A system for distributing and managing secrets, now deprecated in favor of HashiCorp Vault.
Keywhiz is a secrets management system developed by Square for securely distributing and managing sensitive infrastructure secrets like API keys, certificates, and database credentials. It provides centralized storage with fine-grained access controls and automated distribution to authorized services. The project is now deprecated and the maintainers recommend using HashiCorp Vault as a more robust alternative.
DevOps engineers and infrastructure teams who need to manage secrets across distributed systems and microservices architectures.
Keywhiz offers a production-tested approach to secrets management with strong access controls, audit capabilities, and automated distribution. It was designed specifically for infrastructure secrets with a focus on security and operational simplicity.
A system for distributing and managing secrets
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
Securely stores secrets in an encrypted database with fine-grained access controls, ensuring secrets are protected throughout their lifecycle as described in the features.
Includes the Keysync client for synchronizing secrets to local systems without manual intervention, automating delivery to authorized services.
Tracks all secret access and modifications for security compliance, supporting regulated environments with detailed audit trails.
Developed and used by Square in production, indicating robustness for managing infrastructure secrets in real-world scenarios.
Explicitly marked as deprecated since September 2023 with no further updates, bug fixes, or security patches, making it risky for long-term use.
Requires Java 11, MySQL 5.7 or higher, and Maven for building and running, adding operational overhead and potential compatibility issues.
Compared to alternatives like HashiCorp Vault, it lacks active community support, plugins, and integrations with cloud-native tools.
Setup involves multiple steps such as initializing the database, adding users, and configuring trust stores, which can be error-prone and time-consuming.
Keywhiz is an open-source alternative to the following products: