Skip to content

Top New Best Ask Show Jobs

Show HN: Garnet – a developer-friendly, open-source secrets manager | Better HN

Show HN: Garnet – a developer-friendly, open-source secrets manager (opens in new tab)

(usegarnet.com)

45 pointsfkjadoon944y ago31 comments

31 comments

bogota4y ago

Do you have a comparison of this to open source vault? The biggest issue with secret managers isn’t storage though its authenticating clients. Does this support auth via IAM, k8s, okta, ldap, sso providers?

fkjadoon94OP4y ago

Very valid point - the main problem to solve here isn't storage and encryption. We think the clouds do a great job for that, hence our self-hosted approach.

It’s important to note that the goal here is not to replace Vault. Vault pioneered a lot of best practices in this space, which we build on top of. The gap we want to fill is of complexity and developer-experience, while playing well with existing tools, as stated.

Re: identity – it’s on our immediate roadmap to integrate with identity providers (similar to Vault). We offer a similar model of pluggable secrets backends inspired by Vault (currently supporting DB’s such as Postgres and Mongo). If you want to use your existing SSO provider, our private enterprise beta comes with WorkOS integration. Please reach out at support@usegarnet.com if you’re interested, and we’d love to talk more about your specific needs!

I don't think its a good idea on take on Vault's complexity. One of the value props i see here is the simplicity of using 'garnet run <scope> -- <executable>' which is something you don't get in Vault unless you write a wrapper (although envconsul provides a similar abstraction: https://github.com/hashicorp/envconsul).

bogota4y ago

This post is full of bots. All the original posts are by accounts that are new and the comments are very shallow.

umarsikander4y ago

These are not fake accounts, but actual developers in our community who have been using Garnet. While a couple of these accounts could be newly created (as not everyone has a HN account, and we announced the launch in our community forum), all comments are actual, and anyone is free to share their opinion on the project (negative or positive). We’d really appreciate if you don’t sabotage the post by responding on every comment, but would love to hear your actual feedback.

bogota4y ago

No need to double post please answer in the other thread.

edunteman4y ago

I've been using this product for a month now, in production for my startup. It's been helpful with my secrets but my favorite use case is using it instead for endpoint storage for service discovery across my dev, staging, and prod phases. I really like the flag-based approach to jump easily between dev, staging, and prod without any code changes. Also works nicely with my PaaS (Zeet), and the Garnet team has been impressively responsive with integration guides and feature requests. It's worth checking out.

fkjadoon94OP4y ago

Managing secrets is critical in this day and age for individuals and organizations of all kinds and sizes. Many developers currently find it painful to manage their app configurations and secrets, and this pain grows with stack complexity and team size. This makes building and deploying manual, time-consuming and insecure.

Today there are great solutions in this space, however, from our personal experience as developers, we have felt that existing solutions are either:

1) Too complex to set up and operate for the everyday developer

2) Tied to cloud-providers and don’t work well cross-platform

3) Pure SaaS solutions don’t play well with trust and reliability

Because of this, engineers end up writing custom wrappers around existing tools to solve developer experience and integrations with their stack.

Garnet is a developer-focused, open-source secrets manager which can be easily self-hosted on your own infrastructure. We aim to provide a single source of truth for configs and secrets across your tools, apps, environments and teams while delivering a great developer-experience through features like rich audit logs and versioning, granular access controls, notifications and native integrations with existing secrets and config management systems.

Garnet wants to solve this problem from a developer-first point of view, and we want to work with the community to elevate configurations as a first-class citizen in a developer’s workflow.

We’re actively looking for feedback and contributions! Please star and check out our GitHub repo to read more on what we’re building: https://github.com/garnet-labs/garnet-oss

bogota4y ago

Hello can you please stop creating fake accounts with the purpose of boosting your post here. This is otherwise something interesting but im immediately turned off from ever even looking at it if this is how you try and promote your product.

It is plausible that some of these new accounts were made in response to this post, but I don't think its fair to blame the project's developers for it as it isn't necessarily in their control. It seems like they are seeking feedback from the community and there doesn't seem to be a commercial plug here.

umarsikander4y ago

These are not fake accounts, but actual developers in our community who have been using Garnet. While a couple of these accounts could be newly created (as not everyone has a HN account, and we announced the launch in our community forum), all comments are actual, and anyone is free to share their opinion on the project (negative or positive). We’d really appreciate if you don’t sabotage the post by responding on every comment, but would love to hear your actual feedback.

Ammankhan74y ago

Creative concept in the domain of DevOps is found at Garnet. I have easily configured my API. The experts deeply explained things really well. Being provided the things on single sign-on has reducing the developer efforts. Multiple instance creation for single user is much appreciated. Moreover, I would recommend to all developers to must taste the flavor of garnet.

hash754y ago

I have been working with azure key vault for the past year and have definitely felt the need for a secrets manager that's more developer focused and easy to use. Most secret managers out there are tied to cloud service providers and do not take a holistic view of the problem. Glad to see the focus is shifting towards a more generalistic solution

bogota4y ago

This account was made 6 minutes ago.

hash754y ago

Hi Bogota,

Yes i created my account 6 mins ago but i am not exactly sure why this is so concerning. I have been part of the beta testers for garnet and am currently an experienced infrastructure engineer with experience in both azure and aws. I created my account to provide insights on this post as i have already used the product.

Cool. I’ve been using AWS secrets manager for a while now, and though it serves as a great store for secrets, the developer experience hasn’t been great for our team due to which we’ve resorted to writing an in-house wrapper around it. A simple-to-use, self-hosted solution makes a ton of sense -- excited to give it a spin!

saadrayman4y ago

Gamechanger

This is such a great idea. Looking forward to testing it out myself.

Being an open-source manager, this provides the perfect, user-friendly solution to many developer woes.

bogota4y ago

How does being open source make this user friendly? Vault is open source as well and has a lot more features and documentation

fkjadoon94OP4y ago

I believe the goal here isn't to replace Vault, but offer a developer focused solution for environment variable management. While Vault can be used to store env variables, its more geared towards managing infra secrets for the ops/sre persona.

dwgetjwehg4y ago

I've run into these exact pains in managing secrets with my team and am very happy that Garnet provides an easy and appealing solution. Their repo is very well put-together and definitely sets a standard for excellent organization and documentation

bogota4y ago

What is it providing a solution to? What problem did you have with existing solutions that this solves?

hashimanwaar4y ago

I was reluctant to use Garnet as I always had a traditional approach with managing secrets. It wasn't until I accidentally deleted my sensitive and critical data that I started to look out for a better way of doing things. That's where Garnet came in. Very easy to install and getting started to use it's features. Definitely recommended for everyone before it's too late and you have to spend a couple of days trying to re-register your keys and stuff

bogota4y ago

How does this work in production environments like k8s or aws?

rst134y ago

I've been using Garnet with my k8s setup. They don't have native kube api integration and I suggest developing a controller. But right now you can use the CLI to append any commands or scripts in your docker containers to supply them env variables at build or run time.

E.g. in a Dockerfile … RUN garnet run --service-key=$GARNET_SERVICE_KEY -- npm start

If this container is running on k8s, you can supply $GARNET_SERVICE_KEY as a k8s secret mounted on the pod

j / k navigate · click thread line to collapse