OpenBao

OpenBao

Website

Open source secrets management for keys, certificates, and tokens

RepositoryWebsite
5.2kstars
309forks
Last commit: 1d ago
Repo age: 3y old
OpenBao screenshot

OpenBao is an open source, community-driven secrets management system for securely managing sensitive data such as secrets, certificates, and cryptographic keys. It provides centralized access control and auditing to help teams control and track secret usage across applications and infrastructure.

Key Features

  • Encrypted key/value secret storage with pluggable storage backends
  • Dynamic secrets generation for supported systems with automatic expiration
  • Leasing, renewal, and revocation workflows to reduce long-lived credentials
  • Encryption-as-a-service (transit-style) for encrypt/decrypt without storing data
  • Unified ACL-based access control and identity-based authorization
  • Detailed audit logging for compliance and incident investigation

Use Cases

  • Centralize application configuration secrets (API keys, database credentials)
  • Issue short-lived credentials for databases or platforms and auto-revoke them
  • Provide a shared encryption service for applications handling sensitive data

Limitations and Considerations

  • Requires careful operational setup (unsealing, key management, and policy design) to avoid availability and access issues

OpenBao is well-suited for organizations that need a secure, auditable way to manage secrets at scale across modern infrastructure. It helps reduce credential sprawl by automating secret lifecycle management and enforcing consistent access policies.

Categories:

Secrets, Passwords & Vaults

Tags:

# Auth# ACL# Access Control# Audit Logging# Password Vault# Certificate Management# Encryption

Tech Stack:

JavaScriptJavaScriptGoGoPostgreSQLPostgreSQLDockerDockerTypeScriptTypeScriptSCSSSCSS
D
Docker Compose
H
Handlebars
H
HCL (HashiCorp Configuration Language)
Share:

Similar Services

Vaultwarden

Vaultwarden

Bitwarden-compatible password manager server written in Rust

53.6k
2.5k
Last commit: 3d ago

Vaultwarden is a lightweight, Bitwarden-compatible password manager server in Rust, designed for self-hosting with official Bitwarden clients.

Alternative to:
Bitwarden
Bitwarden+9
KeePassXC

KeePassXC

Cross-platform offline password manager using encrypted KDBX databases

25.5k
1.7k
Last commit: 1mo ago

KeePassXC is a secure, cross-platform password manager that stores credentials and sensitive notes in encrypted KeePass-compatible KDBX files with autofill and browser in...

Alternative to:
KeePassXC
KeePassXC+10
Infisical

Infisical

Open-source platform for secrets, PKI certificates, and privileged access

24.5k
1.7k
Last commit: 20h ago

Infisical is an open-source platform to manage and deliver app secrets, certificates (PKI), SSH credentials, and encryption keys across teams and infrastructure.

Alternative to:
HashiCorp Vault
HashiCorp Vault+9
Ente

Ente

End-to-end encrypted cloud for photos and 2FA

23.9k
1.4k
Last commit: 1d ago

Open-source, end-to-end encrypted platform for private photo backup, sharing, and authenticator (2FA) sync across devices, with optional self-hosting.

Alternative to:
Google Photos
Google Photos+14
Bitwarden

Bitwarden

Open-source password manager with zero-knowledge security and self-hosting.

17.9k
1.5k
Last commit: 16h ago

Bitwarden is an open-source password manager that stores, shares, and autofills credentials with zero-knowledge encryption; supports cloud or self-hosted deployments.

Alternative to:
1Password
1Password+9
Passbolt

Passbolt

Open-source password and secret manager for teams

5.6k
361
Last commit: 26d ago

Passbolt is an open-source, security-first password and secret manager for teams, with end-to-end encryption, granular sharing permissions, and auditing.

Alternative to:
Passbolt Cloud
Passbolt Cloud+11