# Self-Hosted Secrets Management Vaults

> Search results for `self-hosted secrets vault as a HashiCorp Vault alternative` on awesome-repositories.com. 108 total matches; showing the first 50.

Explore on the web: https://awesome-repositories.com/q/self-hosted-secrets-vault-as-a-hashicorp-vault-alternative

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/self-hosted-secrets-vault-as-a-hashicorp-vault-alternative).**

## Results

- [boostport/kubernetes-vault](https://awesome-repositories.com/repository/boostport-kubernetes-vault.md) (937 ⭐) — This project is a Kubernetes controller that automates the retrieval and injection of secrets from HashiCorp Vault into containerized workloads. By operating as a control loop, it monitors cluster state to deliver sensitive configuration data and authentication tokens directly into application environments, removing the requirement for static credentials.

The system distinguishes itself through a sidecar-based injection mechanism that intercepts pod lifecycle events to mount secrets at runtime. It supports dynamic credential provisioning, generating short-lived tokens on demand to reduce the
- [hashicorp/consul-template](https://awesome-repositories.com/repository/hashicorp-consul-template.md) (4,830 ⭐) — Consul Template is a configuration renderer and dynamic configuration manager that generates files by populating templates with data from Consul and Vault. It functions as a service discovery template engine and secrets management integrator, transforming cluster catalog and health data into formatted configuration files.

The tool distinguishes itself by acting as a process supervisor and notifier, capable of executing shell commands or restarting applications automatically after templates are updated. It features a long-polling watcher to monitor remote key-value stores and employs a shared
- [hashicorp/vault](https://awesome-repositories.com/repository/hashicorp-vault.md) (35,796 ⭐) — Vault is a centralized secrets management platform designed to secure, store, and control access to sensitive credentials such as API keys, passwords, certificates, and encryption keys. At its core, the system employs a barrier-based cryptographic sealing mechanism that requires an unseal process to decrypt internal storage, ensuring that sensitive data remains protected. It provides identity-based access control to manage granular permissions across distributed infrastructure, effectively centralizing security policies and authentication for both human and machine workloads.

What distinguish
- [kedacore/keda](https://awesome-repositories.com/repository/kedacore-keda.md) (10,314 ⭐) — KEDA is a Kubernetes event-driven autoscaler and cloud event scaling engine. It functions as a custom metrics provider that monitors external event sources—including message brokers, databases, and cloud metrics—to dynamically adjust the replica counts of containerized workloads.

The project is distinguished by its scale-to-zero workflow, which reduces workloads to zero replicas during inactivity and automatically restarts them when new events are detected. It operates as a multi-cloud event trigger system, using a pluggable scaler interface to integrate with a wide array of third-party servi
- [serverless/serverless](https://awesome-repositories.com/repository/serverless-serverless.md) (46,917 ⭐) — The Serverless Framework is a declarative infrastructure-as-code tool designed to automate the deployment, scaling, and lifecycle management of cloud-native applications. It provides a unified command-line interface that translates high-level configuration files into provider-specific resource templates, enabling developers to orchestrate complex architectures, event-driven functions, and cloud resources within a single project structure.

What distinguishes this framework is its focus on developer experience and multi-environment parity. It supports local function invocation and event proxyin
- [infisical/infisical](https://awesome-repositories.com/repository/infisical-infisical.md) (27,374 ⭐) — Infisical is a centralized secrets management platform designed to store, synchronize, and control access to sensitive credentials and configuration data across distributed development, staging, and production environments. It employs client-side encryption to ensure that secrets remain unreadable to the underlying storage infrastructure, while providing a hierarchical permission model to govern both user and machine access.

The platform distinguishes itself through dynamic credential provisioning, which generates short-lived access tokens that are automatically revoked after use. It supports
- [external-secrets/external-secrets](https://awesome-repositories.com/repository/external-secrets-external-secrets.md) (6,697 ⭐) — External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets.
- [hashicorp/nomad](https://awesome-repositories.com/repository/hashicorp-nomad.md) (16,211 ⭐) — Nomad is a distributed workload orchestrator and infrastructure automation platform designed to manage the lifecycle of applications across large-scale, heterogeneous environments. It functions as a multi-cloud orchestration engine, providing a unified control plane to deploy, scale, and govern containers, virtual machines, and legacy applications. By utilizing declarative job specifications, the system ensures infrastructure convergence and maintains the desired state across distributed data centers and geographic regions.

The platform distinguishes itself through a flexible, plugin-based ar
- [n8n-io/n8n](https://awesome-repositories.com/repository/n8n-io-n8n.md) (192,772 ⭐) — n8n is a workflow automation platform that combines a visual interface with code-based extensibility to design, orchestrate, and manage automated processes. It provides a comprehensive suite of tools for data transformation, filtering, and storage, allowing users to build complex logic through conditional branching, looping, and sub-workflow execution. The platform supports both pre-built integration nodes and custom code execution in JavaScript or Python, enabling connectivity with a wide range of external services and APIs.

The platform includes a suite of generative AI capabilities, such a
- [maiot-io/zenml](https://awesome-repositories.com/repository/maiot-io-zenml.md) (5,452 ⭐) — ZenML is an extensible machine learning orchestration framework designed to manage the end-to-end lifecycle of data pipelines and AI agent workflows. It functions as a durable orchestrator that executes machine learning tasks as directed acyclic graphs, ensuring that every step is containerized for consistent performance across local, cloud, and hybrid infrastructure. By decoupling pipeline code from underlying compute and storage backends, the platform allows developers to define infrastructure-agnostic stacks that remain portable across diverse environments.

The project distinguishes itself
- [jpmorganchase/quorum](https://awesome-repositories.com/repository/jpmorganchase-quorum.md) (4,771 ⭐) — Quorum is a permissioned blockchain framework based on Ethereum, designed for enterprise consortia. It implements a private version of the ledger that restricts network access to authorized participants and uses authority-based consensus mechanisms to achieve transaction finality without energy-intensive mining.

The project focuses on data privacy and access control through the use of private smart contracts and encrypted state storage. This ensures that transaction visibility and business logic results remain hidden from unauthorized nodes and are only accessible to designated consortium mem
- [sdux-vault/vault](https://awesome-repositories.com/repository/sdux-vault-vault.md) (1 ⭐) — SDuX Vault — the platform monorepo powering a framework-agnostic, deterministic state management system. Includes core, addons, devtools, shared utilities, UI components, and companion apps.
- [bitwarden/server](https://awesome-repositories.com/repository/bitwarden-server.md) (18,074 ⭐) — This project provides a comprehensive, self-hosted platform for zero-knowledge credential management and enterprise secrets orchestration. It functions as a secure vault that ensures all encryption and decryption processes occur exclusively on the client side, preventing the server from ever accessing plaintext data. By combining identity federation with robust access controls, the system enables organizations to centralize the management of passwords, passkeys, and sensitive infrastructure credentials.

The platform distinguishes itself through its focus on both human-centric security and aut
- [koofr/vault](https://awesome-repositories.com/repository/koofr-vault.md) (188 ⭐) — https://vault.koofr.net
- [sumup-oss/terraform-provider-vaulted](https://awesome-repositories.com/repository/sumup-oss-terraform-provider-vaulted.md) (40 ⭐) — Encrypted HashiCorp Vault secrets via Terraform that can be stored in SCM such as Git
- [hashicorp/terraform](https://awesome-repositories.com/repository/hashicorp-terraform.md) (48,720 ⭐) — Terraform is a declarative infrastructure-as-code tool designed to manage the lifecycle of cloud and on-premises resources. It functions as a workflow engine that reconciles a defined desired state against real-world infrastructure, using a persistent state-tracking layer to maintain consistency and visibility across distributed environments. By mapping infrastructure components into a directed acyclic graph, the system calculates the optimal order for provisioning, updating, or destroying resources.

The platform is distinguished by its extensible plugin-based architecture, which decouples co
- [bitwarden/clients](https://awesome-repositories.com/repository/bitwarden-clients.md) (13,114 ⭐) — This project is a comprehensive zero-knowledge security suite designed for enterprise credential management, secrets orchestration, and password management. It provides a secure, end-to-end encrypted vault that allows users to store, synchronize, and manage sensitive information, including passwords, passkeys, and infrastructure secrets, across desktop, mobile, and browser environments.

The platform distinguishes itself through a strict zero-knowledge architecture where all encryption and decryption occur locally on the client, ensuring that plaintext data remains inaccessible to the server.
- [ricoberger/vault-secrets-operator](https://awesome-repositories.com/repository/ricoberger-vault-secrets-operator.md) (677 ⭐)
- [cockroachdb/cockroach](https://awesome-repositories.com/repository/cockroachdb-cockroach.md) (32,207 ⭐) — Cockroach is a distributed SQL database designed to scale horizontally across multiple nodes while maintaining strict ACID compliance and global data consistency. It functions as a relational database engine that automatically partitions data into ranges, rebalancing them across a cluster to accommodate growing storage and throughput requirements. By utilizing a distributed consensus protocol, the system ensures that all nodes agree on the order of operations, providing fault tolerance and continuous availability even in the event of hardware failures.

The system distinguishes itself through
- [oulman/terraform-credentials-vault](https://awesome-repositories.com/repository/oulman-terraform-credentials-vault.md) (5 ⭐) — Terraform credentials helper for Vault
- [kong/kubernetes-ingress-controller](https://awesome-repositories.com/repository/kong-kubernetes-ingress-controller.md) (2,392 ⭐) — This project is an API gateway and ingress controller designed to manage traffic, security, and service connectivity within Kubernetes environments. It operates as a controller that monitors cluster state to reconcile gateway configurations with desired infrastructure definitions, ensuring that network policies and routing rules remain consistent across distributed deployments.

The system distinguishes itself through a modular request pipeline that allows for the injection of custom logic to handle transformations, security checks, and logging. It supports declarative infrastructure managemen
- [twpayne/chezmoi](https://awesome-repositories.com/repository/twpayne-chezmoi.md) (18,075 ⭐) — chezmoi is a command-line utility designed to manage and synchronize system configuration files across multiple machines. It uses a local Git repository as the single source of truth, allowing users to track, version, and distribute dotfiles while maintaining a consistent state across diverse operating systems and hardware architectures.

The project distinguishes itself through a declarative reconciliation model that computes the difference between the current filesystem and the desired state defined in the repository. It features a robust templating engine that processes configuration files
- [mbrancato/terraform-google-vault](https://awesome-repositories.com/repository/mbrancato-terraform-google-vault.md) (47 ⭐) — This is a Terraform module to deploy a Vault instance on Google's Cloud Run service. Vault is an open-source secrets management tool that generally is run in a high-availability (HA) cluster. This implementation is a single instance with auto-unseal and no HA support. Cloud Run is a way to…
- [louis-thevenet/vault-tasks](https://awesome-repositories.com/repository/louis-thevenet-vault-tasks.md) (84 ⭐) — vault-tasks-tui is a TUI Markdown task manager.
- [microsoftlearning/az-204-developingsolutionsformicrosoftazure](https://awesome-repositories.com/repository/microsoftlearning-az-204-developingsolutionsformicrosoftazure.md) (2,513 ⭐) — This project is a set of hands-on labs for practicing cloud development, focusing on implementing web apps, functions, storage solutions, and containerized workloads. It provides a practical framework for developing solutions within the Azure ecosystem.

The content covers a wide range of specialized cloud capabilities, including serverless development with HTTP and timer triggers, container orchestration using apps and instances, and API management for routing and transforming traffic. It also emphasizes identity and access management through OpenID Connect and managed identities.

Additional
- [go-external-config/vault](https://awesome-repositories.com/repository/go-external-config-vault.md) (0 ⭐) — Vault provides centralized, well-audited privileged access and secret management for mission-critical data whether you deploy systems on-premises, in the cloud, or in a hybrid environment.
- [iam-veeramalla/azure-zero-to-hero](https://awesome-repositories.com/repository/iam-veeramalla-azure-zero-to-hero.md) (4,773 ⭐) — Azure-zero-to-hero is a comprehensive learning path and technical curriculum designed for mastering cloud infrastructure, security, and deployment on Azure. It consists of a series of courses, guides, and training modules that provide a structured approach to learning the Azure ecosystem.

The project provides practical walkthroughs and tutorials covering the orchestration of containerized applications via Kubernetes, the construction of CI/CD pipelines using Azure DevOps, and the provisioning of core infrastructure including virtual machines and virtual networks. It also includes dedicated tr
- [activepieces/activepieces](https://awesome-repositories.com/repository/activepieces-activepieces.md) (20,887 ⭐) — Activepieces is an open-source, self-hosted workflow automation platform designed to connect third-party applications through modular triggers and actions. It provides a low-code integration framework that allows users to build, manage, and execute complex business logic sequences within isolated, sandboxed environments.

The platform distinguishes itself through its focus on embeddability and enterprise-grade security. It features an embedded automation builder that can be integrated into external applications via iframes, supported by comprehensive identity and access management tools such a
- [bachya/lp-vault-manager](https://awesome-repositories.com/repository/bachya-lp-vault-manager.md) (121 ⭐) — An Alfred 2 workflow to interact with a LastPass vault.
- [motdotla/dotenv](https://awesome-repositories.com/repository/motdotla-dotenv.md) (20,284 ⭐) — Dotenv is a configuration management library designed to load environment variables from local files into the process environment. By separating application settings from source code, it enables developers to maintain consistent configurations across different deployment stages and team environments.

The utility provides mechanisms to transform plain text configuration files into encrypted formats, allowing sensitive secrets to be stored securely within version control systems. It handles the parsing and normalization of key-value pairs, ensuring that configuration data is consistently proces
- [dokploy/dokploy](https://awesome-repositories.com/repository/dokploy-dokploy.md) (34,901 ⭐) — Dokploy is a self-hosted platform-as-a-service designed to simplify the deployment and management of containerized applications and databases. It provides a centralized control plane that decouples administrative management from application workloads, allowing users to oversee infrastructure across multiple server nodes through a unified web interface or a command-line tool.

The platform distinguishes itself through an extensive library of pre-configured application templates, enabling the rapid deployment of databases, identity providers, and various productivity or development tools. It sup
- [pashpashpash/vault-ai](https://awesome-repositories.com/repository/pashpashpash-vault-ai.md) (3,389 ⭐) — OP Vault ChatGPT: Give ChatGPT long-term memory using the OP Stack (OpenAI + Pinecone Vector Database). Upload your own custom knowledge base files (PDF, txt, epub, etc) using a simple React frontend.
- [fluxcd/flux2](https://awesome-repositories.com/repository/fluxcd-flux2.md) (7,888 ⭐) — Flux is a Kubernetes GitOps delivery tool used to automate application deployments by synchronizing cluster state with configurations stored in Git, OCI, or Helm repositories. It functions as a set of controllers that monitor desired state in external sources and continuously reconcile the live cluster to match those definitions.

The system distinguishes itself through a multi-cluster management plane that coordinates application delivery across fleets of remote clusters from a central hub. It provides a dedicated mechanism for automated image updates, which scans container registries for new
- [cert-manager/cert-manager](https://awesome-repositories.com/repository/cert-manager-cert-manager.md) (13,578 ⭐) — This project is a Kubernetes controller that automates the issuance, renewal, and lifecycle management of TLS certificates. It functions as a native extension to the cluster API, using custom resource definitions and reconciliation loops to maintain the desired state of certificates and trust bundles across distributed services. By integrating directly with the cluster's admission control and secret storage systems, it ensures that cryptographic identities are consistently provisioned and available for application workloads.

The project distinguishes itself through its extensive support for a
- [vault-cyber-security/osint](https://awesome-repositories.com/repository/vault-cyber-security-osint.md) (138 ⭐) — Docker image for osint tools with Vault Cyber Security
- [juspay/hyperswitch](https://awesome-repositories.com/repository/juspay-hyperswitch.md) (43,019 ⭐) — Hyperswitch is a payment orchestration platform designed to manage complex transaction lifecycles through a centralized control layer. It functions as a processor-agnostic integration hub that standardizes disparate external payment APIs, allowing businesses to route transactions across multiple providers to optimize for authorization rates and cost efficiency. The platform utilizes a state-machine-based architecture to track every payment from initial authentication to final settlement, ensuring consistent processing and reliable error recovery.

What distinguishes the platform is its intelli
- [maxteabag/sqlit](https://awesome-repositories.com/repository/maxteabag-sqlit.md) (3,702 ⭐) — Sqlit is a terminal-based SQL client and database explorer designed for executing queries and managing database connections. It functions as a command line interface that provides syntax highlighting, command history, and a terminal user interface for rendering results.

The tool features a discovery engine that scans local Docker sockets to automatically identify and resolve connection details for active database containers. It handles secure access through encrypted SSH tunnels and integrates with external secrets managers to retrieve credentials.

The project includes capabilities for data
- [ssh-vault/ssh-vault](https://awesome-repositories.com/repository/ssh-vault-ssh-vault.md) (505 ⭐) — 🌰  encrypt/decrypt using ssh keys
- [jenkins-x/jx](https://awesome-repositories.com/repository/jenkins-x-jx.md) (4,691 ⭐) — jx is a GitOps delivery platform and Kubernetes CI/CD orchestrator designed to automate the building and deployment of applications. It functions as a cloud native pipeline manager that executes container-based build and deployment sequences using a catalog of reusable tasks.

The project distinguishes itself through the automated orchestration of preview environments, which are created and destroyed based on pull request activity to enable validation before merging. It employs a GitOps-based state synchronization model to maintain the desired state of clusters by polling git repositories and
- [datreeio/datree](https://awesome-repositories.com/repository/datreeio-datree.md) (6,339 ⭐) — Datree is a policy enforcement framework for Kubernetes that validates configurations against rules written in Rego, JSON Schema, or CEL. It operates as both a command-line tool for pre-deployment scanning and as a cluster-side admission webhook for real-time enforcement, integrating with CI/CD pipelines and continuous delivery tools like ArgoCD and FluxCD.

The framework supports namespace-scoped policy mapping, allowing different policies to apply to different namespaces, and provides a skip annotation mechanism for selectively bypassing rules on individual resources or entire namespaces. It
- [kelseyhightower/serverless-vault-with-cloud-run](https://awesome-repositories.com/repository/kelseyhightower-serverless-vault-with-cloud-run.md) (407 ⭐) — This tutorial walks you through deploying Hashicorp's Vault on Cloud Run, Google Cloud's container based Serverless compute platform.
- [spaceandtimefdn/blitzar](https://awesome-repositories.com/repository/spaceandtimefdn-blitzar.md) (4,884 ⭐) — Blitzar is a verifiable SQL proof engine and cryptographic library designed for verifiable SQL computation. It enables the execution of database queries off-chain while generating zero-knowledge proofs that certify the correctness of the results for on-chain verification.

The project distinguishes itself through a GPU-accelerated proof accelerator that offloads heavy cryptographic workloads to graphics processors, reducing the time required for succinct proof generation. It provides high-performance cryptographic primitives for C++ and Rust applications, focusing on elliptic curve operations
- [coffee-cup/obsidian-vault-parser](https://awesome-repositories.com/repository/coffee-cup-obsidian-vault-parser.md) (34 ⭐) — Vault parser for the Obsidian note taking app
- [buildbot/buildbot](https://awesome-repositories.com/repository/buildbot-buildbot.md) (5,452 ⭐) — Buildbot is a Python-based continuous integration framework and distributed build orchestrator. It functions as a build automation engine that coordinates the retrieval of source code, the execution of build steps, and the reporting of results through a central controller and a network of remote worker agents.

The system is distinguished by a plugin-based extensibility architecture and a master-worker distribution model. It allows for dynamic build modification at runtime and supports a pluggable database backend for persisting system state and historical build data.

The project covers a bro
- [microsandbox/microsandbox](https://awesome-repositories.com/repository/microsandbox-microsandbox.md) (6,683 ⭐) — Microsandbox is a microVM sandbox runtime and hardware-isolated code executor designed for running untrusted code. It functions as an embedded virtual machine manager that allows applications to spawn and control lightweight virtual machines directly within code without the need for a background daemon.

The system provides a secure execution environment for AI agents by exposing server controls that allow them to execute tools and manage files. It utilizes standard container image formats and volume workflows to initialize guest virtual machines and implements a secret management mechanism th
- [moabukar/tech-vault](https://awesome-repositories.com/repository/moabukar-tech-vault.md) (3,351 ⭐) — tech-vault is a command-line technical interview bank and knowledge base designed for practicing engineering questions across various technical domains. It functions as a terminal-based application that stores structured study materials and interview questions as markdown files, which are then rendered directly within the system console.

The project distinguishes itself through a delivery model that uses command-line argument parsing to filter content by topic or difficulty. It also includes a random selection algorithm to pick individual questions from the collection for spontaneous study se
- [gam-team/gam](https://awesome-repositories.com/repository/gam-team-gam.md) (4,206 ⭐) — GAM is a command-line tool for administering Google Workspace and Cloud Identity. It translates command-line arguments into structured API calls, enabling administrators to manage users, groups, organizational units, and domain settings across a Google Workspace environment. The tool handles authentication through OAuth2 flows, service accounts, and workload identity federation, and supports multi-tenant configurations for managing multiple domains or cloud projects from a single installation.

GAM distinguishes itself through its batch processing and automation capabilities. It can process la
- [aws-powertools/powertools-lambda-python](https://awesome-repositories.com/repository/aws-powertools-powertools-lambda-python.md) (3,267 ⭐) — AWS Powertools for Python is a utility framework designed for building production-ready Python functions on AWS Lambda. It provides a comprehensive suite of tools for observability, event parsing, routing, and idempotency management to streamline the development of serverless applications.

The project distinguishes itself through specialized capabilities for event-driven architectures and AI agent orchestration. It enables the implementation of AI agents by exposing functions as tools via OpenAPI schemas and managing conversation states. Additionally, it features an idempotency library that p
- [99designs/aws-vault](https://awesome-repositories.com/repository/99designs-aws-vault.md) (8,977 ⭐) — aws-vault is a secure credential manager and command-line wrapper for AWS. It stores long-term identity keys using the native operating system secure keystore to prevent plaintext secrets from residing on disk.

The tool orchestrates the exchange of long-term credentials for short-lived temporary sessions by assuming IAM roles, with support for multi-factor authentication and integration with AWS Identity Center for single sign-on access. It prevents credential exposure by injecting these temporary tokens directly into subprocesses or by simulating local metadata endpoints for software develop
- [anthropics/claude-code](https://awesome-repositories.com/repository/anthropics-claude-code.md) (132,728 ⭐) — Anthropic's terminal-native AI coding agent.
