keep your secrets… secret

Quickstart Source Code Community

Aegis is a cloud-native, lightweight Secrets Manager.

With Aegis, your data is secure and protected.

Aegis keeps your secrets… secret.

Aegis is a cloud-native secure store for secrets management. It provides a minimal and intuitive API, ensuring practical security without compromising user experience. Endorsed by industry experts, Aegis is a ground-up reimagination of secrets management, leveraging SPIRE for authentication and providing a cloud-native way to manage secrets end-to-end.

Imagine this: An entire environment with ZERO service keys, usernames, passwords, tokens, or credentials.

☝️ That would mean there will be no need for credential rotation, no possibility fo secrets leaking into logs, or heaven forbid git repos because there are no secrets.

With Aegis that’s exactly what you get.

Aegis makes this possible by leveraging battle-tested and proven technologies including SPIFFE/SPIRE and Age Encryption.

When a Pod requests a secret, Aegis provides a short-lived X.509 certificate to confirm its identity. This certificate is unique to each Pod and ensures secure access to the assigned resource.

The certificate is frequently rotated, limiting damage in the extremely unlikely event of a compromise, as it only grants access to a specific secret for a very brief time.

In addition, when the Pod is down or deleted, the certificate is useless because no other Pod can use it.

There are no service keys, no usernames, no passwords, tokens, SSH keys, API keys…, no nothing.

It’s like magic.

It 👏 Is 👏 Aegis.

Mastodon profile verification