Quick Start

Getting Started

Pick a tool and get secrets management running in your environment in under an hour.

HashiCorp Vault

# Install and start in dev mode brew install vault vault server -dev # Store a secret export VAULT_ADDR='http://127.0.0.1:8200' vault kv put secret/myapp db_pass=s3cur3 # Retrieve it vault kv get secret/myapp

Dev mode is for testing only. For production, configure storage backend (Raft, Consul), enable TLS, and initialize with unseal keys.

Read the full tutorial →

AWS Secrets Manager

# Create a secret aws secretsmanager create-secret \ --name myapp/db_pass \ --secret-string "s3cur3" # Retrieve it in your app aws secretsmanager get-secret-value \ --secret-id myapp/db_pass

Enable automatic rotation with a Lambda function. Use IAM policies to restrict which services and roles can access each secret.

Read the full tutorial →

Infisical

# Install the CLI brew install infisical/get-cli/infisical # Login and initialize infisical login infisical init # Inject secrets into any process infisical run -- npm run dev

Infisical injects secrets as environment variables at runtime. Works with any language or framework. Dashboard provides team-level access control.

Read the full tutorial →