version: LATEST @2023-05-28#a03df8

Aegis

keep your secrets… secret



Quickstart Source Code Community

Aegis is a cloud-native, lightweight Secrets Manager.

With Aegis, your data is secure and protected.

Aegis keeps your secrets… secret.

Aegis is a cloud-native secure store for secrets management. It provides a minimal and intuitive API, ensuring practical security without compromising user experience. Endorsed by industry experts, Aegis is a ground-up reimagination of secrets management, leveraging SPIRE for authentication and providing a cloud-native way to manage secrets end-to-end.

Imagine this: An entire environment with ZERO service keys, usernames, passwords, tokens, or credentials.

☝️ That would mean there will be no need for credential rotation, no possibility fo secrets leaking into logs, or heaven forbid git repos because there are no secrets.

With Aegis that’s exactly what you get.

Aegis makes this possible by leveraging battle-tested and proven technologies including SPIFFE/SPIRE and Age Encryption.

When a Pod requests a secret, Aegis provides a short-lived X.509 certificate to confirm its identity. This certificate is unique to each Pod and ensures secure access to the assigned resource.

The certificate is frequently rotated, limiting damage in the extremely unlikely event of a compromise, as it only grants access to a specific secret for a very brief time.

In addition, when the Pod is down or deleted, the certificate is useless because no other Pod can use it.

There are no service keys, no usernames, no passwords, tokens, SSH keys, API keys…, no nothing.

It’s like magic.

It 👏 Is 👏 Aegis.

Mastodon profile verification

Aegis Quickstart

Get your hands dirty. Install and use Aegis on your Kubernetes cluster.

get started

Production Tips

Production deployment recommendations to let your ops teams #sleepmore.

prepare your clusters

Using Aegis SDK

Use Aegis Go SDK for a tighter integration with Aegis components.

dive in; water is warm

Keeping Secrets

A tutorial on how to dispatch secrets to workloads.

get your hands dirty

Aegis Community

Join us on Slack. It’s nice and cozy in here.

welcome to the jungle

Coming Up Next…

What we are planning to do in the near (and far) future.

see what’s cooking

Community ❤️ Aegis

“This technology is the best I’ve seen to manage secrets end-to-end in a Kubernetes-native way. Aegis avoids the need to deploy and maintain external, non-cloud-native stores, which is a huge differentiator.”
Ramiro Salas, Staff Engineer, VMware
“One more cloud native project that leverages SPIFFE for authentication! Woohoo! More SPIFFE!”
Eli Nesterov, Co-founder of SPIRL
“I’ve long wondered how we could radically re-make secrets management if SPIFFE was already in place. Wonder no longer!”
Andrew Jessup, Director of Product Management, HPE Security Engineering
“Secrets management is a relatively mature technology, however its role in the cloud native landscape has been dramatically evolving. Aegis is a ground-up re-imagination, solving the problem in a way that is congruent with the future of cloud computing.”
Evan Gilman, Author of Zero Trust Networks (O’Reilly), SPIRE core maintainer
“That eye is creepy. It says ‘I see you and I care only slightly; beware because I am aware!’.”
Barrdat, the turtle 🐢
“With Aegis, dispatching my secrets in my infra is a breeze. It requires minimal effort to maintain, freeing me up to focus on more important tasks. In fact, it runs so smoothly that I sometimes forget it even exists. Aegis gives me peace of mind.”
Hamza Erbay, Staff Engineer, Udemy
“Aegis is like a vault for your secrets, but instead of a big strong guy named Chuck guarding it, it is just some secure code.”
İlter Köse, Software Engineer, MOIA