Whispr: Open-source multi-vault secret injection tool

Whispr is an open-source CLI tool designed to securely inject secrets from secret vaults, such as AWS Secrets Manager and Azure Key Vault, directly into your application’s environment. This enhances secure local software development by seamlessly managing sensitive information.

secret injection

Whispr key features

  • Safe secret injection: Fetch and inject secrets from your desired vault using HTTPS, SSL encryption, and strict CERT validation.
  • Just In Time (JIT) privilege: Set environment variables for developers only when they’re needed.
  • Secure development: Eliminate plain-text secret storage and ensure a secure development process.
  • Customizable configurations: Configure project-level settings to manage multiple project secrets.
  • No custom scripts required: Whispr eliminates the need for custom bash scripts or cloud CLI tools to manage secrets, making it easy to get started.
  • Easy installation: Cross-platform installation with PyPi.

Future plans and download

“I created Whispr to improve the developer experience for local software development without storing app secrets in plain text files. Future versions will support AWS parameter store and other equivalents but also take security to the next level by passing secrets as a standard input (instead of environment variables),” Naren Yellavula, the creator of Whispr, told Help Net Security.

Whispr is available for free on GitHub.

Must read:

OPIS OPIS


Don't miss