Whispr: Open-source multi-vault secret injection tool
Whispr is an open-source CLI tool designed to securely inject secrets from secret vaults, such as AWS Secrets Manager and Azure Key Vault, directly into your application’s environment. This enhances secure local software development by seamlessly managing sensitive information.
Whispr key features
- Safe secret injection: Fetch and inject secrets from your desired vault using HTTPS, SSL encryption, and strict CERT validation.
- Just In Time (JIT) privilege: Set environment variables for developers only when they’re needed.
- Secure development: Eliminate plain-text secret storage and ensure a secure development process.
- Customizable configurations: Configure project-level settings to manage multiple project secrets.
- No custom scripts required: Whispr eliminates the need for custom bash scripts or cloud CLI tools to manage secrets, making it easy to get started.
- Easy installation: Cross-platform installation with PyPi.
Future plans and download
“I created Whispr to improve the developer experience for local software development without storing app secrets in plain text files. Future versions will support AWS parameter store and other equivalents but also take security to the next level by passing secrets as a standard input (instead of environment variables),” Naren Yellavula, the creator of Whispr, told Help Net Security.
Whispr is available for free on GitHub.
Must read:
- 33 open-source cybersecurity solutions you didn’t know you needed
- 20 free cybersecurity tools you might have missed
- 15 open-source cybersecurity tools you’ll wish you’d known earlier
- 20 essential open-source cybersecurity tools that save you time