Open Source Tools

Open Source Secrets Manager

A secrets manager is a single point that, if it falls, exposes every credential your infrastructure runs on - the blast radius is the whole environment, so how it encrypts at rest, scopes access, and rotates keys matters more than any convenience feature. The open source systems here put that machinery in the open: you can read the encryption and access logic, host it inside your own trust boundary, and rotate or revoke without waiting on a vendor.

12 secrets manager100% OSI-approved licensesUpdated June 2026

Showing 1-9 of 12

Vaultwarden

Password Manager

Self-hosted Bitwarden-compatible server in Rust, light enough to run where the official service is too heavy

AGPL-3.0RustSelf-host

HashiCorp Vault

Secrets Manager

Secrets management, encryption as a service, and privileged access management

OtherGoSelf-host

Infisical

Secrets Manager

Open-source secrets, certificate, and privileged access management for teams and infrastructure

OtherTypeScriptSelf-host

SOPS

Secrets Manager

Editor for encrypted YAML, JSON, ENV, INI, and binary files with KMS, age, and PGP

MPL-2.0GoSelf-host

Bitwarden

Password Manager

Open-source password manager for passwords and passkeys, with clients for web, browser, desktop, and CLI

OtherTypeScriptSelf-host

Sealed Secrets

Secrets Manager

Kubernetes controller and kubeseal tool for one-way encrypted Secrets

Apache-2.0GoSelf-host

gopass

Password Manager

GPG-encrypted, git-versioned password manager for teams - a drop-in replacement for the standard UNIX pass

External Secrets Operator

Secrets Manager

Kubernetes operator that syncs values from external secret stores into Kubernetes Secrets

Apache-2.0GoSelf-host

OpenBao

Secrets Manager

Open source secrets manager for storing, encrypting, leasing, and revoking sensitive data

MPL-2.0GoSelf-host

Related categories

Password Manager10 Password Generator10 Password Protection6 SSO13 Privileged Access Management11