{"id":31558070,"url":"https://github.com/vmware/secrets-manager","last_synced_at":"2025-10-05T00:14:22.278Z","repository":{"id":185610474,"uuid":"668325891","full_name":"vmware/secrets-manager","owner":"vmware","description":"VMware Secrets Manager is a lightweight secrets manager to protect your sensitive data. It’s perfect for edge deployments where energy and footprint requirements are strict—See more: https://vsecm.com/","archived":false,"fork":false,"pushed_at":"2025-09-09T01:10:27.000Z","size":36573,"stargazers_count":175,"open_issues_count":93,"forks_count":30,"subscribers_count":9,"default_branch":"main","last_synced_at":"2025-09-09T03:48:09.288Z","etag":null,"topics":["cloud-native","edge","kubernetes","secret-management","secrets-manager","security","spiffe","spire","zero-trust"],"latest_commit_sha":null,"homepage":"https://vsecm.com/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vmware.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":"MAINTAINERS.md","copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-07-19T14:37:24.000Z","updated_at":"2025-09-09T01:10:27.000Z","dependencies_parsed_at":null,"dependency_job_id":"295a5c82-c285-480b-b134-82ef276e55fe","html_url":"https://github.com/vmware/secrets-manager","commit_stats":{"total_commits":143,"total_committers":14,"mean_commits":"10.214285714285714","dds":0.5734265734265734,"last_synced_commit":"638711cc137016994b650c1e70f7a5b8b672fe9f"},"previous_names":["vmware-tanzu/secrets-manager","vmware/secrets-manager"],"tags_count":52,"template":false,"template_full_name":null,"purl":"pkg:github/vmware/secrets-manager","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware%2Fsecrets-manager","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware%2Fsecrets-manager/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware%2Fsecrets-manager/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware%2Fsecrets-manager/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vmware","download_url":"https://codeload.github.com/vmware/secrets-manager/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware%2Fsecrets-manager/sbom","scorecard":{"id":1237297,"data":{"date":"2025-05-28T21:01:20Z","repo":{"name":"github.com/vmware/secrets-manager","commit":"81a3e5de135a7cd048590c709a9541c0c2764632"},"scorecard":{"version":"v4.13.1","commit":"49c0eed3a423f00c872b5c3c9f1bbca9e8aae799"},"score":7,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":0,"reason":"0 out of 30 merged PRs checked by a CI test -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":5,"reason":"found 3 unreviewed changesets out of 7 -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#code-review"}},{"name":"Contributors","score":10,"reason":"11 different organizations found -- score normalized to 10","details":["Info: contributors work for Tools-List,acikkaynak,broadcom,developgo,findmentor-network,jsbites,letgo,o2js,supabase-community,vmware,zerotohero-dev"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: tool 'Dependabot' is used: :0"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no OSSFuzz integration found: Follow the steps in https://github.com/google/oss-fuzz to integrate fuzzing for your project.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)","Warn: no OneFuzz integration found: Follow the steps in https://github.com/microsoft/onefuzz to start fuzzing for your project.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)","Warn: no GoBuiltInFuzzer integration found: Follow the steps in https://go.dev/doc/fuzz/ to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no PythonAtherisFuzzer integration found: Follow the steps in https://github.com/google/atheris to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no CLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no CppLibFuzzer integration found: Follow the steps in https://llvm.org/docs/LibFuzzer.html to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no SwiftLibFuzzer integration found: Follow the steps in https://google.github.io/oss-fuzz/getting-started/new-project-guide/swift-lang/ to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no RustCargoFuzzer integration found: Follow the steps in https://rust-fuzz.github.io/book/cargo-fuzz.html to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no JavaJazzerFuzzer integration found: Follow the steps in https://github.com/CodeIntelligenceTesting/jazzer to enable fuzzing on your project.\nOver time, try to add fuzzing for more functionalities of your project. (Medium effort)","Warn: no ClusterFuzzLite integration found: Follow the steps in https://github.com/google/clusterfuzzlite to integrate fuzzing as part of CI.\nOver time, try to add fuzzing for more functionalities of your project. (High effort)","Warn: no HaskellPropertyBasedTesting integration found: Use one of the following frameworks to fuzz your project:\nQuickCheck: https://hackage.haskell.org/package/QuickCheck\nhedgehog: https://hedgehog.qa/\nvalidity: https://github.com/NorfairKing/validity\nsmallcheck: https://hackage.haskell.org/package/smallcheck\nhspec: https://hspec.github.io/\ntasty: https://hackage.haskell.org/package/tasty (High effort)","Warn: no TypeScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)","Warn: no JavaScriptPropertyBasedTesting integration found: Use fast-check: https://github.com/dubzzz/fast-check (High effort)"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: License file found in expected location: LICENSE:1","Info: FSF or OSI recognized license: LICENSE:1"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#license"}},{"name":"Maintained","score":10,"reason":"16 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"no published package detected","details":["Warn: no GitHub/GitLab publishing workflow detected"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/scorecard.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/vmware/secrets-manager/scorecard.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-coverage.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/vmware/secrets-manager/test-coverage.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-coverage.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/vmware/secrets-manager/test-coverage.yaml/main?enable=pin","Warn: containerImage not pinned by hash: aegis-web.Dockerfile:11","Warn: containerImage not pinned by hash: aegis-web.Dockerfile:21: pin your Docker image by updating ghcr.io/static-web-server/static-web-server:2 to ghcr.io/static-web-server/static-web-server:2@sha256:210d9726e0f06c10639156563e70ce0692a6618707e0bf7b3cf842caf3f28e18","Warn: containerImage not pinned by hash: dockerfiles/example/init-container.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/example/init-container.Dockerfile:24: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/example/multiple-secrets.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/example/multiple-secrets.Dockerfile:26: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/example/sdk-go.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/example/sdk-go.Dockerfile:26: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/example/sidecar.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/example/sidecar.Dockerfile:26: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/util/inspector.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/util/inspector.Dockerfile:27: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/util/keygen.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/util/keygen.Dockerfile:24: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist-fips/init-container.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist-fips/init-container.Dockerfile:27: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist-fips/keystone.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist-fips/keystone.Dockerfile:27: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist-fips/relay-client.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist-fips/relay-client.Dockerfile:26: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist-fips/relay-server.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist-fips/relay-server.Dockerfile:25: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist-fips/safe.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist-fips/safe.Dockerfile:27: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist-fips/scout.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist-fips/scout.Dockerfile:26: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist-fips/sentinel.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist-fips/sentinel.Dockerfile:27: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist-fips/sidecar.Dockerfile:13","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist-fips/sidecar.Dockerfile:26: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist/init-container.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist/init-container.Dockerfile:25: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist/keystone.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist/keystone.Dockerfile:25: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist/relay-client.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist/relay-client.Dockerfile:25: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist/relay-server.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist/relay-server.Dockerfile:25: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist/safe.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist/safe.Dockerfile:24: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist/scout.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist/scout.Dockerfile:23: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist/sentinel.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist/sentinel.Dockerfile:25: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist/sidecar.Dockerfile:12","Warn: containerImage not pinned by hash: dockerfiles/vsecm-ist/sidecar.Dockerfile:23: pin your Docker image by updating gcr.io/distroless/static-debian11 to gcr.io/distroless/static-debian11@sha256:1dbe426d60caed5d19597532a2d74c8056cd7b1674042b88f7328690b5ead8ed","Warn: containerImage not pinned by hash: examples/workshop_spiffe_federation/apps/control-plane-server/Dockerfile:11","Warn: containerImage not pinned by hash: examples/workshop_spiffe_federation/apps/control-plane-server/Dockerfile:28","Warn: containerImage not pinned by hash: examples/workshop_spiffe_federation/apps/edge-store/Dockerfile:11","Warn: containerImage not pinned by hash: examples/workshop_spiffe_federation/apps/edge-store/Dockerfile:27","Warn: containerImage not pinned by hash: examples/workshop_vsecm_eso/app/Dockerfile:2","Warn: containerImage not pinned by hash: examples/workshop_vsecm_eso/app/Dockerfile:22: pin your Docker image by updating alpine:latest to alpine:latest@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c","Warn: goCommand not pinned by hash: hack/generate-proto-files.sh:40","Info:   2 out of   5 GitHub-owned GitHubAction dependencies pinned","Info:   2 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of  52 containerImage dependencies pinned","Info:   0 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool","Warn: CodeQL tool not detected"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#sast"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":["Warn: no GitHub releases found"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18","Info: topLevel permissions set to 'read-all': .github/workflows/test-coverage.yaml:7","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-vvgc-356p-c3xw / GO-2025-3595","Warn: Project is vulnerable to: GO-2025-3488"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-09-09T03:48:16.804Z","repository_id":185610474,"created_at":"2025-09-09T03:48:16.805Z","updated_at":"2025-09-09T03:48:16.805Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278391728,"owners_count":25979058,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-04T02:00:05.491Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud-native","edge","kubernetes","secret-management","secrets-manager","security","spiffe","spire","zero-trust"],"created_at":"2025-10-05T00:14:17.103Z","updated_at":"2025-10-05T00:14:22.267Z","avatar_url":"https://github.com/vmware.png","language":"Go","readme":"## **VMware Secrets Manager** *for cloud-native apps*\n\n![VSecM Logo](https://github.com/vmware/secrets-manager/assets/1041224/885c11ac-7269-4344-a376-0d0a0fb082a7)\n\n## ⚠️ Important: v2.0.0 Work in Progress\n\nA major architectural redesign is underway in the \n[`feature/v2.0.0-preview`](https://github.com/vmware/secrets-manager/tree/feature/v2.0.0-preview) \nbranch. **This `v2.0.0-preview` branch is currently non-functional \nand under heavy development**.\n\n### Current Status\n\n* **v0.x**: This version is now in **maintenance mode** and will only receive \n  security updates.\n* **v2.0.0**: Early development phase.\n\n### What's Coming in v2\n\nThe v2 release will completely transform VSecM by integrating \n[SPIKE](https://spike.ist) as the backend storage engine:\n* Replace the secrets backing store with [SPIKE](https://spike.ist/)\n* Transform **VSecM** into a lifecycle manager and orchestration layer\n* Enhanced SPIFFE-native architecture\n* Future UI and fleet management capabilities\n\n### For Users\n\n- **All users**: Continue using v0.x---it remains stable and will receive \n  security patches\n- **v2.0.0 timeline**: TBD---this is a major rewrite and will take time\n- **Contributing**: If you're interested in the v2 architecture, watch the \n  preview branch but note it's not ready for contributions yet. We will\n  inform the community when the codebase is ready for contributions.\n\n### Note\n\nThe v2 branch exists for development purposes only. **Do not attempt to use \nit**---it's a work in progress, and nothing is functional yet. We'll announce \nwhen there's something ready to test.\n\nThank you for your understanding and continued support.\n\n----\n\n**Below is the v0.x README**:\n\n----\n\n## About\n\n**VMware Secrets Manager** (*VSecM*) redefines secrets management \nfor cloud native apps.\n\nBy using **VSecM** you can `#sleepmore` while keeping your secrets… secret.\n\nWant to get started quickly? [Check out our quickstart tutorial][quickstart].\n\n🐢⚡️\n\n---\n\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/7793/badge)](https://www.bestpractices.dev/projects/7793)\n[![Version](https://img.shields.io/github/v/release/vmware-tanzu/secrets-manager?color=blueviolet)](https://github.com/vmware/secrets-manager/releases)\n[![Contributors](https://img.shields.io/github/contributors/vmware-tanzu/secrets-manager.svg?color=orange)](https://github.com/vmware/secrets-manager/graphs/contributors)\n[![Slack](https://img.shields.io/badge/slack-vsecm-brightgreen.svg?logo=slack)](https://join.slack.com/t/a-101-103-105-s/shared_invite/zt-287dbddk7-GCX495NK~FwO3bh_DAMAtQ)\n[![Twitch](https://img.shields.io/twitch/status/vadidekivolkan)](https://twitch.tv/vadidekivolkan)\n[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/vsecm)](https://artifacthub.io/packages/helm/vsecm/vsecm)\n[![License](https://img.shields.io/github/license/vmware-tanzu/secrets-manager)](https://github.com/vmware/secrets-manager/blob/main/LICENSE)\n[![Go Report Card](https://goreportcard.com/badge/github.com/vmware/secrets-manager)](https://goreportcard.com/report/github.com/vmware/secrets-manager)\n[![Go Coverage](https://github.com/vmware/secrets-manager/wiki/coverage.svg)](https://raw.githack.com/wiki/vmware-tanzu/secrets-manager/coverage.html)\n[![Using Better Commits](https://img.shields.io/badge/better--commits-enabled?style=for-the-badge\u0026logo=git\u0026color=a6e3a1\u0026logoColor=D9E0EE\u0026labelColor=302D41)](https://github.com/Everduin94/better-commits)\n\n## The Elevator Pitch\n\n[**VMware Secrets Manager**](https://vsecm.com/) is a delightfully-secure \nKubernetes-native secrets store.\n\n**VMware Secrets Manager** (*VSecM*) keeps your secrets secret.\n\nWith **VMware Secrets Manager**, you can rest assured that your sensitive data \nis always **secure** and **protected**.\n\n**VMware Secrets Manager** is perfect for securely storing arbitrary \nconfiguration information at a central location and securely dispatching it to \nworkloads.\n\n## Tell Me More\n\n**VMware Secrets Manager** is a cloud-native secure store for secrets \nmanagement. It provides a minimal and intuitive API, ensuring practical security \nwithout compromising user experience.\n\n**VMware Secrets Manager** is resilient and **secure by default**, storing\nsensitive data in memory and encrypting any data saved to disk.\n\n[Endorsed by industry experts](https://vsecm.com/community/endorsements/),\n**VMware Secrets Manager** is a ground-up re-imagination of secrets management,\nleveraging [**SPIFFE**](https://spiffe.io/) for authentication and providing a\ncloud-native way to manage secrets end-to-end.\n\n## Getting Your Hands Dirty\n\nBefore trying **VMware Secrets Manager**, you might want to learn about its\n[architecture][architecture] and [design goals][design].\n\nOnce you are ready to start, [see the Quickstart guide][quickstart].\n\nOr, if you are one of those who \"*learn by doing*\", you might want to dig into \nthe implementation details later. If that's the case, you can directly jump to \nthe fun part and [follow the steps here][installation] to install\n**VMware Secrets Manager** to your Kubernetes cluster.\n\n## Dive Into Example Use Cases\n\nThere are several examples demonstrating **VMware Secrets Manager** sample use\ncases [inside the `./examples/` folder](./examples).\n\n## Container Images\n\nPre-built container images of **VMware Secrets Manager** components can be found\nat: \u003chttps://hub.docker.com/u/vsecm\u003e.\n\n## Build VMware Secrets Manager From the Source\n\n[You can also build **VMware Secrets Manager** from the source][build].\n\n## Status of This Software\n\n**VMware Secrets Manager** is under dynamic and progressive development.\n\nThe code we've officially signed and released maintains a\nhigh standard of stability and dependability. However, we do encourage\nit to be used in a production environment (*at your own risk--[see \nLICENSE](LICENSE)*).\n\nIt's important to note that, technically speaking, **VMware Secrets Manager**\ncurrently holds the status of an *alpha software*. This means that as we\njourney towards our milestone of `v1.0.0`, it's possible for changes to\noccur--both major and minor. While this might mean some aspects are not backward\ncompatible, it's a testament to our unwavering commitment to refining and\nenhancing **VMware Secrets Manager**.\n\nIn a nutshell, we are ceaselessly pushing the boundaries of what's possible \nwhile ensuring our software stays dependable and effective for production use.\n\n## 🦆🦆🦆 (*Docs*)\n\n* [Official documentation on **vsecm.com**][vsecm].\n* [Go Docs on **pkg.go.dev**][pkg-go-dev].\n\n## A Note on Security\n\nWe take **VMware Secrets Manager**'s security seriously. If you believe you have\nfound a vulnerability, please [**follow this guideline**][vuln]\nto responsibly disclose it.\n\n\n## A Tour Of VMware Secrets Manager\n\n[Check out this quickstart guide][quickstart] for an overview of\n**VMware Secrets Manager**.\n\n## Community\n\nOpen Source is better together.\n\nIf you are a security enthusiast, join these communities\nand let us change the world together 🤘:\n\n* [Join **VMware Secrets Manager**'s Slack Workspace][slack-invite]\n* [Join the **VMware Secrets Manager** channel on Kampus' Discord \n  Server][kampus]\n\n## Links\n\n### General Links\n\n* **Homepage and Docs**: \u003chttps://vsecm.com/\u003e\n* [**Changelog**][changelog]\n* **Community**:\n  * [Join **VMware Secrets Manage**'s Slack Workspace][slack-invite]\n  * [Join the **VMware Secrets Manager** channel on Kampus' Discord \n    Server][kampus]\n* [**Contact**][contact]\n\n### Guides and Tutorials\n\n* [**Installation and Quickstart**][quickstart]\n* [**Local Development Instructions**][use-the-source]\n* [**Developer SDK**][sdk]\n* [**CLI**][cli]\n* [**Architecture**][architecture]\n* [**Configuration**][configuration]\n* [**Production Deployment Tips**][production]\n\n## Installation\n\n[Check out this quickstart guide][quickstart] for an overview of **VMware \nSecrets Manager**, which also covers **installation** and **uninstallation** \ninstructions.\n\nYou need a **Kubernetes** cluster and sufficient admin rights on that cluster to\ninstall **VMware Secrets Manager**.\n\n## Usage\n\n[Here is a list of step-by-step tutorials][about] covers\nseveral usage scenarios that can show you where and how **VMware Secrets \nManager** could be used.\n\n## Architecture Details\n\n[Check out this **VMware Secrets Manager Deep Dive**][architecture] article for \nan overview of **VMware Secrets Manager** system design and how each component \nfits together.\n\n## Folder Structure\n\n\u003e *VSecM* == \"VMware Secrets Manager for Cloud-Native Apps\"\n\nHere are the important folders and files in this repository:\n\n* `./app`: Contains core **VSecM** components' source code.\n    * `./app/init_container`: Contains the source code for the **VSecM Init \n      Container**.\n    * `./app/inspector`: Contains the source code for the **VSecM Inspector**.\n    * `./app/keygen`: Contains the source code for the **VSecM Keygen**.\n    * `./app/keystone`: Contains the **VSecM KeyStone** source code.\n    * `./app/safe`: Contains the **VSecM Safe** source code.\n    * `./app/sentinel`: Contains the source code for the **VSecM Sentinel**.\n    * `./app/sidecar`: Contains the source code for the **VSecM Sidecar**.\n* `./ci`: Automation and CI/CD scripts.\n* `./lib`: Contains independent code that can be used in other projects too.\n* `./helm-charts`: Contains **VSecM** helm charts.\n* `./core`: Contains core modules shared across **VSecM** components.\n* `./dockerfiles`: Contains Dockerfiles for building **VSecM** container images.\n* `./examples`: Contains the source code of example use cases.\n* `./hack`: Contains scripts for building, publishing, development\n  , and testing.\n* `./k8s`: Contains Kubernetes manifests that are used to deploy **VSecM** and\n  its use cases.\n* `./sdk`: Contains the source code of the **VSecM Developer Go SDK**.\n* `./sdk-cpp`: Contains the source code of the **VSecM Developer C++ SDK**.\n* `./sdk-java`: Contains the source code of the **VSecM Developer Java SDK**.\n* `./sdk-python`: Contains the source code of the **VSecM Developer Python SDK**.\n* `./sdk-rust`: Contains the source code of the **VSecM Developer Rust SDK**.\n* `./docs`: Contains the source code of the **VSecM Documentation** website \n  (\u003chttps://vsecm.com\u003e).\n* `./CODE_OF_CONDUCT.md`: Contains **VSecM** Code of Conduct.\n* `./CONTRIBUTING_DCO.md`: Contains **VSecM** Contributing Guidelines.\n* `./SECURITY.md`: Contains **VSecM** Security Policy.\n* `./LICENSE`: Contains **VSecM** License.\n* `./Makefile`: The `Makefile` used for building,\n  publishing, deploying, and testing the project.\n\n## Branches\n\nThere are special long-living branches that the project maintains.\n\n* `main`: This is the source code that is in active development. We try out best\n  to keep it stable; however, there is no guarantees. We tag stable releases\n  off of this branch during every release cut.\n* `gh-pages`: This branch is where VSecM Helm charts are maintained.\n  [ArtifactHub][artifacthub] references this branch.\n* `docs`: This branch contains versioned documentation snapshots that we take  \n   during releases.\n* `tcx`: This is an internal \"experimental\" branch that is not meant for\n  public consumption.\n\n## Changelog\n\nYou can find the changelog and migration/upgrade instructions (*if any*)\non [**VMware Secrets Manager**'s Changelog Page][changelog].\n\n## Code Of Conduct\n\n[Be a nice citizen](CODE_OF_CONDUCT.md).\n\n## Contributing\n\nTo contribute to **VMware Secrets Manager**, \n[follow the contributing guidelines](CONTRIBUTING.md) to get started.\n\nUse GitHub issues to request features or file bugs.\n\n## Communications\n\n* [**Slack** is where the community hangs out][slack-invite].\n* [Send comments and suggestions to \n  **feedback@vsecm.com**](mailto:feedback@vsecm.com).\n\n## Maintainers\n\nCheck out the [Maintainers Page][maintainers] for a list \nof maintainers of **VMware Secrets Manager**.\n\nPlease send your feedback, suggestions, recommendations, and comments to\n[feedback@vsecm.com](mailto:feedback@vsecm.com).\n\nWe'd love to have them.\n\n## License\n\n[BSD 2-Clause License](LICENSE).\n\n[about]: https://vsecm.com/documentation/use-cases/about/ \"VSecM Use Cases\"\n[architecture]: https://vsecm.com/documentation/architecture/philosophy/ \"VMware Secrets Manager Architecture\"\n[artifacthub]: https://artifacthub.io/packages/helm/vsecm/vsecm \"VSecM Artifact Hub\"\n[build]: https://vsecm.com/documentation/development/use-the-source/ \"Building, Deploying, and Testing\"\n[changelog]: https://vsecm.com/timeline/changelog/ \"VSecM Changelog\"\n[cli]: https://vsecm.com/documentation/usage/cli/ \"VSecM CLI\"\n[configuration]: https://vsecm.com/documentation/configuration/overview/ \"VSecM Configuration\"\n[contact]: https://vsecm.com/community/contact/ \"Contact\"\n[design]: https://vsecm.com/documentation/architecture/philosophy/ \"VMware Secrets Manager Design Philosophy\"\n[docs]: https://vsecm.com/\n[installation]: https://vsecm.com/documentation/getting-started/installation/ \"Install VMware Secrets Manager\"\n[kampus]: https://discord.gg/kampus\n[maintainers]: https://vsecm.com/community/maintainers/ \"VSecM Maintainers\"\n[pkg-go-dev]: https://pkg.go.dev/github.com/vmware/secrets-manager \"VSecM Go Docs\"\n[production]: https://vsecm.com/documentation/production/overview/ \"VSecM Production Deployment\"\n[quickstart]: https://vsecm.com/documentation/getting-started/overview/ \"VSecM Quickstart\"\n[sdk]: https://vsecm.com/documentation/usage/sdk/ \"VSecM Developer SDK\"\n[slack-invite]: https://join.slack.com/t/a-101-103-105-s/shared_invite/zt-287dbddk7-GCX495NK~FwO3bh_DAMAtQ \"Join VSecM Slack\"\n[spire]: https://spiffe.io/ \"SPIFFE: Secure Production Identity Framework for Everyone\"\n[use-the-source]: https://vsecm.com/documentation/development/use-the-source/ \"Building, Deploying, and Testing\"\n[vsecm]: https://vsecm.com/ \"VMware Secrets Manager\"\n[vuln]: https://github.com/vmware/secrets-manager/blob/main/SECURITY.md \"VSecM Security Disclosure\"\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvmware%2Fsecrets-manager","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvmware%2Fsecrets-manager","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvmware%2Fsecrets-manager/lists"}