a development environment orchestrator designed to create reproducible, isolated workspaces for software projects. By leveraging declarative configuration files and the Nix package manager, it ensures that project dependencies, environment variables, and tooling remain consistent across different machines and team members. It functions as a central manager for project-specific environments, providing isolated shell execution that prevents conflicts with host system software. The project distinguishes itself through its ability to bridge local development and cloud-hosted infrastructure. It supports container-native deployment by generating container images directly from project configurations and utilizes remote binary caching to accelerate environment setup by storing pre-built artifacts. Beyond environment management, it includes integrated capabilities for background service orchestration, secret management, and automated testing workflows that can be triggered within the development lifecycle. The platform provides a comprehensive suite of tools for managing the full development lifecycle, including IDE integration, team-based access control, and observability features like log streaming and performance analysis. It also offers extensibility through custom plugin integration and automated package configuration, allowing teams to standardize workflows and maintain consistent tooling across distributed environments. - [docker-library/official-images](https://awesome-repositories.com/repository/docker-library-official-images.md) (6,972 ⭐) — This project is a collection of curated and standardized Docker base images that serve as reliable starting points for building containerized applications. It functions as an OCI container image repository and a build template library, providing a central source of truth for images that adhere to Open Container Initiative standards for portability. The project utilizes an automated image lifecycle pipeline to build, tag, and push images, ensuring that dependencies remain current and security patches are applied. It specifically supports cross-platform distribution by providing a multi-architecture image set, using image indexes to map a single tag to multiple hardware platforms. The repository covers several high-level capability areas, including container security hardening through the restriction of process privileges and the use of non-root users. It also manages container runtime configuration via entrypoints and health checks, and employs image optimization techniques such as multi-stage builds to reduce the final image footprint. - [insforge/insforge](https://awesome-repositories.com/repository/insforge-insforge.md) (11,794 ⭐) — InsForge is a backend-as-a-service platform that provides an integrated suite of tools for managing relational databases, identity provision, object storage, and serverless compute. It functions as an open-source identity provider and a PostgreSQL database manager featuring integrated vector storage and row-level security. The platform serves as an LLM orchestration gateway, offering a unified endpoint to route requests across various AI providers through an OpenAI-compatible interface. It enables AI-driven application generation and connects AI agents to backend resources using a standardized context protocol. Broad capabilities include comprehensive OAuth and OIDC identity management, an S3-compatible object storage gateway, and a real-time pub-sub engine for database synchronization. The system also covers automated billing and subscription lifecycles with mirrored payment data, as well as serverless function runtimes triggered by HTTP requests or database events. Infrastructure is managed via a backend command-line interface and declarative configuration files. - [external-secrets/kubernetes-external-secrets](https://awesome-repositories.com/repository/external-secrets-kubernetes-external-secrets.md) (2,584 ⭐) — This project has been deprecated. Please take a look at ESO (External Secrets Operator) instead https://github.com/external-secrets/external-secrets - [datalab-to/marker](https://awesome-repositories.com/repository/datalab-to-marker.md) (36,137 ⭐) — Marker is a comprehensive document processing platform designed to automate the conversion, extraction, and structuring of data from complex files. It functions as an orchestration engine that chains modular processing steps into versioned, reusable pipelines, allowing organizations to standardize document handling and automate repetitive business tasks at scale. The platform distinguishes itself through its support for secure, private infrastructure deployment, enabling users to run containerized services within their own environments to maintain strict data privacy. It features specialized engines for schema-driven data extraction and programmatic form automation, which map unstructured content from PDFs, images, and office files into predefined data structures. Additionally, the system provides robust change tracking and analysis tools to simplify collaborative review cycles by exporting redlines and comments into structured formats. Beyond core extraction, the platform includes a wide range of operational capabilities for managing document lifecycles. This includes asynchronous task queueing for high-throughput batch processing, granular concurrency and rate-limiting controls to ensure system stability, and event-driven webhook notifications for real-time integration with external systems. The platform also offers built-in usage analytics and monitoring tools to track performance metrics and infrastructure health. The project provides a complete set of client-side primitives and configuration utilities to manage the entire document processing workflow. Users can interact with the service through a documented API, supported by automatic retry logic and secure credential management to ensure reliable and authorized access to processing capabilities. - [ansible-semaphore/semaphore](https://awesome-repositories.com/repository/ansible-semaphore-semaphore.md) (13,766 ⭐) — Semaphore is a web interface and API for running and scheduling Ansible playbooks and other infrastructure automation tools. It serves as an infrastructure automation dashboard and DevOps task scheduler for orchestrating deployments. The platform functions as a multi-tool automation hub, providing a centralized dashboard for managing infrastructure as code using Ansible, Terraform, OpenTofu, and Terragrunt. It includes an inventory management tool for organizing target servers and containers, alongside a secret management service for storing sensitive environment variables required during execution. The system covers a broad range of automation capabilities, including the execution of automation scripts, the scheduling of recurring tasks, and the organization of project resources. It also incorporates role-based access control to manage deployment access and a notification system to alert users of task failures. - [nicotsx/zerobyte](https://awesome-repositories.com/repository/nicotsx-zerobyte.md) (6,572 ⭐) — ZeroByte is a backup management platform built around the Restic backup engine, providing encrypted, deduplicated, and compressed snapshots across multiple storage backends. It offers a web interface for scheduling, monitoring, and managing backup operations, with support for cron-based job scheduling and configurable retention policies that automatically prune older snapshots. The platform distinguishes itself through comprehensive multi-protocol volume mounting, allowing backup ingestion from NFS, SMB, WebDAV, SFTP, and rclone-backed sources alongside local directories. It includes a snapshot mirroring mechanism that copies backups to additional repositories after each run for geographic redundancy, and supports OIDC-based single sign-on with organization membership enforcement for team access management. All sensitive credentials are encrypted before storage, with support for environment variable and Docker secret references. Backup operations can be monitored in real-time through the web interface, which streams file counts and data transfer progress during runs. The notification system delivers alerts across multiple channels including email, Slack, Discord, and webhooks, with configurable pre and post-backup HTTP requests. Storage backends span local disks, S3-compatible services, Google Cloud, Azure Blob, and over 40 rclone-supported providers, with the ability to reuse existing Restic repositories. The application supports both local directory backup deployment and remote mount capability deployment, with a provisioning file system that reads JSON configuration at startup to define repositories and volumes. - [datalab-to/surya](https://awesome-repositories.com/repository/datalab-to-surya.md) (20,889 ⭐) — Surya is a document processing platform designed to transform unstructured files into structured, machine-readable data. It provides a comprehensive suite of tools for text recognition, layout analysis, and reading order detection, enabling the conversion of PDFs and images into formats such as JSON, HTML, or markdown. The platform is built to handle complex document workflows, offering capabilities for data extraction, document segmentation, and automated form completion. The platform distinguishes itself through a robust pipeline-based architecture that allows users to chain analysis tasks into versioned, reusable sequences. It supports high-volume operations through batch processing and provides granular control over data extraction via schema management and confidence scoring. For enterprise requirements, it offers containerized deployment options that allow for on-premises execution, ensuring data privacy and security while maintaining consistent performance across environments. Beyond core analysis, the system includes integrated management for document lifecycles, storage, and event-driven notifications via webhooks. It provides a strongly-typed software development kit to facilitate programmatic interaction, alongside monitoring tools that track system health and usage metrics. Security is maintained through API access controls, request throttling, and payload validation for event notifications. - [richardoc/gitlab-secrets](https://awesome-repositories.com/repository/richardoc-gitlab-secrets.md) (0 ⭐) — This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits, containing potential secret or interesting information. - [yelp/detect-secrets](https://awesome-repositories.com/repository/yelp-detect-secrets.md) (4,429 ⭐) — detect-secrets is a modular secret scanning tool that identifies hard-coded credentials and sensitive information in source code. It combines multiple detection strategies—regular expression pattern matching, Shannon entropy calculation, and a machine learning classifier—to find potential secrets, and uses a baseline-driven delta analysis to distinguish newly introduced secrets from pre-existing ones, reducing noise from legacy credentials. The tool integrates directly into development workflows through a git pre-commit hook that blocks commits introducing unbaselined secrets, and can be incorporated into CI/CD pipelines for automated scanning during builds. Its plugin-based detection architecture allows loading modular detection plugins at runtime, each implementing a distinct scanning strategy, and supports custom plugins for organization-specific patterns. An audit trail mapping system records each detection verdict as a true or false positive entry, enabling downstream tracking of remediation progress and false positive suppression. Additional capabilities include inline secret allowlisting to mark specific lines for the scanner to ignore, scan exclusion rules to reduce false positives by ignoring specific file paths or patterns, and secret audit labeling to interactively classify each detection and generate a migration checklist. The tool also manages a known secret baseline that creates and updates a snapshot of all currently detected secrets, allowing new secrets to be flagged while ignoring pre-existing ones. - [chatgptnextweb/nextchat](https://awesome-repositories.com/repository/chatgptnextweb-nextchat.md) (88,256 ⭐) — NextChat is a self-hosted web application that provides a unified interface for interacting with multiple large language models. It functions as a conversational platform where users can manage and switch between diverse AI providers through configurable API backends, maintaining full control over their data and infrastructure. The platform features a persistent session layer designed to handle long-running dialogues by managing message history and context. It distinguishes itself through a structured prompt engineering environment that allows for the development and application of templates to refine model inputs. To ensure consistent performance during extended interactions, the application includes automated context window compression and dynamic prompt injection, which adjust historical message arrays to fit within model token limits. The software supports secure deployment via containerization, utilizing server-side proxying to manage sensitive API keys and authentication headers. It also incorporates local browser storage for low-latency access and offers options for synchronizing chat records across multiple sessions and devices. The application is configured through environment variables, allowing for flexible integration into private hosting environments. - [goldbergyoni/nodebestpractices](https://awesome-repositories.com/repository/goldbergyoni-nodebestpractices.md) (105,356 ⭐) — This project provides a comprehensive collection of industry-standard guidelines for developing, testing, and deploying Node.js applications. It covers the entire software lifecycle, offering actionable advice on code style, architectural patterns, and security measures to ensure maintainability and consistency across large-scale codebases. The documentation details strategies for robust error management, containerization, and production readiness. It addresses operational requirements such as observability, scalability, and infrastructure configuration, while providing specific methodologies for validating software quality through automated testing and dependency management. - [rebelinblue/deployer](https://awesome-repositories.com/repository/rebelinblue-deployer.md) (907 ⭐) — Deployer is a free and open source deployment tool. - [earthly/earthly](https://awesome-repositories.com/repository/earthly-earthly.md) (12,035 ⭐) — Earthly is a containerized build system and Docker build framework designed for creating reproducible build pipelines. It ensures environment consistency by executing every build step inside an isolated container, combining the isolation of container images with dependency tracking and parallel execution. The system differentiates itself through a focus on hermeticity and multiplatform support, allowing for the generation of container images targeting multiple CPU architectures within a single execution flow. It maintains a hermetic build environment by isolating network access and utilizing a secret-mounting mechanism that injects sensitive data without persisting it in image layers. The project covers a broad range of automation capabilities, including directed acyclic graph orchestration for parallel target execution and content-addressable distributed caching to avoid redundant computations. It further supports monorepo coordination, remote build execution on cloud infrastructure, and the orchestration of containerized integration tests. Earthly provides the ability to inherit specifications from existing Dockerfiles to incorporate them into its own build pipelines. - [containers/libpod](https://awesome-repositories.com/repository/containers-libpod.md) (32,040 ⭐) — Libpod is a container management library for running and controlling the lifecycle of Open Container Initiative compliant containers and images across different storage backends. It provides a programmatic interface for the remote control and automation of container environments. The project enables the coordination of multiple containers into pods that share network namespaces and other shared resources. It supports rootless container execution by using user namespaces to launch containers without administrative privileges. The library covers a broad range of system operations, including image handling for pulling and pushing across registries, network configuration, and resource isolation through control groups to prevent system exhaustion. It also manages the full container lifecycle—from creation and execution to checkpointing and restoration—via OCI-compliant runtimes. For desktop operating systems, the project supports container execution through a virtual machine backend. - [mic92/sops-nix](https://awesome-repositories.com/repository/mic92-sops-nix.md) (2,620 ⭐) — sops-nix is a declarative secret provisioner and management module for NixOS and Home Manager. It enables the storage of encrypted secrets directly in version control and decrypts them into a non-persistent ramfs during system activation to provide plaintext files to services without storing them on disk. The project distinguishes itself through a tight integration with the NixOS activation hook and systemd, allowing it to delay service startup until decryption completes and automatically restart units when secret values are updated. It also provides utilities to transform existing SSH host keys into age or GPG compatible keys to authorize machine-based decryption. The framework covers broad capability areas including multi-format secret parsing for YAML, JSON, and binary files, declarative permission control for user and group ownership, and build-time validation to catch configuration errors before deployment. It also supports atomic secret directory replacement to ensure consistent system rollbacks. The module integrates with the sops CLI for encryption and decryption across GPG, age, and SSH backends. - [bitwarden/android](https://awesome-repositories.com/repository/bitwarden-android.md) (8,457 ⭐) — This project is an Android password manager application that provides an end-to-end encrypted vault for storing and synchronizing login credentials, secure notes, and identities. It functions as a secure storage system using zero-knowledge encryption to ensure that only the user can decrypt their stored data. The application integrates directly with the Android system to provide an autofill service that populates usernames and passwords into mobile apps and browser login fields. It also serves as a passkey management wallet for FIDO2 cryptographic passkeys and a time-based one-time password authenticator. The project covers a broad range of security and access capabilities, including biometric vault unlocking, multi-factor authentication, and secure credential generation. It supports organizational vault management with permission-based secret sharing and integrates with corporate identity providers via single sign-on and directory services. Additional features include data breach monitoring, encrypted file attachments, and emergency account recovery mechanisms. - [nvidia/nim-deploy](https://awesome-repositories.com/repository/nvidia-nim-deploy.md) (0 ⭐) — This repo showcases different ways NVIDIA NIMs can be deployed. This repo contains reference implementations, example documents, and architecture guides that can be used as a starting point to deploy multiple NIMs and other NVIDIA microservices into Kubernetes and other production deployment… - [erikarvstedt/extra-container](https://awesome-repositories.com/repository/erikarvstedt-extra-container.md) (295 ⭐) — Run declarative NixOS containers without full system rebuilds - [dagster-io/dagster](https://awesome-repositories.com/repository/dagster-io-dagster.md) (14,974 ⭐) — Dagster is a data orchestration platform designed to manage the entire lifecycle of data assets through declarative modeling and version-controlled code. It functions as a workflow engine that treats data assets as first-class primitives, allowing teams to define, schedule, and monitor complex pipelines while maintaining clear visibility into lineage, dependencies, and data quality. The platform distinguishes itself by using a code-as-configuration framework that enables standard software engineering practices, such as unit testing and local mocking, to be applied directly to data workflows. Its architecture is built on a pluggable execution engine that decouples orchestration logic from the underlying compute, allowing tasks to run across diverse cloud-native, serverless, and containerized environments. Furthermore, it supports partition-aware scheduling, which enables incremental processing and efficient management of high-volume datasets. Beyond core orchestration, the system provides a comprehensive suite of tools for data platform management, including automated quality governance, infrastructure cost optimization, and centralized asset cataloging. It integrates with enterprise identity providers for access control and offers robust observability features, such as streaming logs and visual lineage tracking, to ensure system health and compliance. The platform supports a variety of deployment models, ranging from self-hosted and hybrid configurations to a fully managed control plane. It includes specialized utilities for migrating legacy pipelines and operationalizing interactive scripts into production-ready components. - [collabnix/dockerlabs](https://awesome-repositories.com/repository/collabnix-dockerlabs.md) (8,008 ⭐) — dockerlabs is a collection of educational labs and technical tutorials designed to teach the fundamentals of containerization and microservice architecture. It provides instructional material and hands-on exercises covering image optimization, security training, infrastructure setup, and cluster orchestration. The project features specific courses and guides focused on reducing image size through multi-stage builds, securing workloads via vulnerability scanning and encrypted networks, and deploying multi-node clusters with high availability using Swarm orchestration. The materials cover a broad range of operational capabilities, including container lifecycle management, persistent data storage, and complex networking configurations. It also includes guidance on implementing observability stacks for monitoring and logging, as well as the administration of private image registries. - [webfactory/secret-spreader](https://awesome-repositories.com/repository/webfactory-secret-spreader.md) (36 ⭐) — A tool to distribute GitHub Action secrets to a list of repositories - [badges/shields](https://awesome-repositories.com/repository/badges-shields.md) (26,811 ⭐) — Shields is a dynamic badge generator that creates visual status indicators for software projects by fetching live data from external APIs. It functions as a programmatic image renderer, converting structured data parameters into consistent, high-contrast vector graphics that can be embedded directly into markdown and web documentation via URL parameters. The project distinguishes itself by offering a self-hosted metadata server, allowing users to deploy the service behind their own firewalls to maintain full control over infrastructure and data privacy. It supports extensive customization, including the ability to define specific labels, messages, and color schemes, as well as the integration of custom logos and predefined icons to provide visual context for project metrics. The platform covers a broad capability surface for badge management, including modular data fetching, automated testing with mocked service responses, and a decoupled architecture for optional raster image conversion. It provides comprehensive tooling for developers to implement new service badges, manage server secrets, and monitor performance, ensuring consistent design standards across all generated status indicators. - [tilt-dev/tilt](https://awesome-repositories.com/repository/tilt-dev-tilt.md) (9,886 ⭐) — Tilt is a Kubernetes development orchestrator and containerized workflow manager that automates the build, deploy, and update loop for cloud-native services. It functions as an infrastructure-as-code environment, defining the entire local development setup as versioned code to synchronize local source changes with cluster deployments. The project distinguishes itself by offering live container updates, which sync files directly into running containers to bypass full image rebuilds and redeployments. It includes a cloud-native development dashboard for monitoring resource health, streaming aggregated logs, and triggering manual deployment tasks. Its broader capabilities cover microservices environment orchestration, including resource dependency management, automated image tagging, and network port-forwarding. The system also supports the execution of local scripts, custom task management, and CI deployment validation to verify that services reach a healthy state within pipelines. Configuration is supported by a plugin extension system and IDE editor support via a language server. - [geldata/gel](https://awesome-repositories.com/repository/geldata-gel.md) (14,065 ⭐) — Gel is an object-relational database system that models data as a graph of interconnected objects. By utilizing a strongly typed schema, it enables complex relational queries and polymorphic data structures without the need for traditional join tables. The system integrates native vector storage and similarity search operators, allowing it to function as both a relational and a vector database for semantic data retrieval. The platform distinguishes itself through a comprehensive suite of developer-centric automation tools. It features a declarative migration system that tracks and versions schema changes, supporting advanced workflows like schema branching and merging. To ensure application-level reliability, the database introspects its own schema to generate type-safe client libraries and query builders, providing consistent data structures across application code. Beyond core storage, the system provides extensive capabilities for data modeling, including computed properties, custom scalar types, and complex constraints. It supports versatile query execution, ranging from hierarchical nested data retrieval and atomic transactions to integrated retrieval-augmented generation workflows that connect directly to external language models. The project is managed through a command-line interface that handles the full lifecycle of database instances, including provisioning, monitoring, and automated backup restoration. It offers flexible connectivity options, supporting both native language-specific drivers and a standardized HTTP-based query protocol. - [deployphp/deployer](https://awesome-repositories.com/repository/deployphp-deployer.md) (11,077 ⭐) — Deployer is a PHP deployment tool and SSH-based deployment automator used to push applications to remote servers and automate the provisioning of hosting environments. It functions as a zero-downtime deployment manager that utilizes symbolic links to switch between application versions, ensuring continuous site availability. The system employs pre-defined deployment recipes tailored to the specific requirements of popular PHP web frameworks. This framework-specific automation allows for the execution of task sequences designed for particular software environments. The tool covers remote server provisioning, host-based target mapping, and stateful release versioning to allow for rollbacks. It includes a plugin-based extension system for integrating external monitoring and notification tools into the deployment pipeline. - [moghtech/komodo](https://awesome-repositories.com/repository/moghtech-komodo.md) (10,290 ⭐) — Komodo is a remote server orchestrator and container deployment platform. It provides a centralized interface for managing multiple remote hosts through lightweight agents, coordinating Docker Swarm and Kubernetes clusters, and automating software delivery via integrated CI/CD pipelines. The system distinguishes itself with a TypeScript-based automation engine that executes typed scripts against the system API for complex operational workflows. It supports infrastructure-as-code through TOML-based declarative configuration synchronization and provides ephemeral build infrastructure that provisions and terminates cloud instances for image compilation. The platform covers a broad range of capabilities, including container resource management, multi-tenant access control via OIDC integration, and real-time observability through server resource monitoring and system change auditing. It also features browser-based interactive terminals for both servers and containers, as well as automated database backup and migration utilities. - [fastlane/fastlane](https://awesome-repositories.com/repository/fastlane-fastlane.md) (41,703 ⭐) — fastlane is a mobile DevOps framework and release automation tool designed to coordinate the building, signing, and distribution of iOS and Android applications. It functions as a build orchestrator and distribution manager that automates the delivery of mobile apps to app stores and testing environments. The project distinguishes itself through a plugin-based extension model that allows for custom action sets and a specialized system for managing developer resources. It automates the synchronization of code signing certificates and provisioning profiles and handles secure account authentication via system keychains. The framework covers a broad range of capabilities, including the orchestration of continuous integration and delivery pipelines, automated test execution for iOS and macOS, and the management of store metadata and localized screenshots. It also provides tools for beta distribution management and compliance validation against store review rules. - [jkroepke/helm-secrets](https://awesome-repositories.com/repository/jkroepke-helm-secrets.md) (2,010 ⭐) — A helm plugin that help manage secrets with Git workflow and store them anywhere - [healthchecks/healthchecks](https://awesome-repositories.com/repository/healthchecks-healthchecks.md) (9,891 ⭐) — Healthchecks is a heartbeat monitoring service and cron job monitoring tool designed to track the execution and success of scheduled tasks and systemd timers. It functions as a dead man switch, alerting users when expected periodic signals from remote processes fail to arrive. The system accepts health signals via HTTP and SMTP, allowing it to track infrastructure heartbeats from sources ranging from CI/CD workflows to network routers. It distinguishes itself by supporting the capture of diagnostic data, including exit codes and execution logs, and by calculating the duration between start and success signals to detect hanging jobs. The platform includes a health dashboard, status badge generation, and a Prometheus-compatible metrics exporter for external observability. Alerts are routed through a multi-channel notification system including webhooks and SMS, while large request payloads can be offloaded to S3-compatible object storage. User security is managed through WebAuthn two-factor authentication and optional reverse proxy identity integration. - [containers/toolbox](https://awesome-repositories.com/repository/containers-toolbox.md) (3,250 ⭐) — Toolbox is a development workspace orchestrator and container environment manager that bootstraps mutable toolsets and SDKs inside containers. It functions as a Linux distribution sandbox and a host-integrated container runtime, allowing users to run native package managers and software without modifying the host operating system. The project differentiates itself by bridging isolated containers with the host system through the mapping of user identities, network sockets, and home directories. It utilizes a daemonless engine to provide these environments while ensuring that system configurations and credentials remain consistent between the host and the container. The system covers a broad range of capabilities including the deployment of custom container images for toolset standardization and the creation of interactive development environments. It further supports host system troubleshooting and Linux distribution testing by providing isolated command line spaces that maintain access to host hardware devices and directories. - [dagger/dagger](https://awesome-repositories.com/repository/dagger-dagger.md) (15,970 ⭐) — Dagger is a programmable CI/CD engine and containerized task runner designed to orchestrate build and test pipelines. It functions as an incremental build system that manages containers, filesystems, and secrets through a typed API to ensure consistent execution across local and cloud environments. The engine utilizes a language-agnostic client-server API to allow multi-language pipeline orchestration, enabling the sharing of typed artifacts and state across different SDKs without manual serialization. It optimizes execution through content-addressable caching and a directed acyclic graph to run only the pipeline steps affected by specific changes. The platform covers OCI container orchestration and image management, including pulling and publishing images. It provides integrated secret management, version control integration, and network service coordination with automated liveness probes. Observability is handled through telemetry-driven execution tracing and interactive shell debugging for real-time pipeline state inspection. - [kata-containers/kata-containers](https://awesome-repositories.com/repository/kata-containers-kata-containers.md) (8,106 ⭐) — Kata Containers is an OCI container runtime that launches containers inside lightweight virtual machines to combine hardware-level isolation with container operational speed. It functions as a hardware-isolated container engine and lightweight VM hypervisor, providing a virtual machine monitor interface that abstracts multiple hypervisors to optimize for performance or specific hardware emulation. The project distinguishes itself through a confidential computing runtime that leverages hardware-backed trusted execution environments, such as Intel TDX and AMD SEV-SNP, to protect data in use. It further enhances performance and security via direct-device hardware passthrough for GPUs and high-performance networking using SR-IOV and vhost-user. The runtime covers a broad range of capabilities, including guest operating system image engineering, the coordination of sandbox resources, and advanced monitoring and observability via distributed request tracing and guest console access. It also implements performance optimizations such as template-based VM cloning for accelerated boot times and memory access optimization through direct access filesystem features. The system supports cross-architecture execution across x86, ARM, Power, and IBM Z hardware, with configuration managed through TOML files. - [joho/godotenv](https://awesome-repositories.com/repository/joho-godotenv.md) (10,483 ⭐) — godotenv is a Go library designed to load, parse, and serialize environment configuration files. It provides tools to extract configuration data from files into maps and inject those key-value pairs directly into the system environment of a Go application process. The project includes a configuration file serializer for exporting environment variable maps back into formatted files and a parser for extracting data without modifying the system environment. It supports injecting variables from strings or files into the process environment using priority-based overloading and overwriting. The library covers general environment variable management and application configuration, including utilities for secret management workflows and local development setup. It also provides capabilities for shell command wrapping to execute external processes with a merged set of environment variables. - [esphome/esphome](https://awesome-repositories.com/repository/esphome-esphome.md) (10,591 ⭐) — ESPHome is a framework for creating and managing custom firmware for microcontrollers, specifically targeting ESP32 and ESP8266 architectures. It replaces the need for writing complex embedded C++ code by allowing users to define hardware behavior, pin configurations, and automation logic through simple, declarative text files. The system automatically compiles these configurations into optimized binary images, providing a streamlined path from design to deployment. The project distinguishes itself through a modular, component-based architecture that emphasizes local-first control, ensuring that devices operate independently of external cloud services. It includes a comprehensive suite of tools for fleet management, enabling users to coordinate firmware updates and monitor multiple hardware nodes wirelessly. By utilizing a unified hardware abstraction layer, it allows for the integration of diverse sensors, displays, and appliances across a wide range of hardware models. Beyond core firmware generation, the platform provides extensive observability and security features. It includes built-in support for real-time log streaming, resource usage analysis, and secure device provisioning, alongside robust mechanisms for credential isolation and encrypted communication. Users can manage their devices through a local web-based dashboard or command-line utilities, facilitating remote configuration and debugging without requiring physical access to the hardware. - [mazen160/secrets-patterns-db](https://awesome-repositories.com/repository/mazen160-secrets-patterns-db.md) (0 ⭐) — The largest open-source database for detecting secrets, API keys, passwords, tokens, and more. Use secrets-patterns-db to feed your secret scanning engine with regex patterns for identifying secrets. - [assertible/deployments](https://awesome-repositories.com/repository/assertible-deployments.md) (13 ⭐) — Configurations for GitHub post-deployment testing with Assertible via CI - [j3ssie/osmedeus](https://awesome-repositories.com/repository/j3ssie-osmedeus.md) (6,425 ⭐) — Osmedeus is an LLM security orchestration engine and AI agent framework designed to automate security workflows. It functions as a declarative workflow automator that uses YAML definitions to coordinate AI agents, shell commands, and distributed scanning tools through a directed acyclic graph. The system distinguishes itself by deploying autonomous AI agents that use tool-calling loops and conversation memory to plan and execute complex analysis tasks. It features a specialized Agent Communication Protocol to delegate tasks to external AI binaries and supports recursive sub-agent orchestration for delegated task handling. The platform covers a broad range of capabilities, including distributed security scanning across cloud infrastructure and the management of large-scale attack surface discovery. It incorporates a hybrid runner model to execute tasks across local shells, Docker containers, and remote SSH hosts, while persisting artifacts in S3-compatible storage and tracking findings in a centralized database. The engine can be embedded as a Go library or managed via a REST API and web interface. - [activepieces/activepieces](https://awesome-repositories.com/repository/activepieces-activepieces.md) (20,887 ⭐) — Activepieces is an open-source, self-hosted workflow automation platform designed to connect third-party applications through modular triggers and actions. It provides a low-code integration framework that allows users to build, manage, and execute complex business logic sequences within isolated, sandboxed environments. The platform distinguishes itself through its focus on embeddability and enterprise-grade security. It features an embedded automation builder that can be integrated into external applications via iframes, supported by comprehensive identity and access management tools such as single sign-on, SCIM provisioning, and granular role-based access control. These capabilities allow organizations to maintain programmatic control over their automation infrastructure while ensuring secure user provisioning and centralized credential management. Beyond its core automation engine, the system includes robust lifecycle management tools for versioning, deploying, and promoting workflows across different environments. It supports advanced operational requirements through distributed worker scaling, event queuing, and detailed observability features, including execution history inspection and telemetry exports. Developers can extend the platform by creating custom connectors using TypeScript, which can be validated, packaged, and synchronized with version control systems. The project is built with TypeScript and provides a comprehensive CLI for managing database migrations, integration testing, and infrastructure provisioning. - [coder/code-server](https://awesome-repositories.com/repository/coder-code-server.md) (78,024 ⭐) — This project provides a remote development platform that enables users to access a full-featured integrated development environment through a standard web browser. By decoupling the user interface from the server-side filesystem, it allows for persistent coding workspaces to be hosted on remote servers, virtual machines, or cloud-native infrastructure, ensuring a consistent development experience from any device. The platform distinguishes itself through a secure gateway architecture that manages traffic, authentication, and encryption at the edge. It utilizes persistent WebSocket connections to synchronize editor state and terminal input-output between the remote server and the browser. Furthermore, it includes built-in service proxying capabilities that allow developers to expose locally running web applications via secure subdomains or subpaths, complete with integrated identity verification and traffic management. To support diverse infrastructure requirements, the system offers flexible deployment options including containerized environments and automated provisioning workflows. It maintains state continuity through filesystem-mounted persistence, ensuring that configurations and project data remain intact across restarts. The platform also enforces network security by managing TLS certificates for HTTPS traffic and providing integration layers for external authentication providers. Installation is supported across various host architectures through shell scripts, package managers, or standalone archives, with built-in utilities for managing the application lifecycle. - [nscala-time/nscala-time](https://awesome-repositories.com/repository/nscala-time-nscala-time.md) (866 ⭐) — A new Scala wrapper for Joda Time based on scala-time - [k4yt3x/video2x](https://awesome-repositories.com/repository/k4yt3x-video2x.md) (18,754 ⭐) — Video2x is a modular processing framework designed for AI-enhanced video upscaling and frame rate conversion. It functions as a comprehensive toolset for increasing the resolution and visual clarity of media files while generating intermediate frames to improve motion smoothness. The system is built to handle intensive media transformation tasks by leveraging hardware acceleration and custom encoding pipelines. The project distinguishes itself through a plugin-based architecture that allows for the integration of custom machine learning models and specialized algorithms. It utilizes a modular driver-based approach to decouple enhancement logic from hardware backends, enabling execution across various graphics processing units. To maintain performance during complex multi-stage transformations, the system employs in-memory frame buffering to minimize disk input and output operations. The software supports a range of deployment strategies, including containerized environments for consistent performance and portability, as well as standard desktop installations. Users can manage these processes through a structured command-line interface, which facilitates automation and integration into larger media production workflows. The platform also provides programmatic interfaces for embedding its enhancement capabilities directly into external applications. - [clj-time/clj-time](https://awesome-repositories.com/repository/clj-time-clj-time.md) (737 ⭐) — A date and time library for Clojure, wrapping the Joda Time library. - [bregman-arie/devops-exercises](https://awesome-repositories.com/repository/bregman-arie-devops-exercises.md) (82,879 ⭐) — This project is a comprehensive educational curriculum designed to build proficiency across modern infrastructure, cloud-native technologies, and systems administration. It functions as a reference library and interview preparation resource, offering a structured collection of conceptual questions, practical coding challenges, and hands-on scenarios that cover the full spectrum of software delivery and operational workflows. The repository distinguishes itself through a modular, domain-specific structure that links instructional problem statements with verified implementation examples. By employing a standardized documentation schema, it provides a predictable learning path for mastering complex technical concepts, ranging from infrastructure-as-code patterns and container orchestration to cloud platform administration and security best practices. The content spans a wide array of technical domains, including automated configuration management, distributed system monitoring, database operations, and version control. It provides deep dives into specific tooling for cloud provisioning, container networking, and service deployment, ensuring that learners can validate their technical skills through isolated, practical exercises. All instructional materials are organized into a unified taxonomy of markdown-based documents, allowing users to navigate and study specific technical topics at their own pace. - [balena-io/etcher](https://awesome-repositories.com/repository/balena-io-etcher.md) (33,872 ⭐) — Etcher is a cross-platform utility designed for creating bootable media by flashing raw disk images onto USB drives and SD cards. It functions as a desktop application that provides a graphical interface for low-level storage device management, ensuring data integrity through built-in validation during the writing process. The application utilizes a unified interface layer to map high-level commands to native system utilities, allowing it to operate consistently across different operating systems. It employs a stream-based data pipeline to pipe image contents directly to storage media, which minimizes memory usage during large write operations. To maintain system security, the tool delegates administrative disk access tasks to a background process. Beyond image deployment, the software includes capabilities for storage device maintenance, such as clearing partition tables and reformatting corrupted or unusable drives. It is distributed through various native package managers and community repositories across Windows, macOS, and Linux environments.