Secure storage, and delivery for tokens, passwords, API keys, and other secrets using HTTP API, Swagger UI or Python Package.

TL;DR: Poor Man's Hashi Corp Vault

Why does this exist?

Hashi Corp Vault works well but it was meant for enterprises. Therefore, it was heavy and non-portable (atleast difficult) for my homelab setup. So I wanted to build a Secrets Manager intended for small scale setups that could also scale well.

Goals

• A lightweight system that sucks less power out of the wall. Therefore, minimal background jobs and reduced resource utilizations.
• Should be compatible on both x86-64 and arm64v8 (mainly Raspberry Pi 4).
• High stability, availability and easy scalability.

Available secret engines

Secret Engine	Description
kv	Key-Value engine is used to store arbitrary secrets.

Available authentication methods

Auth Methods	Description
userpass	Allows users to authenticate using a username and password combination.
token	Allows users to authenticate using a token. Token generation requires users to be authenticated via userpass

Future

• Secret engines for certificates (PKI), SSH and databases.
• Encrypting secrets before writing to a persistent storage, so gaining access to the raw storage isn't enough to access your secrets.

Getting started

Automated Install: docker-compose (Recommended)

1. Run the stack by executing docker-compose up -d.

Manual Installation

Setup Steps

1. Clone repository

   git clone --depth 1 https://github.com/bearlike/simple-secrets-manager
   cd simple-secrets-manager

2. Create a .env file in the project root to configure MongoDB connection.

   CONNECTION_STRING=mongodb://username:[email protected]:27017

3. Install dependencies

   pip3 install -r requirements.txt
   # Or if using Poetry
   poetry install

4. Start the server

   python3 server.py

5. Access the application: Browse to http://server_hostname:5000/api to access the Swagger UI

For user creation and initial setup, see the First-Time Usage Guide.