Best Free Secrets Management Software

SharePass is a SaaS Secret Management platform that allows sharing and managing secrets and confidential information using a web application, extension, or mobile app. SharePass works with encrypted links transmitted from the sender to the receiver with various settings and flags. The settings include expiry restriction, availability, IP restrictions and an entire filtering funnel (patent pending). SharePass is platform-independent that can be used with your existing communication tools. When it comes to your privacy, SharePass or any of its employees cannot see the content of your secrets; the secrets can be seen only by the exchanging parties. SharePass meets the latest cybersecurity compliance and regulations. In the era of identity theft, SharePass will protect you and prevent your data from leaking to the dark web by eliminating your digital footprint. SharePass supports SSO with Office365, Google Workspace, MFA, and integration with Yubikeys for maximum security.

GitGuardian is an end-to-end NHI security platform that empowers software-driven organizations to enhance their Non-Human Identity (NHI) security and comply with industry standards. With attackers increasingly targeting NHIs, such as service accounts and applications, GitGuardian integrates Secrets Security and NHI Governance. This dual approach enables the detection of compromised secrets across your dev environments while also managing non human identities and their secrets lifecycle. The platform supports over 450+ types of secrets, offers public monitoring for leaked data, and deploys honeytokens for added defense. Trusted by over 600,000 developers, GitGuardian is the choice of leading organizations like Snowflake, ING, BASF and Bouygues Telecom for robust secrets protection.

Onboardbase is the a secret management infrastructure platform that provides single source of shared truth for app secrets and usage. It helps dev teams securely share and work with environment-specific configs at every development stage, synced across infrastructure without compromising security - this means development teams can focus on building great apps rather than managing secrets and data. Secrets are dynamically kept up to date across your environments and infrastructure, with 50+ integrations and growing. Dev teams can monitor and audit how long, where and when your secrets are used and revoke usage anywhere with a click. Powerful always-on codebase scanning features prevent developers from accidentally leaking secrets to production, maintaining a robust security model.

Strongbox provides best in class secure password management helping you keep your data secret. Protecting you from digital attacks by using recognized best practices, military grade cryptography, and industry standard formats. Strongbox not only secures your data but provides a beautiful native experience on iPhones, iPad’s and Macs. The ultimate KeePass iOS password manager. Strongbox is a native App on both iOS and MacOS platforms. This means it looks and feels just like an App should. Designed with Apple’s human interface guidelines in mind and using standard UI paradigms, controls, colours and integrations, Strongbox just feels native. AutoFill integration means you never have to leave Safari or your other Apps to fill in a password, just tap the Strongbox suggestion above your keyboard, authenticate and you’re done. Use Face ID to automatically unlock your database, being secure has never been so convenient.

Upgrade security throughout the stack with a unified secrets management platform that every engineer can use – from admin to intern. Putting passwords and API keys in source code creates a security risk. But handling them properly creates complexity that makes it extremely cumbersome to deploy. Git, Slack, and email are designed to share information, not to keep secrets. Copy-pasting values and waiting on that one admin who holds all the keys simply don't scale when you're deploying software multiple times a week. It's impossible to track who accessed what secrets at what time, making compliance audits a nightmare. Eliminate secrets in source code by replacing plaintext values with a reference to the secret. SecretHub then automatically loads secrets into your app the moment it starts. Use the CLI to encrypt and store secrets and then simply tell the code where to look for the secret. Your code is now free of secrets and can be shared with everyone on your team.

The link can only be opened once. This ensures nobody has opened it before the recipient and nobody can open it again afterward. The encrypted secret is deleted from our database when it has been viewed. There's no way to view it again. Sending secrets in plain text exposes them to threats even after the message has been long forgotten. Using a one-time link ensures that there are no valid credentials lying around in email inboxes or archived instant messages. Half of the encryption key is stored in the link itself and never seen by us or anyone else. Viewing the secret is not possible without the original link. Using our service you can create a one-time link to the credentials and be sure nobody sees them before the recipient. You can also configure notifications to be sent via different channels so you know when the credentials have been viewed, and by who.

Hemmelig lets you share secrets securely with encrypted messages that automatically self-destruct after being read. Paste a password, confidential message, or private data. Ensure your sensitive data remains encrypted, secure, and confidential. The secret link, by default, is a one-time use only, after which it will vanish. Hemmelig, [he`m:(ə)li], means secret in Norwegian.

Configuration as a code. Pipelines are configured with a simple, easy‑to‑read file that you commit to your git repository. Each pipeline step is executed inside an isolated Docker container that is automatically downloaded at runtime. Any source code manager. Drone integrates seamlessly with multiple source code management systems, including GitHub, GitHubEnterprise, Bitbucket, and GitLab. Any platform. Drone.io natively supports multiple operating systems and architectures, including Linux x64, ARM, ARM64 and Windows x64. Any language. Drone works with any language, database or service that runs inside a Docker container. Choose from thousands of public Docker images or provide your own. Create and share plugins. Drone uses containers to drop pre‑configured steps into your pipeline. Choose from hundreds of existing plugins, or create your own. Drone makes advanced customization easy. Implement custom access controls, approval workflows, secret management, yaml syntax extensions& more.

Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API. Secure applications and systems with machine identity and automate credential issuance, rotation, and more. Enable attestation of application and workload identity, using Vault as the trusted authority. Many organizations have credentials hard coded in source code, littered throughout configuration files and configuration management tools, and stored in plaintext in version control, wikis, and shared volumes. Safeguarding and ensuring that a credentials isn’t leaked, or in the likelihood it is, that the organization can quickly revoke access and remediate, is a complex problem to solve.

Akeyless is a cloud-native SaaS platform that secures the entire lifecycle of machine identities, credentials, certificates, and keys, eliminating complex and burdensome vault management, resulting in up to a 70% reduction in costs. The platform uses Distributed Fragments Cryptology (DFC™) to ensure zero knowledge—secrets are created as distributed fragments in the cloud and never found in one place. Akeyless is fast to deploy, requires no maintenance, is built for automation, and offers infinite scaling capabilities regardless of the number of environments, regions, or clouds, leading to a 270% higher adoption rate compared to vaults. Akeyless also strengthens AI pipelines from end to end by centralizing authentication, secrets management, certificate automation, and policy enforcement so AI agents can work securely and efficiently without relying on embedded credentials.

Keywhiz is a system for managing and distributing secrets. It can fit well with a service oriented architecture (SOA). Here is an overview in presentation format. Common practices include putting secrets in config files next to code or copying files to servers out-of-band. The former is likely to be leaked and the latter difficult to track. Keywhiz makes managing secrets easier and more secure. Keywhiz servers in a cluster centrally store secrets encrypted in a database. Clients use mutually authenticated TLS (mTLS) to retrieve secrets they have access to. Authenticated users administer Keywhiz via CLI. To enable workflows, Keywhiz has automation APIs over mTLS. Every organization has services or systems that require secrets. Secrets like TLS certificates/keys, GPG keys, API tokens, database credentials. Keywhiz is reliable and used in production, however occasional changes may break API backward compatibility.

Knox is a secret management service. Knox is a service for storing and rotation of secrets, keys, and passwords used by other services. Pinterest has a plethora of keys or secrets doing things like signing cookies, encrypting data, protecting our network via TLS, accessing our AWS machines, communicating with our third parties, and many more. If these keys become compromised, rotating (or changing our keys) used to be a difficult process generally involving a deploy and likely a code change. Keys/secrets within Pinterest were stored in git repositories. This means they were copied all over our company's infrastructure and present on many of our employees laptops. There was no way to audit who accessed or who has access to the keys. Knox was built to solve these problems. Ease of use for developers to access/use confidential secrets, keys, and credentials. Confidentiality for secrets, keys, and credentials. Provide mechanisms for key rotation in case of compromise.

Stop struggling with scattered API keys, hacking together home-brewed configuration tools, and avoiding access controls. Give your team a single source of truth with Doppler. The best developers automate the pain away. Create references to frequently used secrets in Doppler. Then when they need to change, you only need to update them once. Your team's single source of truth. Organize your variables across projects and environments. The scary days of sharing secrets over Slack, email, git, zip files, are over. After adding a secret, your team and their apps have it instantly. Like git, the Doppler CLI smartly knows which secrets to fetch based on the project directory you are in. Gone are the futile days of trying to keep ENV files in sync! Practice least privilege with granular access controls. Reduce exposure when deploying with read-only service tokens. Contractor needs access to just development? Easy!

Password Pusher is a tool used for sharing passwords and other sensitive information with other people securely. With Password Pusher, you can create a unique, one-time URL that will expire after a certain amount of time or after it has been accessed a certain number of times, ensuring that your information remains private and secure. It is often used by individuals and organizations to share login credentials or other sensitive data with colleagues, clients, or partners. Password Pusher is a simple and convenient solution for securely sharing passwords without the need for email or other less secure communication methods.