# Secrets, Vaults and Cryptography > Search results for `Secrets, Vaults and Cryptography` on awesome-repositories.com. 108 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/secrets-vaults-and-cryptography **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/secrets-vaults-and-cryptography).** ## Results - [external-secrets/external-secrets](https://awesome-repositories.com/repository/external-secrets-external-secrets.md) (6,697 ⭐) — External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets. - [hashicorp/vault](https://awesome-repositories.com/repository/hashicorp-vault.md) (35,796 ⭐) — Vault is a centralized secrets management platform designed to secure, store, and control access to sensitive credentials such as API keys, passwords, certificates, and encryption keys. At its core, the system employs a barrier-based cryptographic sealing mechanism that requires an unseal process to decrypt internal storage, ensuring that sensitive data remains protected. It provides identity-based access control to manage granular permissions across distributed infrastructure, effectively centralizing security policies and authentication for both human and machine workloads. What distinguish - [kedacore/keda](https://awesome-repositories.com/repository/kedacore-keda.md) (10,314 ⭐) — KEDA is a Kubernetes event-driven autoscaler and cloud event scaling engine. It functions as a custom metrics provider that monitors external event sources—including message brokers, databases, and cloud metrics—to dynamically adjust the replica counts of containerized workloads. The project is distinguished by its scale-to-zero workflow, which reduces workloads to zero replicas during inactivity and automatically restarts them when new events are detected. It operates as a multi-cloud event trigger system, using a pluggable scaler interface to integrate with a wide array of third-party servi - [serverless/serverless](https://awesome-repositories.com/repository/serverless-serverless.md) (46,917 ⭐) — The Serverless Framework is a declarative infrastructure-as-code tool designed to automate the deployment, scaling, and lifecycle management of cloud-native applications. It provides a unified command-line interface that translates high-level configuration files into provider-specific resource templates, enabling developers to orchestrate complex architectures, event-driven functions, and cloud resources within a single project structure. What distinguishes this framework is its focus on developer experience and multi-environment parity. It supports local function invocation and event proxyin - [n8n-io/n8n](https://awesome-repositories.com/repository/n8n-io-n8n.md) (192,772 ⭐) — n8n is a workflow automation platform that combines a visual interface with code-based extensibility to design, orchestrate, and manage automated processes. It provides a comprehensive suite of tools for data transformation, filtering, and storage, allowing users to build complex logic through conditional branching, looping, and sub-workflow execution. The platform supports both pre-built integration nodes and custom code execution in JavaScript or Python, enabling connectivity with a wide range of external services and APIs. The platform includes a suite of generative AI capabilities, such a - [bitwarden/server](https://awesome-repositories.com/repository/bitwarden-server.md) (18,074 ⭐) — This project provides a comprehensive, self-hosted platform for zero-knowledge credential management and enterprise secrets orchestration. It functions as a secure vault that ensures all encryption and decryption processes occur exclusively on the client side, preventing the server from ever accessing plaintext data. By combining identity federation with robust access controls, the system enables organizations to centralize the management of passwords, passkeys, and sensitive infrastructure credentials. The platform distinguishes itself through its focus on both human-centric security and aut - [bitwarden/clients](https://awesome-repositories.com/repository/bitwarden-clients.md) (13,114 ⭐) — This project is a comprehensive zero-knowledge security suite designed for enterprise credential management, secrets orchestration, and password management. It provides a secure, end-to-end encrypted vault that allows users to store, synchronize, and manage sensitive information, including passwords, passkeys, and infrastructure secrets, across desktop, mobile, and browser environments. The platform distinguishes itself through a strict zero-knowledge architecture where all encryption and decryption occur locally on the client, ensuring that plaintext data remains inaccessible to the server. - [infisical/infisical](https://awesome-repositories.com/repository/infisical-infisical.md) (27,374 ⭐) — Infisical is a centralized secrets management platform designed to store, synchronize, and control access to sensitive credentials and configuration data across distributed development, staging, and production environments. It employs client-side encryption to ensure that secrets remain unreadable to the underlying storage infrastructure, while providing a hierarchical permission model to govern both user and machine access. The platform distinguishes itself through dynamic credential provisioning, which generates short-lived access tokens that are automatically revoked after use. It supports - [bitnami-labs/sealed-secrets](https://awesome-repositories.com/repository/bitnami-labs-sealed-secrets.md) (8,925 ⭐) — Sealed Secrets is a Kubernetes secret encryption tool and controller designed for GitOps security. It provides a mechanism to encrypt sensitive data into specialized resources that can be safely stored in public version control systems and decrypted only within a cluster. The system uses an asymmetric encryption manager to seal secrets with a public key, ensuring that only the corresponding private key held within the cluster can unseal them. It includes utilities for security key rotation, secret re-encryption, and offline private key recovery to maintain data access during disaster recovery - [cert-manager/cert-manager](https://awesome-repositories.com/repository/cert-manager-cert-manager.md) (13,578 ⭐) — This project is a Kubernetes controller that automates the issuance, renewal, and lifecycle management of TLS certificates. It functions as a native extension to the cluster API, using custom resource definitions and reconciliation loops to maintain the desired state of certificates and trust bundles across distributed services. By integrating directly with the cluster's admission control and secret storage systems, it ensures that cryptographic identities are consistently provisioned and available for application workloads. The project distinguishes itself through its extensive support for a - [ricoberger/vault-secrets-operator](https://awesome-repositories.com/repository/ricoberger-vault-secrets-operator.md) (677 ⭐) - [sdux-vault/vault](https://awesome-repositories.com/repository/sdux-vault-vault.md) (1 ⭐) — SDuX Vault — the platform monorepo powering a framework-agnostic, deterministic state management system. Includes core, addons, devtools, shared utilities, UI components, and companion apps. - [cockroachdb/cockroach](https://awesome-repositories.com/repository/cockroachdb-cockroach.md) (32,207 ⭐) — Cockroach is a distributed SQL database designed to scale horizontally across multiple nodes while maintaining strict ACID compliance and global data consistency. It functions as a relational database engine that automatically partitions data into ranges, rebalancing them across a cluster to accommodate growing storage and throughput requirements. By utilizing a distributed consensus protocol, the system ensures that all nodes agree on the order of operations, providing fault tolerance and continuous availability even in the event of hardware failures. The system distinguishes itself through - [pyca/cryptography](https://awesome-repositories.com/repository/pyca-cryptography.md) (7,628 ⭐) — This project is a Python cryptography library that provides a collection of cryptographic primitives and high-level recipes for implementing secure encryption and authentication. It functions as a symmetric encryption toolkit and a cryptographic hash provider, offering both a low-level cryptographic interface for building custom protocols and high-level tools for securing data. The library covers a broad range of security capabilities, including symmetric data encryption, the derivation of cryptographic keys from passwords or secret values, and data integrity verification through the generati - [microsoftlearning/az-204-developingsolutionsformicrosoftazure](https://awesome-repositories.com/repository/microsoftlearning-az-204-developingsolutionsformicrosoftazure.md) (2,513 ⭐) — This project is a set of hands-on labs for practicing cloud development, focusing on implementing web apps, functions, storage solutions, and containerized workloads. It provides a practical framework for developing solutions within the Azure ecosystem. The content covers a wide range of specialized cloud capabilities, including serverless development with HTTP and timer triggers, container orchestration using apps and instances, and API management for routing and transforming traffic. It also emphasizes identity and access management through OpenID Connect and managed identities. Additional - [datreeio/datree](https://awesome-repositories.com/repository/datreeio-datree.md) (6,339 ⭐) — Datree is a policy enforcement framework for Kubernetes that validates configurations against rules written in Rego, JSON Schema, or CEL. It operates as both a command-line tool for pre-deployment scanning and as a cluster-side admission webhook for real-time enforcement, integrating with CI/CD pipelines and continuous delivery tools like ArgoCD and FluxCD. The framework supports namespace-scoped policy mapping, allowing different policies to apply to different namespaces, and provides a skip annotation mechanism for selectively bypassing rules on individual resources or entire namespaces. It - [koofr/vault](https://awesome-repositories.com/repository/koofr-vault.md) (188 ⭐) — https://vault.koofr.net - [danieldizzy/cryptography_1](https://awesome-repositories.com/repository/danieldizzy-cryptography-1.md) (49 ⭐) — Coursera Stanford Cryptography 1 - Thought by Prof. Dan Boneh - [iam-veeramalla/azure-zero-to-hero](https://awesome-repositories.com/repository/iam-veeramalla-azure-zero-to-hero.md) (4,773 ⭐) — Azure-zero-to-hero is a comprehensive learning path and technical curriculum designed for mastering cloud infrastructure, security, and deployment on Azure. It consists of a series of courses, guides, and training modules that provide a structured approach to learning the Azure ecosystem. The project provides practical walkthroughs and tutorials covering the orchestration of containerized applications via Kubernetes, the construction of CI/CD pipelines using Azure DevOps, and the provisioning of core infrastructure including virtual machines and virtual networks. It also includes dedicated tr - [motdotla/dotenv](https://awesome-repositories.com/repository/motdotla-dotenv.md) (20,284 ⭐) — Dotenv is a configuration management library designed to load environment variables from local files into the process environment. By separating application settings from source code, it enables developers to maintain consistent configurations across different deployment stages and team environments. The utility provides mechanisms to transform plain text configuration files into encrypted formats, allowing sensitive secrets to be stored securely within version control systems. It handles the parsing and normalization of key-value pairs, ensuring that configuration data is consistently proces - [hashicorp/nomad](https://awesome-repositories.com/repository/hashicorp-nomad.md) (16,211 ⭐) — Nomad is a distributed workload orchestrator and infrastructure automation platform designed to manage the lifecycle of applications across large-scale, heterogeneous environments. It functions as a multi-cloud orchestration engine, providing a unified control plane to deploy, scale, and govern containers, virtual machines, and legacy applications. By utilizing declarative job specifications, the system ensures infrastructure convergence and maintains the desired state across distributed data centers and geographic regions. The platform distinguishes itself through a flexible, plugin-based ar - [fluxcd/flux2](https://awesome-repositories.com/repository/fluxcd-flux2.md) (7,888 ⭐) — Flux is a Kubernetes GitOps delivery tool used to automate application deployments by synchronizing cluster state with configurations stored in Git, OCI, or Helm repositories. It functions as a set of controllers that monitor desired state in external sources and continuously reconcile the live cluster to match those definitions. The system distinguishes itself through a multi-cluster management plane that coordinates application delivery across fleets of remote clusters from a central hub. It provides a dedicated mechanism for automated image updates, which scans container registries for new - [external-secrets/kubernetes-external-secrets](https://awesome-repositories.com/repository/external-secrets-kubernetes-external-secrets.md) (2,584 ⭐) — This project has been deprecated. Please take a look at ESO (External Secrets Operator) instead https://github.com/external-secrets/external-secrets - [hashicorp/terraform](https://awesome-repositories.com/repository/hashicorp-terraform.md) (48,720 ⭐) — Terraform is a declarative infrastructure-as-code tool designed to manage the lifecycle of cloud and on-premises resources. It functions as a workflow engine that reconciles a defined desired state against real-world infrastructure, using a persistent state-tracking layer to maintain consistency and visibility across distributed environments. By mapping infrastructure components into a directed acyclic graph, the system calculates the optimal order for provisioning, updating, or destroying resources. The platform is distinguished by its extensible plugin-based architecture, which decouples co - [twpayne/chezmoi](https://awesome-repositories.com/repository/twpayne-chezmoi.md) (18,075 ⭐) — chezmoi is a command-line utility designed to manage and synchronize system configuration files across multiple machines. It uses a local Git repository as the single source of truth, allowing users to track, version, and distribute dotfiles while maintaining a consistent state across diverse operating systems and hardware architectures. The project distinguishes itself through a declarative reconciliation model that computes the difference between the current filesystem and the desired state defined in the repository. It features a robust templating engine that processes configuration files - [chef/chef-vault](https://awesome-repositories.com/repository/chef-chef-vault.md) (407 ⭐) — Securely manage passwords, certs, and other secrets in Chef - [dokploy/dokploy](https://awesome-repositories.com/repository/dokploy-dokploy.md) (34,901 ⭐) — Dokploy is a self-hosted platform-as-a-service designed to simplify the deployment and management of containerized applications and databases. It provides a centralized control plane that decouples administrative management from application workloads, allowing users to oversee infrastructure across multiple server nodes through a unified web interface or a command-line tool. The platform distinguishes itself through an extensive library of pre-configured application templates, enabling the rapid deployment of databases, identity providers, and various productivity or development tools. It sup - [go-external-config/vault](https://awesome-repositories.com/repository/go-external-config-vault.md) (0 ⭐) — Vault provides centralized, well-audited privileged access and secret management for mission-critical data whether you deploy systems on-premises, in the cloud, or in a hybrid environment. - [maxteabag/sqlit](https://awesome-repositories.com/repository/maxteabag-sqlit.md) (3,702 ⭐) — Sqlit is a terminal-based SQL client and database explorer designed for executing queries and managing database connections. It functions as a command line interface that provides syntax highlighting, command history, and a terminal user interface for rendering results. The tool features a discovery engine that scans local Docker sockets to automatically identify and resolve connection details for active database containers. It handles secure access through encrypted SSH tunnels and integrates with external secrets managers to retrieve credentials. The project includes capabilities for data - [searxng/searxng](https://awesome-repositories.com/repository/searxng-searxng.md) (32,180 ⭐) — This project is a privacy-focused, self-hosted metasearch engine that aggregates results from a wide array of web, academic, and media sources into a single, unified interface. By acting as a proxy between the user and external search providers, it strips identifying headers and tracking parameters from requests, ensuring that search activity remains anonymous and protected from third-party profiling. The platform distinguishes itself through a modular, plugin-based architecture that allows for extensive customization of search behavior, result filtering, and interface branding. It supports a - [sumup-oss/terraform-provider-vaulted](https://awesome-repositories.com/repository/sumup-oss-terraform-provider-vaulted.md) (40 ⭐) — Encrypted HashiCorp Vault secrets via Terraform that can be stored in SCM such as Git - [jkroepke/helm-secrets](https://awesome-repositories.com/repository/jkroepke-helm-secrets.md) (2,010 ⭐) — A helm plugin that help manage secrets with Git workflow and store them anywhere - [nodejs/node](https://awesome-repositories.com/repository/nodejs-node.md) (117,932 ⭐) — This project is an open-source JavaScript runtime built on the V8 engine. It provides a comprehensive environment for executing JavaScript code outside of a web browser, offering foundational primitives for process management, multi-core load distribution, and parallel execution through worker threads. The runtime includes a broad set of built-in modules for system-level operations, such as file system interaction, network communication across various protocols, and cryptographic security. It supports multiple module systems, native binary addon integration, and diagnostic tools for monitorin - [openzeppelin/openzeppelin-contracts](https://awesome-repositories.com/repository/openzeppelin-openzeppelin-contracts.md) (27,157 ⭐) — OpenZeppelin Contracts is a library of modular, secure, and reusable smart contract components designed for the development of decentralized applications. It provides a foundational framework for building standard-compliant contracts, offering battle-tested implementations for token standards, access control, and common utility patterns. The project distinguishes itself through its comprehensive support for complex architectural patterns, including proxy-based upgradeability, role-based access control, and account abstraction. It enables developers to implement modular logic injection via hoo - [ethereum/go-ethereum](https://awesome-repositories.com/repository/ethereum-go-ethereum.md) (51,178 ⭐) — Geth is a comprehensive execution client for the Ethereum network, serving as a foundational node implementation that processes transactions, maintains the distributed ledger state, and participates in peer-to-peer consensus. It provides a robust infrastructure for synchronizing, validating, and serving blockchain data, utilizing a persistent Merkle Patricia Trie database to ensure the cryptographic integrity of historical records. As a sandboxed smart contract runtime, it executes bytecode according to deterministic protocol rules, enabling the deployment and interaction of decentralized appl - [mbrancato/terraform-google-vault](https://awesome-repositories.com/repository/mbrancato-terraform-google-vault.md) (47 ⭐) — This is a Terraform module to deploy a Vault instance on Google's Cloud Run service. Vault is an open-source secrets management tool that generally is run in a high-availability (HA) cluster. This implementation is a single instance with auto-unseal and no HA support. Cloud Run is a way to… - [yelp/detect-secrets](https://awesome-repositories.com/repository/yelp-detect-secrets.md) (4,429 ⭐) — detect-secrets is a modular secret scanning tool that identifies hard-coded credentials and sensitive information in source code. It combines multiple detection strategies—regular expression pattern matching, Shannon entropy calculation, and a machine learning classifier—to find potential secrets, and uses a baseline-driven delta analysis to distinguish newly introduced secrets from pre-existing ones, reducing noise from legacy credentials. The tool integrates directly into development workflows through a git pre-commit hook that blocks commits introducing unbaselined secrets, and can be inco - [kestra-io/kestra](https://awesome-repositories.com/repository/kestra-io-kestra.md) (27,073 ⭐) — Kestra is a declarative workflow orchestrator designed to manage complex task dependencies and automated processes through versioned configuration files. It functions as a distributed platform that decouples task scheduling from execution by offloading computational workloads to a fleet of worker nodes. The system uses a reactive, event-driven engine to initiate workflows automatically in response to external signals, webhooks, schedules, or file system changes. The platform distinguishes itself through a modular plugin architecture that allows for the integration of custom tasks and external - [mazen160/secrets-patterns-db](https://awesome-repositories.com/repository/mazen160-secrets-patterns-db.md) (1,508 ⭐) — The largest open-source database for detecting secrets, API keys, passwords, tokens, and more. Use secrets-patterns-db to feed your secret scanning engine with regex patterns for identifying secrets. - [activepieces/activepieces](https://awesome-repositories.com/repository/activepieces-activepieces.md) (20,887 ⭐) — Activepieces is an open-source, self-hosted workflow automation platform designed to connect third-party applications through modular triggers and actions. It provides a low-code integration framework that allows users to build, manage, and execute complex business logic sequences within isolated, sandboxed environments. The platform distinguishes itself through its focus on embeddability and enterprise-grade security. It features an embedded automation builder that can be integrated into external applications via iframes, supported by comprehensive identity and access management tools such a - [oulman/terraform-credentials-vault](https://awesome-repositories.com/repository/oulman-terraform-credentials-vault.md) (5 ⭐) — Terraform credentials helper for Vault - [anthropics/claude-code](https://awesome-repositories.com/repository/anthropics-claude-code.md) (132,728 ⭐) — Anthropic's terminal-native AI coding agent. - [usebruno/bruno](https://awesome-repositories.com/repository/usebruno-bruno.md) (44,931 ⭐) — Bruno is a local-first API client designed for building, testing, and managing network requests across a wide range of protocols. By storing all collections and configurations as plain-text files directly on the local filesystem, it enables native version control and offline access, ensuring that project data remains under user control without requiring cloud synchronization. The platform distinguishes itself through a declarative approach to API management, utilizing a domain-specific language to define request parameters and metadata. This architecture supports a robust testing environment - [webfactory/secret-spreader](https://awesome-repositories.com/repository/webfactory-secret-spreader.md) (36 ⭐) — A tool to distribute GitHub Action secrets to a list of repositories - [richardoc/gitlab-secrets](https://awesome-repositories.com/repository/richardoc-gitlab-secrets.md) (47 ⭐) — This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits, containing potential secret or interesting information. - [juspay/hyperswitch](https://awesome-repositories.com/repository/juspay-hyperswitch.md) (43,019 ⭐) — Hyperswitch is a payment orchestration platform designed to manage complex transaction lifecycles through a centralized control layer. It functions as a processor-agnostic integration hub that standardizes disparate external payment APIs, allowing businesses to route transactions across multiple providers to optimize for authorization rates and cost efficiency. The platform utilizes a state-machine-based architecture to track every payment from initial authentication to final settlement, ensuring consistent processing and reliable error recovery. What distinguishes the platform is its intelli - [achep/keyguard-app](https://awesome-repositories.com/repository/achep-keyguard-app.md) (2,497 ⭐) — Keyguard is a password manager application and secure vault designed for storing and organizing logins, passkeys, and sensitive data. It provides a multi-factor authentication vault that utilizes encrypted offline access to ensure credentials remain available without an internet connection. The application includes a dedicated SSH key manager and agent integration for generating and managing keys to access remote servers. It also features a password security auditor that analyzes vault entries to identify compromised, reused, or weak credentials. The system covers a broad range of security c - [allinssl/allinssl](https://awesome-repositories.com/repository/allinssl-allinssl.md) (3,359 ⭐) — Allinssl is a multi-platform certificate manager and ACME automator designed to handle the full lifecycle of security certificates. It provides a web-based management interface to orchestrate the issuance, renewal, and deployment of certificates across various servers and cloud environments. The system distinguishes itself through an orchestration engine that pushes certificates to diverse targets, including web application firewalls, server control panels, and remote hosts. It automates domain ownership verification using DNS challenges across multiple providers and employs an event-driven w - [n8n-io/self-hosted-ai-starter-kit](https://awesome-repositories.com/repository/n8n-io-self-hosted-ai-starter-kit.md) (14,997 ⭐) — This project provides a dockerized AI workflow stack and orchestration templates for deploying a self-hosted AI environment. It establishes a localized infrastructure for building autonomous agents and model chains that process private data on-premises without external cloud dependencies. The environment is designed to support autonomous agent development, allowing models to dynamically select tools, execute shell commands, and interact with local file systems. It includes integrated vector database support to enable retrieval augmented generation and private document analysis. The stack cov - [maxgoedjen/secretive](https://awesome-repositories.com/repository/maxgoedjen-secretive.md) (8,162 ⭐) — Secretive is an SSH key manager that utilizes hardware-backed security modules to generate and store non-exportable private keys. It integrates with secure enclaves to ensure that sensitive cryptographic material remains within the hardware and cannot be exported from the device. The system implements a biometric authentication workflow, requiring fingerprint or wearable verification before a private key is released for signing operations. It also provides the ability to bridge signing requests to external hardware tokens for systems that lack a built-in secure enclave. The project includes