Secrets Management Tools

1Password — Secrets Management tool for developers

Aembit — workload identity and access management platform for non-human identities and API credentials.

Akeyless — SaaS secrets management vault with dynamic secrets, zero-knowledge encryption, and multi-cloud gateway sync.

Ansible Vault — built-in feature of Ansible for encrypting variables and files used in playbooks.

AWS Secrets Manager — Managed secrets service rotating RDS, Redshift, and custom credentials with KMS encryption and IAM policies.

Azure Key Vault — Managed HSM and secrets service storing keys, certificates, and connection strings with Azure AD access control.

Bitwarden — Open-source password and secrets manager with end-to-end encryption, SSO support, and self-hosting options.

Certbot — EFFs free tool to automatically obtain and renew Lets Encrypt TLS certificates.

Digital asset custody platform offering full custody, MPC and hybrid wallets with DeFi and exchange connectivity via API.

CyberArk Conjur — Enterprise secrets management platform with dynamic secrets, RBAC, and audit trails for DevOps pipelines.

Cycode — Software supply chain security platform scanning secrets, IaC, SCA, and SAST across the entire SDLC.

DigiCert — digital certificate provider for TLS, PKI, IoT, and code signing.

Dogtag PKI — open source certificate system developed as part of Red Hat Certificate System.

Doppler — Universal secrets manager syncing environment variables across clouds, CI pipelines, and local dev with team sharing.

Dotenv Vault — Encrypted secrets sync service for .env files enabling secure sharing across team members and CI environments.

EJBCA — open source certificate authority and PKI software by Keyfactor.

EnVault — lightweight environment variable manager for developer teams and CI/CD.

EnvKey — Secrets Management tool for developers. Specializes in environment management.

Exposed — Secure tunneling and secrets management tool for sharing local development environments with collaborators.

External Secrets — CI/CD for Applications tool for developers. Specializes in Secrets Management.

Fortanix — confidential computing platform with data security manager for keys, secrets, and tokenization.

GitGuardian — Secrets detection platform monitoring GitHub, GitLab, and Bitbucket commits for 350+ credential detector patterns.

GlobalSign — global certificate authority providing PKI, identity, and certificate lifecycle management.

Google Secret Manager — GCP-managed secrets service with versioning, IAM-based access, and audit logging for API keys and credentials.

HashiCorp Vault — Open-source secrets engine providing dynamic database credentials, PKI, and encryption-as-a-service APIs.

Infisical — Open-source secrets manager with end-to-end encryption, native SDK support, and GitHub Actions integration.

Keeper Security — Enterprise password manager and secrets vault with zero-knowledge encryption, SSO, and privileged session recording.

Keybase Teams — End-to-end encrypted team secrets, file sharing, and messaging using PGP-based identity verification.

Keyfactor — machine identity management and PKI-as-a-service for certificates and cryptographic keys.

KeyHippo — Secrets Management tool for developers. Specializes in api key management.

Lets Encrypt — free, automated, and open certificate authority by the Internet Security Research Group.

Localtunnel — Open-source tool exposing localhost ports over HTTPS for webhook testing and external API callback development.

Nitrokey — open source hardware security keys and HSMs for secrets, SSH, and certificates.

OpenBao — open source fork of HashiCorp Vault maintained by the Linux Foundation for secrets management.

OpenZiti — Open-source zero-trust overlay network embedding application-level security directly into the software fabric.

PassBolt — Open-source team password manager with GPG encryption, RBAC, and self-hosted deployment for organization sharing.

Password manager + SimpleLogin alias API (end-to-end encrypted).

Psono — open source password manager for teams with REST API and client-side encryption.

Pulumi ESC — Environments, Secrets, and Configuration service for managing and composing secrets across clouds and environments.

Self-custody MPC wallet platform using 3-of-3 key-shard architecture with open-source protocol libraries and developer APIs.

Secrets Store CSI Driver — Kubernetes SIG project to mount secrets from external vaults as volumes.

Sectigo — commercial certificate authority offering SSL, code signing, and PKI management.

Data privacy vault delivered as an API for PII, payments, and LLM data protection.

Smallstep — open source PKI, mutual TLS, and SSH certificate authority for zero-trust infrastructure.

SPIFFE/SPIRE — CNCF identity framework and reference implementation for workload identity across infrastructure.

TeamPass — open source collaborative password manager with granular access controls for teams.

Remote access + IoT connectivity with embedded SDK and Tensor developer APIs.

Payment HSM family securing card issuance, transaction processing, tokenization, and key management.

Trustify — open source PKI and certificate automation platform for internal and public TLS.

Ubiq Security — Secrets Management tool for developers. Specializes in encryption.

Unbound Security — MPC-based key management and cryptographic asset security acquired by Coinbase.

Vault (HashiCorp) — CI/CD for Applications tool for developers. Specializes in Secrets Management.

Venafi — machine identity management platform for certificates, keys, and SSH credentials at scale.

YubiHSM — compact, cost-effective hardware security module from Yubico for digital key storage.

ZeroSSL — free and paid SSL certificate provider with ACME support and REST API.