What is Sesam?
sesam is a tool to manage secrets in git.
When developing and deploying software it is often required to store and load several secrets like database passwords, certificates or other credentials. Those should be stored encrypted and only the users requiring them should have access to them.
sesam allows leveled access with multiple users to those encrypted secrets and gives you a simple interface to manage both users and secrets.
The term user does not necessarily refer to a person. A user can also be a machine, like a server where sesam is installed.
You might think of a password manager now, which is not too far off. A password manager is usually targeted at managing an individual secrets, while a secret manager is focused on sharing some of those secrets with other users in a team and machines.
Features
- High integration with
git. - Declarative config as main interface.
- Different access levels through user groups.
- Secure - common crypto, minimal info leakage in rest.
- Familiarity to
gitusers. - Decentralized & offline ready.
- Safe to use (hard to accidentally push unencrypted secrets)
- Versioned - by wrapping git.
- Scriptable via CLI interface.
- Fast encryption and decryption.
- Almost zero dependencies.
- Support for rotation and exchange of secrets.
In short, sesam fits well the GitOps model of infrastructure.
Learning
How to use this manual:
- Go to Installation to grab your copy of
sesam. - Go to Basic Usage to walk through what it can do.
- Go to Advanced Usage if you need some more depth.
- Go to Reference if you need to look up things later on.