Keywhiz vs SecretHub: What are the differences?
What is Keywhiz? A system for distributing and managing secrets. Keywhiz is a secret management and distribution service that is now available for everyone. Keywhiz helps us with infrastructure secrets, including TLS certificates and keys, GPG keyrings, symmetric keys, database credentials, API tokens, and SSH keys for external services — and even some non-secrets like TLS trust stores. Automation with Keywhiz allows us to seamlessly distribute and generate the necessary secrets for our services, which provides a consistent and secure environment, and ultimately helps us ship faster.
What is SecretHub? Keep passwords and other secrets out of IT automation scripts. All software needs secrets to access other resources: encryption keys, API tokens, database passwords. Helps teams deploy those application secrets to any cloud with a secure, automatic and reproducible deployment process.
Keywhiz and SecretHub belong to "Secrets Management" category of the tech stack.
Some of the features offered by Keywhiz are:
- Keywhiz Server provides JSON APIs for accessing and managing secrets. It is written in Java and based on Dropwizard.
- KeywhizFs is a FUSE-based file system, providing secrets as if they are files in a directory. Transparently, secrets are retrieved from a Keywhiz Server using mTLS with a client certificate.
- Presenting secrets as files makes Keywhiz compatible with nearly all software. Outside of Keywhiz administration, consumers of secrets only have to know how to read a file.
On the other hand, SecretHub provides the following key features:
- Secure Secret Sharing
- Centralises Secrets
- High availability
Keywhiz is an open source tool with 2.09K GitHub stars and 166 GitHub forks. Here's a link to Keywhiz's open source repository on GitHub.