Recent and related:<p><i>HashiCorp Vault forked into OpenBAO</i> - <a href="https://news.ycombinator.com/item?id=38578247">https://news.ycombinator.com/item?id=38578247</a> - Dec 2023 (70 comments)
Hey HN, I'm involved with this project, glad you found it interesting! Keep in mind it's still a _very_ early stage and not in a usable state. A lot of work in progress but also plenty of opportunities if you want to contribute.<p>If you want to help out, you can :<p>Join Matrix rooms:<p>- <a href="https://chat.lfx.linuxfoundation.org/#/room/#openbao-announcements:chat.lfx.linuxfoundation.org" rel="nofollow noreferrer">https://chat.lfx.linuxfoundation.org/#/room/#openbao-announc...</a><p>- <a href="https://chat.lfx.linuxfoundation.org/#/room/#openbao-development:chat.lfx.linuxfoundation.org" rel="nofollow noreferrer">https://chat.lfx.linuxfoundation.org/#/room/#openbao-develop...</a><p>- <a href="https://chat.lfx.linuxfoundation.org/#/room/#openbao-general:chat.lfx.linuxfoundation.org" rel="nofollow noreferrer">https://chat.lfx.linuxfoundation.org/#/room/#openbao-general...</a><p>- <a href="https://chat.lfx.linuxfoundation.org/#/room/#openbao-questions:chat.lfx.linuxfoundation.org" rel="nofollow noreferrer">https://chat.lfx.linuxfoundation.org/#/room/#openbao-questio...</a><p>- <a href="https://chat.lfx.linuxfoundation.org/#/room/#openbao-random:chat.lfx.linuxfoundation.org" rel="nofollow noreferrer">https://chat.lfx.linuxfoundation.org/#/room/#openbao-random:...</a><p>Join the mailing list: <a href="https://lists.lfedge.org/g/openbao" rel="nofollow noreferrer">https://lists.lfedge.org/g/openbao</a>
I use HashiCorp Vault paid version to interface with an on premises HSM and for its FIPS compliance. I don’t know of any other software that is as lightweight and easy to use with an HSM as vault. We are using Vault to store the signed intermediate CA and automatically unseal Vault by storing the shards in the HSM (along with the Root CA). OpenBao wouldn’t solve this for me.
As much as I appreciate open source forks of things like this I’d rather just completely avoid vault if I can. This and consul are bits of software that make my life harder not better in the last few years.
> Please note: We take OpenBao's security and our users' trust very seriously.<p>Funny how that sentence is one of the quickest ways to make me mistrust something (even if possibly undeserved).
Hi,<p>This is concerning. To me it looks like there is a holy war going on with devs who maintain a secrets manager. The last thing I want is instability with the tool that holds my passwords and credentials. On the low end of my concern is the annoyance of constantly updating names in yaml files, and on the high end is worry that a rogue dev could deliberately add in a security hole that would compromise my secrets.<p>Is there any assurance this won't happen?
> Please note: We take OpenBao's security and our users' trust very seriously. If you believe you have found a security issue in Vault, please responsibly disclose by contacting us at openbao-security@lists.lfedge.org.<p>You might wanna change Vault to OpenBao
Appreciate the fork, but I think it's time for people to move on from Vault and other HashiCorp tools (especially that I'm hearing this is financed by IMB to keep their Vault competitor going).<p>Check out Infisical for secret management: <a href="https://github.com/Infisical/infisical">https://github.com/Infisical/infisical</a><p>Disclaimer: I'm one of the maintainers.
Another option that focuses on ease-of-use and security is EnvKey - <a href="https://envkey.com">https://envkey.com</a> (I’m the founder)<p>It’s has client-side end-to-end encryption with no backdoors or compromises, is open source, and, apart from secrets management, provides a robust set of tools to manage and de-duplicate config.<p>Comparison with Vault: <a href="https://www.envkey.com/compare/hashicorp-vault/">https://www.envkey.com/compare/hashicorp-vault/</a>