{"id":19218899,"url":"https://github.com/bearlike/simple-secrets-manager","last_synced_at":"2026-03-04T13:03:22.712Z","repository":{"id":42032421,"uuid":"477188293","full_name":"bearlike/Simple-Secrets-Manager","owner":"bearlike","description":"Self‑hosted secrets and env vars manager for teams, delivered at runtime via CLI, API, and Web UI","archived":false,"fork":false,"pushed_at":"2026-02-28T03:05:19.000Z","size":2519,"stargazers_count":6,"open_issues_count":2,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-28T07:47:45.110Z","etag":null,"topics":["flask","python","secrets","secrets-management","vault"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bearlike.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":".github/SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2022-04-02T22:47:27.000Z","updated_at":"2026-02-28T01:49:18.000Z","dependencies_parsed_at":"2025-04-10T19:41:56.742Z","dependency_job_id":"5c58842a-fd3c-4797-9c6a-e3b2c0cdaace","html_url":"https://github.com/bearlike/Simple-Secrets-Manager","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/bearlike/Simple-Secrets-Manager","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bearlike%2FSimple-Secrets-Manager","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bearlike%2FSimple-Secrets-Manager/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bearlike%2FSimple-Secrets-Manager/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bearlike%2FSimple-Secrets-Manager/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bearlike","download_url":"https://codeload.github.com/bearlike/Simple-Secrets-Manager/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bearlike%2FSimple-Secrets-Manager/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30081091,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-04T12:28:08.313Z","status":"ssl_error","status_checked_at":"2026-03-04T12:27:28.210Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["flask","python","secrets","secrets-management","vault"],"created_at":"2024-11-09T14:28:40.062Z","updated_at":"2026-03-04T13:03:22.687Z","avatar_url":"https://github.com/bearlike.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e🔐 \u003ca href=\"#\"\u003e\u003cimg alt=\"Simple Secrets Manager\" src=\"docs/img/gh_banner.png\" /\u003e\u003c/a\u003e\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\n    \u003ca href=\"https://github.com/bearlike/simple-secrets-manager/pkgs/container/simple-secrets-manager\"\u003e\u003cimg alt=\"Docker Image Tag\" src=\"https://img.shields.io/badge/Docker-ghcr.io%2Fbearlike%2Fsimple%E2%80%94secrets%E2%80%94manager%3Alatest-blue?logo=docker\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/bearlike/simple-secrets-manager/pkgs/container/simple-secrets-manager\"\u003e\u003cimg alt=\"Docker Image Architecture\" src=\"https://img.shields.io/badge/architecture-arm64v8%20%7C%20x86__64-blue?logo=docker\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/bearlike/simple-secrets-manager/actions/workflows/ci.yml\"\u003e\u003cimg alt=\"CI\" src=\"https://github.com/bearlike/simple-secrets-manager/actions/workflows/ci.yml/badge.svg\"\u003e\u003c/a\u003e\n    \u003ca href=\"/LICENSE\"\u003e\u003cimg alt=\"License\" src=\"https://img.shields.io/github/license/bearlike/simple-secrets-manager.svg\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\nSimple Secrets Manager is a lightweight, self-hosted secret manager for teams that need clean project/config-based secret organization without enterprise overhead. Comes with a `ssm-cli` command-line client.\n\n\u003cimg height=\"720\" alt=\"image\" src=\"https://github.com/user-attachments/assets/539016cb-9428-4b3d-8704-31dc474caf65\" /\u003e\n\n## ✨ Features\n\nPrioritized by customer value and typical adoption flow:\n\n1. **Self-hosted deployment with guided bootstrap**  \n   Deploy the full stack with Docker Compose and initialize the first admin account through the built-in onboarding flow.\n\n2. **Project + environment-based secret organization**  \n   Organize secrets by project and config (for example `dev`, `staging`, `prod`) with optional parent-child inheritance to reduce duplication.\n\n3. **Secure secret lifecycle management in the Admin Console**  \n   Create, edit, delete, search, and reveal secrets with a streamlined UI built for day-to-day environment management.\n\n4. **Bulk import/export for real workflows**  \n   Import `.env` files with preview and conflict awareness, and export secrets as JSON or `.env` for runtime consumption.\n\n5. **Reference-aware secret composition**  \n   Compose values with placeholders (same config, cross-config, or cross-project) and choose resolved or raw output modes when reading/exporting.\n\n6. **Validation that prevents broken secret references**  \n   Catch invalid reference syntax, unresolved links, and recursion issues during save and compare workflows before they become runtime incidents.\n\n7. **Scoped token-based access for users and services**  \n   Issue personal and service tokens with TTL and project/config scoping, then revoke tokens when access is no longer needed.\n\n8. **Workspace RBAC with group-based project access**  \n   Manage workspace roles, project roles, groups, and group mappings to enforce least-privilege access at team scale.\n\n9. **Audit visibility for operational accountability**  \n   Track API activity with filterable audit events (project/config/time) to support incident review and compliance needs.\n\n10. **Cross-environment drift and issue detection**  \n    Compare a single secret key across configs to quickly identify mismatches, missing values, and broken references.\n\n11. **CLI-first runtime delivery and automation**  \n    Inject secrets directly into processes (`ssm-cli run`), download or mount payloads, and automate secret updates in local and CI/CD workflows.\n\n12. **Operational quality-of-life features for large secret sets**  \n    Use automatic/manual secret icons and project-wide icon recompute to keep large secret catalogs easier to scan and maintain.\n\n## 🚀 Getting Started\n\n### 1️⃣ Deploying the SSM Server\n\nStart the full stack with Docker Compose:\n\n```bash\n./scripts/deploy_stack.sh\n```\n\nThis script reads `VERSION`, exports `APP_VERSION`, and runs `docker compose up -d --build` with deterministic image labeling.\n\nEndpoints:\n\n- Frontend: `http://localhost:8080`\n- Backend API via proxy: `http://localhost:8080/api`\n- Backend API direct: `http://localhost:5000/api`\n\n#### First-Time Setup\n\nOn a fresh install:\n\n1. Open `http://localhost:8080`\n2. Complete initial setup (create first admin user)\n3. Sign in and create projects/configs/secrets\n\nAPI-only bootstrap steps are in [`docs/FIRST_TIME_SETUP.md`](docs/FIRST_TIME_SETUP.md).\n\n---\n\n### 2️⃣ Installing `ssm-cli` locally\n\n`ssm-cli` is a lightweight command-line client that securely authenticates to Simple Secrets Manager and injects your project/config secrets into any command or runtime on demand.\n\n\nInstall `ssm-cli` globally via uv:\n\n```bash\nuv tool install git+https://github.com/bearlike/Simple-Secrets-Manager.git\nuv tool update-shell\nssm-cli --help\n```\n\nIf `ssm-cli` is not found, ensure uv's tool bin is on `PATH`:\n\n```bash\nexport PATH=\"$(uv tool dir --bin):$PATH\"\n```\n\nAlready installed? Update to latest:\n\n```bash\nuv tool upgrade simple-secrets-manager\n```\n\nIf you installed from Git and want a fresh reinstall:\n\n```bash\nuv tool install --force git+https://github.com/bearlike/Simple-Secrets-Manager.git\n```\n\n#### Authenticate CLI to Your Backend\n\nSet backend URL and token:\n\n```bash\nssm-cli configure --base-url http://localhost:8080/api --profile dev\nssm-cli auth set-token --token \"\u003cservice-or-personal-token\u003e\" --profile dev\n```\n\nOr login with username/password:\n\n```bash\nssm-cli login --profile dev\n```\n\n#### Use the Application from CLI\n\nInject secrets into a process:\n\n```bash\nssm-cli run --profile dev -- python app.py\n```\n\n`ssm-cli run` resolves secret references by default, including `${KEY}`, `${config.KEY}`, and `${project.config.KEY}`.\nInvalid or unresolved references are rejected on save by the API, and missing references at read time resolve to empty strings.\n\nDownload secrets:\n\n```bash\nssm-cli secrets download --profile dev --format json\nssm-cli secrets download --profile dev --format json --raw\n```\n\nWrite a single secret:\n\n```bash\nssm-cli secrets set --profile dev --key API_KEY --value \"super-secret\"\nprintf '%s' \"$TOKEN_VALUE\" | ssm-cli secrets set --profile dev --key TOKEN --value-stdin\n```\n\nBulk upload secrets:\n\n```bash\nssm-cli secrets upload --profile dev --env-file .env.production\nssm-cli secrets upload --profile dev --json-file secrets.json\ncat secrets.json | ssm-cli secrets upload --profile dev --stdin --format json\n```\n\nCheck active CLI session:\n\n```bash\nssm-cli whoami --profile dev\n```\n\n---\n\n## 📚 Documentation\n\n- CLI reference: [`docs/CLI.md`](docs/CLI.md)\n- First-time setup: [`docs/FIRST_TIME_SETUP.md`](docs/FIRST_TIME_SETUP.md)\n- Container runtime reference: [`docs/README_dockerhub.md`](docs/README_dockerhub.md)\n- Developer docs: [`docs/DEVELOPER_GUIDE.md`](docs/DEVELOPER_GUIDE.md)\n\n## 🔄 Update Existing Deployment\n\nIf you run from this repository source:\n\n```bash\ngit pull\n./scripts/deploy_stack.sh\n```\n\nIf you run prebuilt images only:\n\n```bash\ndocker compose pull\ndocker compose up -d\n```\n\n---\n\n## 🤝 Contributing 👏\n\nWe welcome contributions from the community to improve this project. Use the steps below.\n\n1. Fork the repository and clone it to your local machine.\n2. Use the pre-commit hook to automate linting and testing, catching errors early. \n3. Create a new branch for your contribution.\n4. Make your changes, commit them, and push to your fork.\n5. Open a pull request describing the change and the problem it solves.\n\n## 🐞 Bug Reports and Feature Requests\n\nIf you encounter bugs or have ideas for features, open an issue on the [issue tracker](https://github.com/bearlike/Simple-Secrets-Manager/issues). Include reproduction steps and error messages when possible.\n\nThank you for contributing.\n\n---\n\nLicensed under [CC0 1.0 Universal](./LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbearlike%2Fsimple-secrets-manager","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbearlike%2Fsimple-secrets-manager","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbearlike%2Fsimple-secrets-manager/lists"}