The command line really wasn’t designed for secrets. So, keeping secrets secret on the command line requires some extra care and effort.

We Strongly believe that access information to Cloud in ~/.aws or ~/.azure files are not safe, and we prefer to store that information in an encrypted file managed by the system. Credentials will be hourly rotated and accessible in those files only when they are needed, so only when Leapp is active.

Kubernetes External Secrets allows you to use external secret management systems, like AWS Secrets Manager or HashiCorp Vault, to securely add secrets in Kubernetes. Read more about the design and motivation for Kubernetes External Secrets on the GoDaddy Engineering Blog.

An in-depth guide to managing secrets via GitOps practices.

Kubernetes External Secrets allows you to use external secret management systems (e.g., AWS Secrets Manager) to securely add secrets in Kubernetes

An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications - Soluto/kamus

sealed-secrets - A Kubernetes controller and tool for one-way encrypted Secrets

modern-secrets-management - This repository features the code used in the Modern Secrets Management with Vault talk

Allows you to create a one-time use link to securely send passwords or other information

summon is a command-line tool that reads a file in secrets.yml format and injects secrets as environment variables into any process. Once the process exits, the secrets are gone.