version: LATEST

Aegis

keep your secrets… secret



Quickstart Source Code Community

Aegis is a Kubernetes-native, lightweight Secrets Manager.

With Aegis, your sensitive data is always secure and protected.

Aegis keeps your secrets… secret.

Imagine this: An entire environment with ZERO service keys, usernames, passwords, tokens, or credentials.

☝️ That would mean there will be no need for credential rotation, no possibility fo secrets leaking into logs, or heaven forbid git repos because there are no secrets.

With Aegis that’s exactly what you get.

Aegis makes this possible by leveraging battle-tested and proven technologies including SPIFFE/SPIRE and Age Encryption.

When a Pod requests a secret, Aegis provides a short-lived X.509 certificate to confirm its identity. This certificate is unique to each Pod and ensures secure access to the assigned resource.

The certificate is frequently rotated, limiting damage in the extremely unlikely event of a compromise, as it only grants access to a specific secret for a very brief time.

In addition, when the Pod is down or deleted, the certificate is useless because no other Pod can use it.

There are no service keys, no usernames, no passwords, tokens, SSH keys, API keys…, no nothing.

It’s like magic.

It 👏 Is 👏 Aegis.

Mastodon profile verification

Aegis Quickstart

Get your hands dirty. Install and use Aegis on your Kubernetes cluster.

get started

Production Tips

Production deployment recommendations to let your ops teams #sleepmore.

prepare your clusters

Using Aegis SDK

Use Aegis Go SDK for a tighter integration with Aegis components.

dive in; water is warm

Keeping Secrets

A tutorial on how to dispatch secrets to workloads.

get your hands dirty

Aegis Community

Join us on Slack. It’s nice and cozy in here.

welcome to the jungle

Coming Up Next…

What we are planning to do in the near (and far) future.

see what’s cooking

Community ❤️ Aegis

“This technology is the best I’ve seen to manage secrets end-to-end in a Kubernetes-native way. Aegis avoids the need to deploy and maintain external, non-cloud-native stores, which is a huge differentiator.”
Ramiro Salas, Staff Engineer, VMware
“One more cloud native project that leverages SPIFFE for authentication! Woohoo! More SPIFFE!”
Eli Nesterov, Co-founder of one of the best stealth security startups
“I’ve long wondered how we could radically re-make secrets management if SPIFFE was already in place. Wonder no longer!”
Andrew Jessup, Director of Product Management, HPE Security Engineering
“Secrets management is a relatively mature technology, however its role in the cloud native landscape has been dramatically evolving. Aegis is a ground-up re-imagination, solving the problem in a way that is congruent with the future of cloud computing.”
Evan Gilman, Author of Zero Trust Networks (O’Reilly), SPIRE core maintainer
“That eye is creepy. It says ‘I see you and I care only slightly; beware because I am aware!’.”
Barrdat, the turtle 🐢
“With Aegis, dispatching my secrets in my infra is a breeze. It requires minimal effort to maintain, freeing me up to focus on more important tasks. In fact, it runs so smoothly that I sometimes forget it even exists. Aegis gives me peace of mind.”
Hamza Erbay, Staff Engineer, Udemy
“Aegis is like a vault for your secrets, but instead of a big strong guy named Chuck guarding it, it is just some secure code.”
İlter Köse, Software Engineer, MOIA