Open source secrets manager for storing, encrypting, leasing, and revoking sensitive data
- Stars6.3k
- Forks454
- Open Issues254
MPL-2.0
- Go
- MDX
- JavaScript
About OpenBao
OpenBao is a software solution for managing, storing, and distributing sensitive data such as secrets, certificates, and keys. It addresses the need to centralize database credentials, API keys, and service credentials while keeping access control, key rolling, and auditability in one place.
It stores arbitrary key/value secrets and encrypts them before writing to persistent storage. It can write to disk, PostgreSQL, and more. It also generates dynamic secrets on demand, supports data encryption and decryption without storing data, and manages leases with automatic revocation and renewal APIs.
OpenBao runs as a self-hosted server with a built-in web UI and a command line client for day-to-day use. It publishes official API and SDK libraries so applications can request secrets and rotate credentials programmatically. Revocation can target a single secret or a whole tree of secrets, which helps with key rolling and locking down systems during an intrusion.
Key features
- Stores arbitrary key/value secrets with encryption at rest
- Generates dynamic secrets on demand for systems like AWS and SQL databases
- Supports data encryption and decryption without storing the data
- Manages leases, renewal, and automatic secret revocation
- Can write persistent data to disk, PostgreSQL, and more
Details
- First released
- 2023
- Self-hosting
- Self-hosted deployment
- Storage
- Disk · PostgreSQL · more
- Encryption
- Encrypts secrets before storage
- Revocation
- Automatic lease revocation
- Governance
- OpenSSF / Linux Foundation project