There have been several times in the last year when I wanted a somewhat simpler solution to HashiCorp's Vault project. Don't get me wrong, I absolutely love the product and have used it on several occasions at work. But for smaller projects, administering it can be somewhat of a hassle.
And so I decided to build varys
, a tool for deriving secrets and managing privileged access to services. Unlike
Vault, varys
doesn't store any secrets on disk. Instead, credentials are derived on the fly and require authorization
to the service in order to obtain them.
- All requests require authentication and authorization.
- Data is encrypted in transit and at rest.
- Easily rotate keys per user, per service, or for all services within
varys
. - Derived secrets are never persisted within the system, only some metadata used to derive them.
For now, you'll need to install varys
the old-fashion way.
$ go install github.com/mjpitz/varys/cmd/varys@latest
A container is also available. To run using docker:
$ docker run ghcr.io/mjpitz/varys:latest