Aegis is a Kubernetes-native, lightweight Secrets Manager.
With Aegis, your sensitive data is always secure and protected.
Aegis keeps your secrets… secret.
Imagine this: An entire environment with ZERO service keys, usernames, passwords, tokens, or credentials.
☝️ That would mean there will be no need for credential rotation, no possibility fo secrets leaking into logs, or heaven forbid git repos because there are no secrets.
With Aegis that’s exactly what you get.
Aegis makes this possible by leveraging battle-tested and proven technologies including SPIFFE/SPIRE and Age Encryption.
When a Pod requests a secret, Aegis provides a short-lived X.509 certificate to confirm its identity. This certificate is unique to each Pod and ensures secure access to the assigned resource.
The certificate is frequently rotated, limiting damage in the extremely unlikely event of a compromise, as it only grants access to a specific secret for a very brief time.
In addition, when the Pod is down or deleted, the certificate is useless because no other Pod can use it.
There are no service keys, no usernames, no passwords, tokens, SSH keys, API keys…, no nothing.
It’s like magic.
It 👏 Is 👏 Aegis.