.svg){kind=icon}
A Python program to scrape secrets from GitHub through usage of a large repository of dorks.
GitDorker is a tool that utilizes the GitHub Search API and an extensive list of GitHub dorks that I've compiled from various sources to provide an overview of sensitive information stored on github given a search query.
The Primary purpose of GitDorker is to provide the user with a clean and tailored attack surface to begin harvesting sensitive information on GitHub. GitDorker can be used with additional tools such as GitRob or Trufflehog on interesting repos or users discovered from GitDorker to produce best results.
A multi-vault secret injection tool for safely injecting secrets into app environment.
Whispr (Pronounced as whisper) is a CLI tool to safely inject secrets from your favorite secret vault (Ex: AWS Secrets Manager, Azure Key Vault etc.) into your app's environment. This is very useful for enabling secure local software development.
Flask-Vault is a robust library that empowers Flask applications to securely store and manage sensitive credentials. It provides a set of CLI commands for storing secrets using AES-GCM symmetric encryption, ensuring that vital information like API keys and database credentials remain protected.
Flask-Vault provides several cli commands and Python functions to store secrets that you do not want to keep in the clear, using symmetric encryption with AES-GCM. These commands and functions allow you to safely read/write very important credentials such as API keys, database credentials, etc.
An enterprise friendly way of detecting and preventing secrets in code.
detect-secrets is an aptly named module for (surprise, surprise) detecting secrets within a code base.
Git Security Scanning & Secrets Detection.
Centralized Cloud-Based Secrets Management Platform.
Securely manage, orchestrate, and govern secrets at scale with Doppler’s developer-first cloud hosted platform.
Open Source Secret Management. All-in-one platform to securely manage application configuration and secrets across your team and infrastructure.
♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI.
Tang binding daemon.
Tang is a server for binding data to network presence.
This sounds fancy, but the concept is simple. You have some data, but you only want it to be available when the system containing the data is on a certain, usually secure, network. This is where Tang comes in.
Gitleaks is a fast, light-weight, portable, and open-source secret scanner for git repositories, files, and directories.
get things from one computer to another, safely.
This package provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another. The two endpoints are identified by using identical "wormhole codes": in general, the sending machine generates and displays the code, which must then be typed into the receiving machine.
Securely Send a Password.
🔐 An application to securely communicate passwords over the web. Passwords automatically expire after a certain number of views and/or time has passed. Track who, what and when.
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys.
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way. Since the Sealed Secrets are encrypted, they can be safely stored in a code repository. This enables an easy to implement GitOps flow that is very popular among the OSS community.
Simple and flexible tool for managing secrets.
SOPS is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.