# Secret Management > Search results for `secret management` on awesome-repositories.com. 106 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/secret-management **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/secret-management).** ## Results - [cert-manager/cert-manager](https://awesome-repositories.com/repository/cert-manager-cert-manager.md) (13,578 ⭐) — This project is a Kubernetes controller that automates the issuance, renewal, and lifecycle management of TLS certificates. It functions as a native extension to the cluster API, using custom resource definitions and reconciliation loops to maintain the desired state of certificates and trust bundles across distributed services. By integrating directly with the cluster's admission control and secret storage systems, it ensures that cryptographic identities are consistently provisioned and available for application workloads. The project distinguishes itself through its extensive support for automated domain validation and multi-provider integration. It orchestrates complex challenge processes—including those for private or split-horizon networks—to prove domain ownership without manual intervention. Beyond standard certificate management, it provides granular policy enforcement, allowing administrators to restrict issuance permissions, delegate certificate requests to specific service accounts, and enforce security requirements through custom metadata and issuer configurations. The platform covers a broad capability surface for securing network traffic and service communication. It supports diverse issuance workflows, ranging from public certificate authorities and ACME-based automation to private internal PKI infrastructures. The system also includes robust observability tools, such as operational metrics and status inspection, alongside administrative features for managing resource configurations, performing API migrations, and scaling controller components for high-availability environments. Installation and management are facilitated through standard cluster deployment workflows, with comprehensive command-line tools available for troubleshooting, configuration export, and lifecycle verification. - [infisical/infisical](https://awesome-repositories.com/repository/infisical-infisical.md) (27,374 ⭐) — Infisical is a centralized secrets management platform designed to store, synchronize, and control access to sensitive credentials and configuration data across distributed development, staging, and production environments. It employs client-side encryption to ensure that secrets remain unreadable to the underlying storage infrastructure, while providing a hierarchical permission model to govern both user and machine access. The platform distinguishes itself through dynamic credential provisioning, which generates short-lived access tokens that are automatically revoked after use. It supports complex security workflows by integrating with external identity providers for federated authentication and offering a reverse tunneling gateway that allows secure access to private network resources without exposing inbound ports. Additionally, the system includes an event-driven audit engine that maintains an immutable record of all configuration changes and access requests to support compliance requirements. Beyond core secret storage, the platform provides comprehensive orchestration capabilities, including automated secret injection into containerized environments and infrastructure pipelines. It also features integrated public key infrastructure management for the lifecycle of digital certificates and automated scanning to detect hardcoded secrets in source code and CI pipelines. The platform supports flexible deployment models, allowing teams to either utilize managed cloud services or self-host the infrastructure within their own private networks. It provides a broad ecosystem of SDKs and a command-line interface to facilitate integration across various programming languages and deployment workflows. - [kestra-io/kestra](https://awesome-repositories.com/repository/kestra-io-kestra.md) (27,073 ⭐) — Kestra is a declarative workflow orchestrator designed to manage complex task dependencies and automated processes through versioned configuration files. It functions as a distributed platform that decouples task scheduling from execution by offloading computational workloads to a fleet of worker nodes. The system uses a reactive, event-driven engine to initiate workflows automatically in response to external signals, webhooks, schedules, or file system changes. The platform distinguishes itself through a modular plugin architecture that allows for the integration of custom tasks and external services. It provides an AI-native development environment that incorporates language models to generate, refine, and execute automation logic using natural language prompts. To support diverse operational needs, Kestra implements a multi-tenant execution model that isolates resources, data, and access controls for different teams within a single shared instance. The system covers a broad range of operational capabilities, including robust state management, granular role-based access control, and comprehensive system auditing. It offers extensive tools for workflow logic, such as conditional branching, parallel task execution, and iterative processing, alongside built-in resilience features like automated retries and failure policies. Users can manage these configurations through a centralized interface that supports visual editing and real-time monitoring of execution status. - [openfaas/faas](https://awesome-repositories.com/repository/openfaas-faas.md) (26,092 ⭐) — OpenFaaS is a serverless function platform that provides a container-native framework for deploying and managing event-driven code. It functions as an abstraction layer over container orchestrators, allowing developers to package code into scalable functions that run across Kubernetes clusters or edge computing environments. The platform distinguishes itself through a developer-centric runtime that utilizes standardized language templates and automated build pipelines to simplify the creation of container images. It features a central API gateway that manages request routing, authentication, and metrics, while a sidecar-based watchdog process handles the translation of HTTP requests into standard input and output for function code. To support complex workflows, the system includes an asynchronous queue-based execution layer that buffers requests for long-running tasks and provides reliable retries. The project covers a broad capability surface, including event-driven integration through connectors for various message queues and external sources, as well as comprehensive tooling for CLI-based management, secret handling, and CI/CD pipeline integration. It also supports advanced operational requirements such as autoscaling, fine-grained monitoring, and identity management through various single sign-on providers. The platform is designed for deployment on Kubernetes, including managed services and local environments, and provides extensive documentation and tutorials to guide users through the installation and development lifecycle. - [bitwarden/clients](https://awesome-repositories.com/repository/bitwarden-clients.md) (12,269 ⭐) — This project is a comprehensive zero-knowledge security suite designed for enterprise credential management, secrets orchestration, and password management. It provides a secure, end-to-end encrypted vault that allows users to store, synchronize, and manage sensitive information, including passwords, passkeys, and infrastructure secrets, across desktop, mobile, and browser environments. The platform distinguishes itself through a strict zero-knowledge architecture where all encryption and decryption occur locally on the client, ensuring that plaintext data remains inaccessible to the server. It supports flexible deployment models, allowing organizations to choose between managed cloud services or self-hosted infrastructure to meet specific data sovereignty and compliance requirements. Furthermore, the system integrates with external identity providers to streamline user provisioning and authentication, while offering advanced administrative controls for policy enforcement and security auditing. Beyond core storage, the platform provides extensive tools for DevOps and automated workflows, including command-line interfaces for secret injection and programmatic SDKs for custom integrations. It also includes robust collaboration features for secure data sharing, team resource management, and credential health monitoring to help organizations maintain a strong security posture. - [awslabs/git-secrets](https://awesome-repositories.com/repository/awslabs-git-secrets.md) (13,177 ⭐) — Git-secrets is a security utility designed to prevent the accidental exposure of sensitive credentials by integrating automated scanning directly into the version control commit lifecycle. It functions as a commit scanner that evaluates staged files and commit messages against defined security policies before changes are finalized in a repository. The tool utilizes regular expression pattern matching to identify potential secrets and supports the registration of custom patterns to address specific organizational security requirements. To manage operational friction, it includes mechanisms for false-positive filtering through allowlists and provides options to bypass validation for specific commits when necessary. Beyond real-time interception, the software supports retrospective security analysis by performing linear history traversals to audit entire project timelines for previously committed sensitive data. It also offers extensibility by allowing the delegation of validation logic to external scripts or binaries, enabling integration with dynamic secret checking workflows. - [getsops/sops](https://awesome-repositories.com/repository/getsops-sops.md) (22,111 ⭐) — This tool is a command-line utility designed to manage sensitive data by encrypting specific values within structured files such as YAML or JSON. By protecting only the sensitive portions of a file while leaving the structure intact, it ensures that configuration files remain readable for version control systems and automated workflows. The utility provides a secure development workflow by transparently decrypting files into memory for editing and automatically re-encrypting them upon saving, which prevents plaintext secrets from being written to the local disk. It supports a variety of encryption methods, including PGP, age, and integration with cloud-based key management services, allowing teams to choose between local offline security and managed infrastructure providers. Beyond file-level protection, the tool automates the injection of decrypted secrets directly into the environment of child processes. It uses path-based configuration matching to apply consistent security policies across a project, ensuring that encryption parameters and key selection remain uniform throughout the development lifecycle. - [goldbergyoni/nodebestpractices](https://awesome-repositories.com/repository/goldbergyoni-nodebestpractices.md) (105,330 ⭐) — This project provides a comprehensive collection of industry-standard guidelines for developing, testing, and deploying Node.js applications. It covers the entire software lifecycle, offering actionable advice on code style, architectural patterns, and security measures to ensure maintainability and consistency across large-scale codebases. The documentation details strategies for robust error management, containerization, and production readiness. It addresses operational requirements such as observability, scalability, and infrastructure configuration, while providing specific methodologies for validating software quality through automated testing and dependency management. - [duplicati/duplicati](https://awesome-repositories.com/repository/duplicati-duplicati.md) (14,283 ⭐) — Duplicati is a self-hosted backup server designed to perform encrypted, incremental, and compressed backups to a wide range of local, network, and cloud-based storage providers. It functions as a background service that automates recurring data protection tasks, ensuring that only changed data blocks are stored to maximize efficiency and minimize bandwidth usage. The project distinguishes itself through a centralized management console that allows for the orchestration of multiple distributed backup agents from a single web-based dashboard. It supports multi-tenant management, enabling the organization of users and resources into hierarchical structures for delegated access and data isolation. Furthermore, it provides robust security features, including AES-256 encryption for data at rest, support for OIDC and SAML2 authentication, and provider-level immutability protections to prevent unauthorized modification of backup archives. Beyond its core backup capabilities, the system includes comprehensive tools for data lifecycle management, such as automated retention policies, versioning, and integrity verification. It offers flexible configuration through both a graphical interface and a command-line utility, supporting automation scripting and dry-run simulations to verify workflows before execution. The software also handles complex environments by managing locked files and providing metadata indexing to ensure rapid restoration even if the primary configuration database is unavailable. Duplicati is available through various installation formats, including native system packages, portable archives, and containerized deployments, allowing it to run in diverse operating environments. - [encoredev/encore](https://awesome-repositories.com/repository/encoredev-encore.md) (12,049 ⭐) — Encore is a distributed systems framework designed to unify backend development, infrastructure provisioning, and observability. It functions as an infrastructure-as-code platform that allows developers to define cloud resources, databases, and messaging topics directly within their application code. By analyzing these declarations at compile-time, the system automatically manages the deployment of cloud resources and security policies, ensuring parity between local development and production environments. The platform distinguishes itself through its integrated development experience, which includes a local workspace that mirrors production infrastructure to facilitate testing and debugging. It provides automated AI-assisted development tools that leverage application metadata and runtime telemetry to aid in code generation and performance analysis. Furthermore, the framework enforces architectural standards and automates the creation of ephemeral, production-like environments for every pull request, streamlining the validation process before deployment. Beyond its core orchestration capabilities, the framework includes a comprehensive suite for building type-safe APIs and event-driven services. It handles the complexities of service communication, including automated client library generation, request validation, and distributed tracing instrumentation. The system also incorporates robust security primitives, such as identity token validation, secret management, and automated traffic control, to support the development of secure, scalable backend architectures. - [say8425/aws-secrets-manager-actions](https://awesome-repositories.com/repository/say8425-aws-secrets-manager-actions.md) (64 ⭐) — 🔒 GitHub Action for AWS Secrets Manager - [searxng/searxng](https://awesome-repositories.com/repository/searxng-searxng.md) (32,180 ⭐) — This project is a privacy-focused, self-hosted metasearch engine that aggregates results from a wide array of web, academic, and media sources into a single, unified interface. By acting as a proxy between the user and external search providers, it strips identifying headers and tracking parameters from requests, ensuring that search activity remains anonymous and protected from third-party profiling. The platform distinguishes itself through a modular, plugin-based architecture that allows for extensive customization of search behavior, result filtering, and interface branding. It supports advanced privacy features such as routing traffic through the Tor network and proxying external assets like images and favicons to prevent IP address leakage. Users can manage their own instances, configuring search engines, language preferences, and security policies to suit specific deployment needs. The service includes a comprehensive suite of tools for managing search aggregation, including sliding-window rate limiting to prevent abuse and persistent key-value caching to improve response latency. It supports diverse content types, rendering specialized results for academic papers, media, and structured data, while providing administrative APIs for programmatic control over instance settings and engine availability. The software is designed for flexible deployment, supporting containerized environments and providing automated scripts for installation and maintenance. Detailed documentation and configuration files allow for granular control over the search experience, from defining custom search shortcuts to enforcing strict access controls on specific engines. - [jkroepke/helm-secrets](https://awesome-repositories.com/repository/jkroepke-helm-secrets.md) (2,010 ⭐) — A helm plugin that help manage secrets with Git workflow and store them anywhere - [webfactory/secret-spreader](https://awesome-repositories.com/repository/webfactory-secret-spreader.md) (36 ⭐) — A tool to distribute GitHub Action secrets to a list of repositories - [bitwarden/server](https://awesome-repositories.com/repository/bitwarden-server.md) (18,074 ⭐) — This project provides a comprehensive, self-hosted platform for zero-knowledge credential management and enterprise secrets orchestration. It functions as a secure vault that ensures all encryption and decryption processes occur exclusively on the client side, preventing the server from ever accessing plaintext data. By combining identity federation with robust access controls, the system enables organizations to centralize the management of passwords, passkeys, and sensitive infrastructure credentials. The platform distinguishes itself through its focus on both human-centric security and automated machine-to-machine workflows. It supports advanced authentication methods including hardware security keys, passkeys, and biometric unlocking, while simultaneously offering programmatic interfaces for injecting secrets directly into development pipelines and automated infrastructure deployments. This dual-purpose design allows teams to maintain strict data sovereignty through local hosting and containerized deployments while enforcing granular governance across their entire user base. Beyond core storage, the system includes extensive observability and compliance tools, such as immutable audit logging, credential risk analysis, and integration with external security information and event management platforms. It also facilitates secure collaboration through encrypted information sharing, emergency access delegation, and automated identity provisioning. The software is designed for flexible deployment across diverse infrastructure environments and includes command-line utilities for administrative tasks, bulk data migration, and secret retrieval. - [nodejs/node](https://awesome-repositories.com/repository/nodejs-node.md) (117,809 ⭐) — This project is an open-source JavaScript runtime built on the V8 engine. It provides a comprehensive environment for executing JavaScript code outside of a web browser, offering foundational primitives for process management, multi-core load distribution, and parallel execution through worker threads. The runtime includes a broad set of built-in modules for system-level operations, such as file system interaction, network communication across various protocols, and cryptographic security. It supports multiple module systems, native binary addon integration, and diagnostic tools for monitoring application performance and health. Developers can utilize built-in utilities for testing, debugging, and internationalization, as well as native support for executing TypeScript and WebAssembly. The project is distributed as a standalone runtime, with capabilities for bundling scripts into single executable files. - [duo-labs/secret-bridge](https://awesome-repositories.com/repository/duo-labs-secret-bridge.md) (206 ⭐) — Monitors Github for leaked secrets - [mobile-dev-inc/maestro](https://awesome-repositories.com/repository/mobile-dev-inc-maestro.md) (10,788 ⭐) — Maestro is a declarative mobile and web UI automation framework designed for end-to-end testing. It operates by querying the native accessibility tree of an application, allowing for black-box testing without requiring source code instrumentation or platform-specific dependencies. The framework distinguishes itself through a unified command syntax that abstracts interactions across Android, iOS, and web environments. It features a dynamic synchronization engine that automatically pauses test execution to account for non-deterministic animations and network-dependent content loading, ensuring stability without manual delays. Additionally, it provides system-level device orchestration, enabling the simulation of real-world conditions such as permission handling, geolocation, and media storage manipulation. Maestro supports complex test scenarios through modular, reusable flows and an integrated scripting engine that allows for conditional logic, branching, and dynamic data generation. It includes built-in capabilities for visual regression testing, AI-driven verification, and seamless integration into continuous integration and deployment pipelines. The project is configured via human-readable configuration files and provides a command-line interface for managing test execution, environment settings, and reporting across distributed infrastructure. - [twpayne/chezmoi](https://awesome-repositories.com/repository/twpayne-chezmoi.md) (18,075 ⭐) — chezmoi is a command-line utility designed to manage and synchronize system configuration files across multiple machines. It uses a local Git repository as the single source of truth, allowing users to track, version, and distribute dotfiles while maintaining a consistent state across diverse operating systems and hardware architectures. The project distinguishes itself through a declarative reconciliation model that computes the difference between the current filesystem and the desired state defined in the repository. It features a robust templating engine that processes configuration files as dynamic templates, enabling the injection of machine-specific data, environment variables, and system metadata. To maintain security, it includes a transparent encryption layer and integrates directly with third-party password managers and key vaults, allowing sensitive credentials to be retrieved at runtime rather than stored in plain text. Beyond core synchronization, the tool provides extensive automation capabilities for environment provisioning and lifecycle management. It supports custom hook-based scripts that execute before or after configuration operations, facilitating automated dependency installation and system-level setup. The platform also handles complex file management tasks, including symbolic link creation, external dependency fetching, and the ability to manage configurations within ephemeral container environments. The project is distributed as a standalone binary, providing a comprehensive command-line interface for auditing configuration drift, previewing changes, and bootstrapping new environments. - [dokploy/dokploy](https://awesome-repositories.com/repository/dokploy-dokploy.md) (34,901 ⭐) — Dokploy is a self-hosted platform-as-a-service designed to simplify the deployment and management of containerized applications and databases. It provides a centralized control plane that decouples administrative management from application workloads, allowing users to oversee infrastructure across multiple server nodes through a unified web interface or a command-line tool. The platform distinguishes itself through an extensive library of pre-configured application templates, enabling the rapid deployment of databases, identity providers, and various productivity or development tools. It supports complex orchestration by allowing users to define multi-container services using standard configuration files, which can be managed through automated build pipelines, Git integration, and real-time performance monitoring. Beyond core deployment, the system includes robust infrastructure management capabilities such as automated backups to external object storage, horizontal and vertical scaling, and granular access control. It also provides secure configuration management, including environment variable synchronization, HTTPS certificate handling, and zero-downtime deployment strategies to ensure application stability and security. The platform is designed for ease of use, offering an interactive API documentation interface and instructional resources to guide users through installation and configuration. It supports a wide range of modern web frameworks and runtimes, providing a flexible environment for hosting and maintaining services on private server hardware. - [deepset-ai/haystack](https://awesome-repositories.com/repository/deepset-ai-haystack.md) (24,253 ⭐) — Haystack is an orchestration framework designed for building complex search and generative AI pipelines. It functions as an agentic workflow engine, enabling the construction of automated sequences that allow AI agents to perform multi-step reasoning and data analysis. The framework utilizes a modular, component-based architecture that connects processing steps into directed acyclic graphs. By employing a provider-agnostic integration layer, it decouples core logic from specific external AI services and vector databases, allowing for the flexible exchange of underlying technologies. This design supports the development of custom retrieval systems that provide context-aware answers from large datasets. Beyond text-based retrieval, the platform includes tools for multimodal data processing and indexing. It normalizes diverse media formats, including images and audio, into a unified representation to ensure consistent analysis across different types of content. The system also incorporates observability hooks to monitor state changes during the execution of complex workflows. - [lk-geimfari/secrets.clj](https://awesome-repositories.com/repository/lk-geimfari-secrets-clj.md) (98 ⭐) — A library designed to generate cryptographically strong random numbers suitable for managing data such as passwords, account authentication, security tokens, and related secrets. - [spider-gazelle/secrets-env](https://awesome-repositories.com/repository/spider-gazelle-secrets-env.md) (6 ⭐) — Extension to the crystal lang ENV module to support reading secrets - [livekit/livekit](https://awesome-repositories.com/repository/livekit-livekit.md) (17,147 ⭐) — LiveKit is a comprehensive framework for building and orchestrating real-time, multimodal AI agents that interact with users through voice, video, and text. It provides a centralized, event-driven architecture to manage the entire lifecycle of automated participants, from initialization and session state management to graceful shutdown. By utilizing a selective forwarding unit, the platform efficiently routes media streams between participants and agents, ensuring low-latency communication and secure, token-based authentication for all connections. The platform distinguishes itself through its modular pipeline-based media processing, which chains specialized speech-to-text, language, and text-to-speech services into cohesive workflows. It includes advanced capabilities for real-time voice activity detection, enabling natural turn-taking and interruption handling, alongside remote procedure call tooling that allows agents to execute external functions or access local resources during a conversation. Developers can further extend these interactions by integrating photorealistic virtual avatars that synchronize visual expressions with the agent's audio output. Beyond core conversational logic, the system offers extensive support for telephony integration, allowing agents to connect to public networks via SIP for inbound and outbound calling. It provides a robust suite of observability and monitoring tools to track agent performance, connection quality, and session events, ensuring reliability in production environments. The platform also includes specialized utilities for task automation, such as capturing and validating structured user data, and supports multi-step workflow orchestration to handle complex, context-aware interactions. The project provides a command-line interface for scaffolding, deploying, and testing agent applications, with documentation available in machine-readable formats to assist in development. - [zhayujie/chatgpt-on-wechat](https://awesome-repositories.com/repository/zhayujie-chatgpt-on-wechat.md) (45,353 ⭐) — This project is an autonomous agent framework designed to integrate large language models with popular messaging platforms. It functions as a middleware platform that enables automated, multimodal interactions by decomposing complex user goals into sequential plans, executing them through external tools, and maintaining persistent context across sessions. The framework distinguishes itself through a modular skill architecture and a hybrid memory system. Users can extend system capabilities by installing custom logic modules from community hubs or generating them through natural language. The memory system combines vector-based similarity search with traditional keyword indexing to retrieve relevant historical context, while a dedicated web console allows for the management of these memory files, system logs, and active messaging channels. The system supports a broad range of operational capabilities, including model-agnostic task routing, automated knowledge organization, and real-time reasoning visualization. It provides comprehensive administrative control through both terminal-based commands and slash-prefixed chat inputs, allowing for the management of runtime configurations, skill installations, and background processes. The project is configured via centralized files and provides secure storage for API keys and environment secrets. It is designed for deployment as a persistent service, with support for cross-platform messaging and automated task scheduling. - [blakeblackshear/frigate](https://awesome-repositories.com/repository/blakeblackshear-frigate.md) (33,778 ⭐) — Frigate is a self-hosted network video recorder that functions as a private, local AI-powered vision engine. It manages video streams by performing real-time object detection, tracking, and classification directly on local hardware, ensuring that security monitoring and activity recording remain independent of cloud services. The system distinguishes itself through a modular, hardware-accelerated video pipeline that offloads intensive decoding and machine learning inference to dedicated GPUs, NPUs, or specialized accelerators like Coral TPUs and Hailo modules. It utilizes state-based object tracking to maintain persistent identity and spatial coordinates for detected objects, enabling advanced behavioral analysis such as loitering detection and speed estimation. Users can further refine these capabilities through semantic search, which allows for text-to-image and image-to-image similarity queries across recorded footage. Beyond core detection, the platform provides comprehensive tools for spatial configuration, including declarative geometric masks and zone-based filtering to minimize false positives. It supports low-latency, peer-to-peer streaming for live viewing and integrates with smart home ecosystems to bridge camera feeds and event notifications. The system also includes specialized features for face recognition, license plate detection, and audio event analysis, all managed through a secure, token-authenticated API. The software is designed for containerized deployment, utilizing environment variables for configuration and standard protocols for certificate management and performance metric exposure. - [activepieces/activepieces](https://awesome-repositories.com/repository/activepieces-activepieces.md) (20,887 ⭐) — Activepieces is an open-source, self-hosted workflow automation platform designed to connect third-party applications through modular triggers and actions. It provides a low-code integration framework that allows users to build, manage, and execute complex business logic sequences within isolated, sandboxed environments. The platform distinguishes itself through its focus on embeddability and enterprise-grade security. It features an embedded automation builder that can be integrated into external applications via iframes, supported by comprehensive identity and access management tools such as single sign-on, SCIM provisioning, and granular role-based access control. These capabilities allow organizations to maintain programmatic control over their automation infrastructure while ensuring secure user provisioning and centralized credential management. Beyond its core automation engine, the system includes robust lifecycle management tools for versioning, deploying, and promoting workflows across different environments. It supports advanced operational requirements through distributed worker scaling, event queuing, and detailed observability features, including execution history inspection and telemetry exports. Developers can extend the platform by creating custom connectors using TypeScript, which can be validated, packaged, and synchronized with version control systems. The project is built with TypeScript and provides a comprehensive CLI for managing database migrations, integration testing, and infrastructure provisioning. - [external-secrets/kubernetes-external-secrets](https://awesome-repositories.com/repository/external-secrets-kubernetes-external-secrets.md) (0 ⭐) - [openhands/openhands](https://awesome-repositories.com/repository/openhands-openhands.md) (77,330 ⭐) — OpenHands is an autonomous agent framework designed for software engineering workflows. It provides a modular platform for orchestrating AI agents that reason, plan, and execute tasks within isolated, containerized development environments. By integrating with standard version control and development tools, the system enables agents to autonomously navigate codebases, implement features, and resolve issues through iterative reasoning and tool execution. The platform distinguishes itself through a model-agnostic orchestrator that connects diverse language models to a unified tool registry. It supports complex, multi-agent collaboration via hierarchical task delegation, allowing parent agents to spawn and manage independent sub-agents for parallelized workflows. Security is managed through configurable action approval policies and real-time risk evaluation, ensuring that autonomous operations remain within defined safety boundaries. The system covers a broad capability surface including persistent conversation state management, automated code review, and web research automation. It features an event-driven architecture that serializes interactions into immutable logs, facilitating observability and time-travel debugging. Developers can extend agent functionality through custom skill definitions, plugin packages, and integration with external services via standardized protocols. The project provides a command-line interface for managing agent sessions, remote server deployments, and containerized workspace lifecycles. It is designed for extensibility, allowing users to configure agent behavior through structured objects, markdown-based definitions, and environment-specific settings. - [containrrr/watchtower](https://awesome-repositories.com/repository/containrrr-watchtower.md) (24,512 ⭐) — Watchtower is a container-based solution designed to automate the lifecycle management of Docker applications. It functions as a background service that monitors running containers, detects when new base image versions are available in registries, and automatically redeploys the containers to ensure they remain synchronized with the latest builds. The project distinguishes itself through its ability to orchestrate complex deployment workflows and maintain service availability during updates. It interacts directly with the container runtime to manage service dependencies and restart sequences, ensuring that dependent containers are handled in the correct order. Users can further customize the update process by defining lifecycle hooks that execute shell commands before or after a container is replaced, allowing for tailored initialization and cleanup tasks. Beyond automated updates, the tool provides extensive infrastructure observability and flexible management options. It supports event-driven updates via HTTP webhooks, declarative filtering to target specific containers, and secure remote management through encrypted communication and private registry authentication. Operational statistics can be exported to external monitoring systems, and the service can be configured to run in a passive observation mode to track image changes without performing automated redeployments. - [google/secrets-sync-action](https://awesome-repositories.com/repository/google-secrets-sync-action.md) (334 ⭐) — A Github Action that can sync secrets from one repository to many others. - [sparkyrider/chrome-secret-menus](https://awesome-repositories.com/repository/sparkyrider-chrome-secret-menus.md) (69 ⭐) — List of secret menus inside Google Chrome and Chromium based browsers. Updated October 2025 - [jotasixto/purge-history-secrets](https://awesome-repositories.com/repository/jotasixto-purge-history-secrets.md) (4 ⭐) — This zsh plugin helps ensure that secrets do not persist in your zsh history - [keploy/keploy](https://awesome-repositories.com/repository/keploy-keploy.md) (17,622 ⭐) — Keploy is an automated testing platform that leverages kernel-level traffic interception to generate and maintain regression test suites for microservices. By capturing live network traffic and system calls via eBPF, the platform automatically creates deterministic test cases and mocks external dependencies without requiring manual code instrumentation. This approach allows developers to validate application behavior and API contracts by replaying production-like traffic in isolated environments. The platform distinguishes itself through its use of machine learning to perform test maintenance, including self-healing for brittle tests and the dynamic masking of volatile data like timestamps. It provides comprehensive service virtualization, automatically generating mocks for databases, message queues, and third-party APIs to ensure that tests remain consistent and reproducible across different development and staging environments. Beyond core regression testing, the system integrates directly into CI/CD pipelines to enforce quality gates, blocking deployments that exhibit schema drift, performance regressions, or coverage gaps. It also includes observability tools that surface actionable insights, such as API reliability metrics and schema coverage analysis, to help teams identify and prioritize potential issues within their distributed systems. - [anshumanbh/git-all-secrets](https://awesome-repositories.com/repository/anshumanbh-git-all-secrets.md) (1,141 ⭐) — A tool to capture all the git secrets by leveraging multiple open source git searching tools - [helm/helm](https://awesome-repositories.com/repository/helm-helm.md) (29,881 ⭐) — Helm is a package manager for Kubernetes that simplifies the deployment and management of multi-component applications. It functions as a template rendering engine and release coordinator, allowing users to bundle, version, and deploy software as standardized packages. By maintaining a persistent metadata layer within the cluster, it tracks release history and manages the full lifecycle of applications, including installations, upgrades, and rollbacks. What distinguishes Helm is its ability to handle complex application hierarchies through automated dependency resolution and the composition of umbrella charts. It provides robust security through cryptographic provenance verification, ensuring package integrity via digital signatures and hashes. Furthermore, it leverages standard container image registries for artifact distribution and utilizes server-side logic to resolve configuration conflicts during concurrent infrastructure updates. The project offers a comprehensive suite of tools for infrastructure management, including lifecycle hooks for custom automation, readiness testing, and advanced deployment strategies. It supports a highly extensible plugin architecture and provides developer utilities such as package inspection and repository management. Users can define reusable configuration logic through a sophisticated templating framework that supports dynamic data injection, flow control, and global value management. Helm is distributed as a command-line interface tool, providing a unified experience for managing containerized environments across development and production workflows. - [jetify-com/devbox](https://awesome-repositories.com/repository/jetify-com-devbox.md) (12,063 ⭐) — Devbox is a development environment orchestrator designed to create reproducible, isolated workspaces for software projects. By leveraging declarative configuration files and the Nix package manager, it ensures that project dependencies, environment variables, and tooling remain consistent across different machines and team members. It functions as a central manager for project-specific environments, providing isolated shell execution that prevents conflicts with host system software. The project distinguishes itself through its ability to bridge local development and cloud-hosted infrastructure. It supports container-native deployment by generating container images directly from project configurations and utilizes remote binary caching to accelerate environment setup by storing pre-built artifacts. Beyond environment management, it includes integrated capabilities for background service orchestration, secret management, and automated testing workflows that can be triggered within the development lifecycle. The platform provides a comprehensive suite of tools for managing the full development lifecycle, including IDE integration, team-based access control, and observability features like log streaming and performance analysis. It also offers extensibility through custom plugin integration and automated package configuration, allowing teams to standardize workflows and maintain consistent tooling across distributed environments. - [jdx/mise](https://awesome-repositories.com/repository/jdx-mise.md) (29,559 ⭐) — Mise is a development environment orchestrator that manages software runtimes, environment variables, and task execution. It functions as a version manager and task runner, providing a unified interface to synchronize project-specific configurations and dependencies across different machines. By automating the installation and switching of tools, it ensures that development environments remain consistent and reproducible. The project distinguishes itself through a hierarchical configuration system that automatically discovers settings by traversing the directory tree. It uses shim-based command interception to dynamically inject the correct tool versions and environment variables into the shell session as you navigate between projects. This approach allows for seamless transitions between different runtime versions and project contexts without manual intervention. Beyond core version management, the system provides comprehensive environment control, including support for secret redaction, template expansion, and the loading of external configuration files. It enables project-scoped task automation, allowing developers to define and execute custom commands within isolated environments that are pre-configured with the necessary dependencies. The platform is extensible through a plugin model that supports custom installation logic and dynamic environment generation. - [berriai/litellm](https://awesome-repositories.com/repository/berriai-litellm.md) (50,579 ⭐) — LiteLLM is a unified gateway and proxy server designed to centralize access to over one hundred language model providers. It provides a standardized API interface that abstracts vendor-specific schemas, allowing developers to interact with diverse models through a single, consistent format. By acting as a central traffic management layer, it enables organizations to route, secure, and govern model interactions across multiple deployments. The platform distinguishes itself through its policy-driven architecture, which uses configuration-based routing to manage traffic distribution, load balancing, and automatic fallbacks without requiring code changes. It incorporates a robust security and compliance layer that enforces content moderation, secret redaction, and fine-grained access control. Additionally, it supports complex operational requirements such as semantic routing, rule-based complexity scoring, and persistent virtual key management for multi-tenant environments. Beyond core routing, the project provides comprehensive governance and observability tools to monitor usage, track spending, and log request metadata across teams. It includes an integrated software development kit for tool calling and agent orchestration, alongside support for advanced features like response caching, batch processing, and structured output configuration. The system is designed for enterprise-wide deployment, offering features for audit logging, single sign-on integration, and granular cost reporting. - [k3s-io/k3s](https://awesome-repositories.com/repository/k3s-io-k3s.md) (33,264 ⭐) — K3s is a lightweight Kubernetes distribution designed for resource-constrained environments, edge computing, and simplified deployment across diverse hardware architectures. It functions as a container orchestration engine that automates the deployment, scaling, and management of containerized applications. By bundling all necessary control plane components and dependencies into a single binary, it minimizes the system footprint and streamlines the installation process. The project distinguishes itself through a flexible architecture that supports both high-availability clustering and minimal, single-node setups. It provides options for using an embedded SQLite datastore for small deployments or external databases for larger, resilient environments. Security is integrated into the core, featuring token-based node authentication, encrypted communication between nodes, and support for mandatory access control policies like SELinux. The platform covers a broad operational surface, including automated cluster version upgrades, manifest-based resource deployment, and integrated Helm chart management. It offers extensive configuration capabilities for networking, certificate management, and storage backends, allowing administrators to tailor the environment to specific infrastructure requirements. The system is designed to maintain consistent operational standards across distributed locations, ensuring that management remains centralized even when hardware resources are limited. - [nickdeis/eslint-plugin-no-secrets](https://awesome-repositories.com/repository/nickdeis-eslint-plugin-no-secrets.md) (166 ⭐) — An eslint plugin to find strings that might be secrets/credentials - [timeoff-management/timeoff-management-application](https://awesome-repositories.com/repository/timeoff-management-timeoff-management-application.md) (1,038 ⭐) — Simple yet powerful absence management software for small and medium size business (community edition) - [openclaw/openclaw](https://awesome-repositories.com/repository/openclaw-openclaw.md) (378,991 ⭐) — Openclaw is a platform for managing agent execution environments, providing the infrastructure to control agent lifecycles, session state, and workspace persistence. It features a centralized gateway that handles model loops, tool invocation, and streaming events, while supporting multi-agent routing and persistent memory management. The system is designed to normalize tool execution signatures and provide a standardized interface for cross-provider compatibility. The platform includes extensive developer tooling, such as a command-line interface for workspace management, diagnostic logging, and a plugin architecture that allows for the registration of custom tools and capabilities. It supports automated workflows through event-driven hooks, task scheduling, and integration with external services. Security is managed through execution policies, credential portability, and approval workflows for agent actions. Deployment is supported through automated infrastructure installers and containerized gateway helpers, with built-in utilities for backups and configuration management. The system provides a structured format for orchestrating multi-step workflows and includes specialized tools for browser automation and structured code patching. - [n8n-io/n8n](https://awesome-repositories.com/repository/n8n-io-n8n.md) (192,772 ⭐) — n8n is a workflow automation platform that combines a visual interface with code-based extensibility to design, orchestrate, and manage automated processes. It provides a comprehensive suite of tools for data transformation, filtering, and storage, allowing users to build complex logic through conditional branching, looping, and sub-workflow execution. The platform supports both pre-built integration nodes and custom code execution in JavaScript or Python, enabling connectivity with a wide range of external services and APIs. The platform includes a suite of generative AI capabilities, such as an AI-powered workflow builder, a centralized chat interface for custom agents, and retrieval-augmented generation tools that ground responses in domain-specific data. To support development and production lifecycles, n8n offers version control integration with Git, workflow publishing mechanisms, and administrative tools for managing user roles, security policies, and environment configurations. For monitoring and maintenance, the system provides observability tools that include performance metrics, execution insights, and real-time log streaming. It also features error-handling capabilities, such as automated recovery workflows and manual failure triggering, to ensure system reliability. Users can interact with the platform programmatically via a public REST API or manage administrative tasks through a command-line interface. - [kubernetes/kubernetes](https://awesome-repositories.com/repository/kubernetes-kubernetes.md) (123,069 ⭐) — Kubernetes is a distributed container orchestration platform that automates the deployment, scaling, and management of containerized applications across clusters of computing nodes. It functions as a declarative infrastructure controller, utilizing a control loop architecture that continuously monitors the current system state against user-defined configurations to ensure desired operational outcomes. The system relies on a centralized API-driven interface and a replicated key-value store to maintain a consistent source of truth for all cluster objects. The platform distinguishes itself through a highly extensible design that allows users to define domain-specific objects using the same native API and control loop infrastructure. It employs a standardized abstraction layer for container runtimes, enabling modular execution engines, and utilizes a pluggable controller pattern that supports third-party integrations without requiring modifications to the core codebase. An algorithmic bin-packing engine further optimizes hardware utilization by dynamically matching workload requirements with available cluster capacity. Beyond core orchestration, the system provides comprehensive operational support for distributed environments, including automated lifecycle management, horizontal and vertical scaling, and self-healing mechanisms that maintain service availability. It encompasses integrated solutions for networking, persistent storage orchestration, and secure secret management. Diagnostic utilities for monitoring performance metrics, aggregating logs, and troubleshooting infrastructure-level issues are also included to support cluster health and reliability. - [richardoc/gitlab-secrets](https://awesome-repositories.com/repository/richardoc-gitlab-secrets.md) (0 ⭐) - [sobolevn/git-secret](https://awesome-repositories.com/repository/sobolevn-git-secret.md) (4,023 ⭐) — :busts_in_silhouette: A bash-tool to store your private data inside a git repository. - [hashicorp/vault](https://awesome-repositories.com/repository/hashicorp-vault.md) (35,796 ⭐) — Vault is a centralized secrets management platform designed to secure, store, and control access to sensitive credentials such as API keys, passwords, certificates, and encryption keys. At its core, the system employs a barrier-based cryptographic sealing mechanism that requires an unseal process to decrypt internal storage, ensuring that sensitive data remains protected. It provides identity-based access control to manage granular permissions across distributed infrastructure, effectively centralizing security policies and authentication for both human and machine workloads. What distinguishes Vault is its ability to generate dynamic, short-lived credentials on-demand for databases and cloud providers, which are automatically revoked upon lease expiration to minimize security exposure. The platform also functions as an encryption-as-a-service provider, allowing applications to offload data protection, tokenization, and key management tasks to a centralized interface. Its modular architecture is supported by an extensible plugin system that uses remote procedure calls to integrate new functionality without requiring modifications to the primary codebase. Beyond core secret handling, the platform offers comprehensive certificate lifecycle automation, including the generation, storage, and rotation of security certificates to maintain encrypted communication channels. It supports high-availability deployments through a distributed consensus protocol that synchronizes state across clusters and automatically forwards requests to the active leader node. The system also integrates with hardware security modules for enhanced key protection and maintains detailed audit logs to support regulatory compliance requirements. Users interact with the platform through a command-line interface that supports API endpoint invocation, environment variable configuration, and shell autocompletion for operational tasks. - [atuinsh/atuin](https://awesome-repositories.com/repository/atuinsh-atuin.md) (30,266 ⭐) — Atuin is a command-line tool that replaces standard shell history with a searchable, encrypted SQLite database. By hooking into shell initialization scripts, it provides an interactive, keyboard-driven interface for real-time command filtering and retrieval. The platform ensures data privacy through a client-side encryption layer, securing sensitive history and configuration data before it is synchronized across multiple machines. Beyond history management, Atuin functions as an executable documentation platform that enables teams to create and share interactive runbooks. These documents use a block-based editor to combine rich text with live terminal commands, database queries, and API interactions. Users can compose complex automation workflows by chaining these modular blocks, which support dynamic template variable injection and script execution to maintain consistent operational procedures across different environments. The system includes a background synchronization service that maintains consistent shell aliases, environment variables, and dotfile settings across devices. Teams can collaborate within shared workspaces, utilizing versioned runbooks and integrated access controls to manage standardized tasks. The platform also features an AI assistant that can interpret natural language instructions to modify document content, allowing for efficient updates to automated procedures. - [serverless/serverless](https://awesome-repositories.com/repository/serverless-serverless.md) (46,918 ⭐) — The Serverless Framework is a declarative infrastructure-as-code tool designed to automate the deployment, scaling, and lifecycle management of cloud-native applications. It provides a unified command-line interface that translates high-level configuration files into provider-specific resource templates, enabling developers to orchestrate complex architectures, event-driven functions, and cloud resources within a single project structure. What distinguishes this framework is its focus on developer experience and multi-environment parity. It supports local function invocation and event proxying, allowing developers to test and debug code locally against live cloud events without requiring constant redeployments. The framework also features a modular plugin system for extensibility and advanced service composition, which allows teams to manage related services as a single unit, share outputs between components, and coordinate deployments across multiple cloud accounts and stages. The platform covers a broad capability surface, including integrated secret management, dynamic variable resolution, and comprehensive observability tools that aggregate logs, metrics, and traces. It also provides specialized support for configuring API infrastructure, managing GraphQL schemas, and exposing business logic to AI agents through secure gateway controls and standardized interface definitions. The framework is managed through configuration files that define infrastructure, event triggers, and environment-specific settings, with installation and operation handled via a standard command-line interface.