git-secrets alternatives

Looking for an alternative tool to replace git-secrets? During the review of git-secrets we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. git-crypt (encrypt sensitive data in Git repositories)
  2. DET (data loss prevention testing)
  3. gauntlt (attack framework for developers)

These tools are ranked as the best alternatives to git-secrets.

Alternatives (by score)

74

git-crypt

Introduction

This tools allows you to store your secrets (such as keys or passwords) in the same repository as your code.

Project details

git-crypt is written in C++.

Strengths and weaknesses

  • + More than 10 contributors
  • + More than 3000 GitHub stars
  • + The source code of this software is available

    Typical usage

    • Data encryption

    git-crypt review

    64

    DET

    Introduction

    This tool can be used to identify possible DLP failures. It uses different data exfiltration techniques, which could (or not) trigger a DLP solution.

    Project details

    DET is written in Python.

    Strengths and weaknesses

    • + The source code of this software is available
    • - No releases on GitHub available

    Typical usage

    • Learning
    • Penetration testing

    DET review

    74

    gauntlt

    Introduction

    Gauntlt allows you to run different attacks on your code with the goal to build better software and withstand the biggest threats in existence.

    Project details

    gauntlt is written in Ruby.

    Strengths and weaknesses

    • + More than 10 contributors
    • + More than 500 GitHub stars
    • + The source code of this software is available

      Typical usage

      • Code analysis

      gauntlt review

      60

      GitMiner

      Introduction

      GitMiner is a tool to scan for sensitive data that is leaked via software repositories. Examples of sensitive data are authentication details such as passwords or connection settings.

      Project details

      GitMiner is written in Python.

      Strengths and weaknesses

      • + More than 1000 GitHub stars
      • + The source code of this software is available

        Typical usage

        • Asset discovery
        • Discovery of sensitive information
        • Information leak detection

        GitMiner review

        85

        AIL framework

        Introduction

        AIL is a modular framework which helps to analyze potential information leaks. The framework is flexible and supports different kinds of data formats and sources. For example, one of the sources is the collection of pastes from Pastebin. A tool like AIL is commonly used to detect or even prevent data leaks.

        Project details

        AIL framework is written in Python.

        Strengths and weaknesses

        • + More than 10 contributors
        • + The source code of this software is available

          Typical usage

          • Data extraction
          • Data leak detection
          • Information leak detection
          • Security monitoring

          AIL framework review

          64

          DNSteal

          Introduction

          DNSteal allows you to extract files from a machine through DNS requests. This can be used to circumvent security measures and test them against data leakage. The tool supports compression and allows for multiple files to be transferred.

          Project details

          DNSteal is written in Python.

          Strengths and weaknesses

          • + More than 500 GitHub stars
          • + The source code of this software is available
          • - No releases on GitHub available
          • - Full name of author is unknown

          Typical usage

          • Application security
          • Data hiding

          DNSteal review

          85

          gitleaks

          Introduction

          Gitleaks scans the repository, including history, for secrets and other sensitive data. This can be useful for both developers as security professionals to discover any leaks.

          Project details

          gitleaks is written in Golang.

          Strengths and weaknesses

          • + More than 10 contributors
          • + More than 3000 GitHub stars
          • + The source code of this software is available

            Typical usage

            • Security assessment

            gitleaks review

            68

            BlackBox

            Introduction

            Typically you do not want to store any secrets in a software repository or version control system repository. However when there is still a need to give people access to sensitive parts, then BlackBox helps to do this in a more secure way.

            Project details

            BlackBox is written in shell script.

            Strengths and weaknesses

            • + More than 50 contributors
            • + More than 4000 GitHub stars
            • + The source code of this software is available

              Typical usage

              • Password management
              • Secure storage

              BlackBox review

              93

              Acra

              Introduction

              Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.

              Project details

              Acra is written in Golang, Node.js, Objective-C, PHP, Python, Ruby.

              Strengths and weaknesses

              • + Commercial support available
              • + The source code of this software is available

                Typical usage

                • Data encryption
                • Data leak prevention
                • Data security
                • Vulnerability mitigation

                Acra review

                64

                BuQuikker

                Introduction

                BuQuikker is a security tool to scan the Amazon S3 storage service. Its goal is to find open and unprotected S3 buckets.

                Project details

                BuQuikker is written in Python.

                Strengths and weaknesses

                • + The source code of this software is available

                  Typical usage

                  • Data leak detection
                  • Security assessment

                  BuQuikker review

                  85

                  SMBMap

                  Introduction

                  SMBMap allows scanning of file resources that are shared with the SMB protocol. The tool will list share drives, drive permissions, the share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. The tool was created for pentesters to simplify finding sensitive data, or at least test for it.

                  Project details

                  SMBMap is written in Python.

                  Strengths and weaknesses

                  • + The source code of this software is available

                    Typical usage

                    • Data leak detection
                    • Information gathering
                    • Penetration testing

                    SMBMap review

                    60

                    Gitrob

                    Introduction

                    Especially open source developers may share their code in a public repository like GitHub. This is a great way to collaborate between the developer(s) and the community. The risk of sharing code is that sensitive data is part of the repository and uploaded by accident. GitRob helps to detect this kind of accidental leaks.

                    Project details

                    Gitrob is written in Ruby.

                    Strengths and weaknesses

                    • + More than 1000 GitHub stars
                    • + The source code of this software is available

                      Typical usage

                      • Data leak prevention
                      • Information gathering
                      • Penetration testing
                      • Security assessment

                      Gitrob review

                      60

                      jak

                      Introduction

                      Typically developers may want to store some secrets, like authentication details, in in their repository. With jak this can happen in a slightly more secure way, by encrypting the data.

                      Project details

                      jak is written in Python.

                      Strengths and weaknesses

                      • + The source code of this software is available

                        Typical usage

                        • Data encryption

                        jak review

                        70

                        pastemon

                        Introduction

                        Tool like pastemon can detect specific texts on the Pastebin website, like corporate information or sensitive information. It can be used as an early warning system or detect compromises in your environment.

                        Project details

                        pastemon is written in Perl.

                        Strengths and weaknesses

                        • + The source code of this software is available
                        • - Unknown project license

                        Typical usage

                        • Security monitoring

                        pastemon review

                        64

                        Aletheia

                        Introduction

                        Aletheia is a project to manage secrets in Google Cloud with CloudKMS and Cloud Storage. It can be used to store sensitive data like authentication details.

                        Project details

                        Aletheia is written in Python.

                        Strengths and weaknesses

                        • + The source code of this software is available
                        • - Minimal or no documentation available
                        • - No releases on GitHub available

                        Typical usage

                        • Data security
                        • Secure storage

                        Aletheia review

                        100

                        Buttercup for desktop

                        Introduction

                        The typical users have at least a multitude of ten when it comes to passwords. Ensuring that every website has a unique password and remembering, is almost impossible. Passwords managers like Buttercup help with the generation and secure storage of these secrets. It is freely available and open source, making it a good alternative for commercial options.

                        Project details

                        Buttercup for desktop is written in Node.js.

                        Strengths and weaknesses

                        • + More than 10 contributors
                        • + More than 1000 GitHub stars
                        • + The source code of this software is available

                          Typical usage

                          • Password management

                          Buttercup for desktop review

                          81

                          Confidant

                          Introduction

                          Most applications with a connection to a database or other software component, need some form of authentication. Often the related credentials are stored in a configuration file. A secret manager like Confidant will provide an alternative, by storing the details in a database. Only applications that need to access the secrets are allowed to obtain them. Often system administrators are denied access to them.

                          Project details

                          Confidant is written in Python.

                          Strengths and weaknesses

                          • + More than 1000 GitHub stars
                          • + The source code of this software is available
                          • + Supported by a large company

                            Typical usage

                            • Secrets management
                            • Secure storage

                            Confidant review

                            100

                            KeeWeb

                            Introduction

                            Password managers help to store sensitive data. This may include passwords, secret questions with their answers, or other private information.

                            Project details

                            KeeWeb is written in JavaScript.

                            Strengths and weaknesses

                            • + More than 25 contributors
                            • + More than 6000 GitHub stars
                            • + Many releases available
                            • + The source code of this software is available
                            • - Full name of author is unknown

                            Typical usage

                            • Password management

                            KeeWeb review

                            64

                            TeamVault

                            Introduction

                            Storing passwords within a team security can be a challenging task. TeamVault is a password manager with the goal to be easy to use, flexible, and adhering to several security principles. These include a solid base for the data encryption, support for folders, and role-based access control (RBAC).

                            Project details

                            TeamVault is written in Python.

                            Strengths and weaknesses

                            • + The source code of this software is available
                            • - No releases on GitHub available

                            Typical usage

                            • Password management
                            • Secrets management

                            TeamVault review

                            97

                            Vault

                            Introduction

                            Vault is a secret management tool created by HashiCorp. It allows storing secrets, such as key/value pairs, AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH credentials, and other sensitive details. These secrets are typically used by software components and scripts. The benefit of using a secret management tool is that they no longer need to be stored in configuration files. Main features include leasing, key revocation, key rolling, and auditing.

                            Project details

                            Vault is written in Golang.

                            Strengths and weaknesses

                            • + More than 500 contributors
                            • + More than 9000 stars
                            • + The source code of this software is available

                              Typical usage

                              • Password management
                              • Secrets management
                              • Secure storage

                              Vault review

                              Some relevant tool missing as an alternative to git-secrets? Please contact us with your suggestion.