{"id":27786270,"url":"https://github.com/clever/stealth","last_synced_at":"2025-04-30T15:58:47.788Z","repository":{"id":37588085,"uuid":"63991460","full_name":"Clever/stealth","owner":"Clever","description":"Go wrapper for credstash secret store","archived":false,"fork":false,"pushed_at":"2025-04-24T19:54:58.000Z","size":157,"stargazers_count":7,"open_issues_count":2,"forks_count":2,"subscribers_count":51,"default_branch":"master","last_synced_at":"2025-04-24T20:42:52.551Z","etag":null,"topics":["aws-kms","credential-storage","key-management","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Clever.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2016-07-23T00:33:22.000Z","updated_at":"2025-04-24T00:20:30.000Z","dependencies_parsed_at":"2025-04-17T00:34:52.868Z","dependency_job_id":"ec55b46f-6ae7-41cf-8725-0e2dfe39bcc9","html_url":"https://github.com/Clever/stealth","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Clever%2Fstealth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Clever%2Fstealth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Clever%2Fstealth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Clever%2Fstealth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Clever","download_url":"https://codeload.github.com/Clever/stealth/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251737762,"owners_count":21635667,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-kms","credential-storage","key-management","security"],"created_at":"2025-04-30T15:58:43.531Z","updated_at":"2025-04-30T15:58:47.776Z","avatar_url":"https://github.com/Clever.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# stealth\n\nStealth is a go interface to write/read from secret stores.\n\nThe current storage implementation uses [AWS System Manger Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html). Previously, it used our fork of [unicreds](https://github.com/Clever/unicreds), which is a go port of [credstash](https://github.com/fugue/credstash), which uses AWS [DynamoDB](https://aws.amazon.com/dynamodb/) and [KMS](https://aws.amazon.com/kms/).\n\n# usage\n\nStealth can be run standalone for certain administrative tasks. First you'll need to compile the binary:\n\n```bash\n    make build\n```\n\nTo find all secrets that have the same value as an existing secret (for instance, to revoke a leaked secret):\n\n```bash\n    ./stealth dupes --environment [production OR development] --service [service-name] --key [key name]\n```\n\nYou can replace all these values using this command:\n\n```bash\n    ./stealth dupes --environment [production OR development] --service [service-name] --key [key name] --update-with [value to replace with]\n```\n\nTo delete a secret:\n\n```bash\n    ./stealth delete --environment [production OR development] --service [service-name] --key [key name]\n```\n\nTo write a secret:\n\n```bash\n    ./stealth write --environment [production OR development] -- service [service-name] --key [key name] --value [key value]\n```\n\nTo identify discrepancies in secret values across 4 U.S. regions of AWS.\n\n```bash\n    ./stealth health --environment=ENVIRONMENT --service=SERVICE\n```\n\n# tests\n\nTo run tests, use:\n\n```bash\n    make test\n```\n\nThis creates, updates, and reads secrets from the ci-test environment secret store, using the AWS credentials in your local environment.\n\n# setting up backend infrastructure\n\nIf you are using Terraform, you can use the module [tf-credstash](https://github.com/dfuentes/tf-credstash) to set up the necessary DynamoDB and KMS key for stealth. For example, to create a dev backend, you can use this terraform code:\n\n```HCL\nprovider \"aws\" {}\n\nmodule \"stealth-dev\" {\n  source = \"github.com/dfuentes/tf-credstash\"\n  key_alias = \"alias/stealth-key-dev\"\n  table_name = \"stealth-dev\"\n}\n```\n\n# license\n\n[Apache 2.0](./LICENSE)\n\n# usage at Clever\n\nStealth is co-owned by #eng-infra and #eng-security. For more info, see http://go/stealth\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclever%2Fstealth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fclever%2Fstealth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fclever%2Fstealth/lists"}