Akeyless
Cloud-native SaaS platform for unified secrets management and machine identity security
Open-Source Projects
Discover top open-source software, updated regularly with real-world adoption signals.
Discover top open-source software, updated regularly with real-world adoption signals.
Securely store, encrypt, and manage dynamic secrets at scale
OpenBao provides encrypted storage, dynamic secret generation, lease management, and revocation for credentials, certificates, and keys, supporting multiple backends and robust audit capabilities.
OpenBao is designed for organizations that need a unified system to store, encrypt, and distribute sensitive data such as passwords, API keys, certificates, and cryptographic keys. Secrets are encrypted before being written to persistent storage, and the platform supports a variety of backends—including local disk and PostgreSQL—so you can choose the storage that fits your infrastructure.
Beyond static storage, OpenBao can generate on‑demand credentials for services like AWS and SQL databases. Each generated secret carries a lease that automatically expires and revokes the credential, reducing the attack surface. Built‑in APIs let clients renew leases, and administrators can revoke individual secrets or entire secret trees, enabling rapid key rotation and incident response.
Deploy OpenBao using the provided binaries or Docker images, integrate with existing CI pipelines, and leverage the extensive acceptance test suite (noting that some tests may create real resources). The project is governed by an open community and follows OSI‑approved licensing.
When teams consider OpenBao, these hosted platforms usually appear on the same shortlist.
Cloud-native SaaS platform for unified secrets management and machine identity security
Managed service for securely storing, retrieving, and rotating application secrets (credentials, API keys, etc.)
Cloud service for secure storage and management of cryptographic keys, secrets, and certificates
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
Dynamic AWS credentials for CI pipelines
Short‑lived keys are issued on demand and automatically revoked, minimizing exposure from compromised pipelines.
Encrypting application data before persisting to SQL
Developers store ciphertext directly in databases without implementing custom encryption logic.
Automated certificate rotation for internal services
Certificates are renewed and distributed without service downtime, ensuring continuous trust.
Revoking compromised user tokens across services
Immediate revocation of a user's secret tree cuts off access everywhere, supporting rapid incident response.
Disclose responsibly by emailing openbao-security@lists.openssf.org.
OpenBao can write encrypted secrets to local disk, PostgreSQL, and other backends configured via its storage plugins.
Yes, it can generate dynamic secrets for services such as AWS and SQL databases, with automatic lease expiration.
They can, which may incur costs; run them in isolated accounts and be aware of potential charges.
Importing the repository is not a supported use case and bugs related to it may not be fixed.
Project at a glance
ActiveLast synced 4 days ago