It’s important to note that the goal here is not to replace Vault. Vault pioneered a lot of best practices in this space, which we build on top of. The gap we want to fill is of complexity and developer-experience, while playing well with existing tools, as stated.
Re: identity – it’s on our immediate roadmap to integrate with identity providers (similar to Vault). We offer a similar model of pluggable secrets backends inspired by Vault (currently supporting DB’s such as Postgres and Mongo). If you want to use your existing SSO provider, our private enterprise beta comes with WorkOS integration. Please reach out at support@usegarnet.com if you’re interested, and we’d love to talk more about your specific needs!
Today there are great solutions in this space, however, from our personal experience as developers, we have felt that existing solutions are either:
1) Too complex to set up and operate for the everyday developer
2) Tied to cloud-providers and don’t work well cross-platform
3) Pure SaaS solutions don’t play well with trust and reliability
Because of this, engineers end up writing custom wrappers around existing tools to solve developer experience and integrations with their stack.
Garnet is a developer-focused, open-source secrets manager which can be easily self-hosted on your own infrastructure. We aim to provide a single source of truth for configs and secrets across your tools, apps, environments and teams while delivering a great developer-experience through features like rich audit logs and versioning, granular access controls, notifications and native integrations with existing secrets and config management systems.
Garnet wants to solve this problem from a developer-first point of view, and we want to work with the community to elevate configurations as a first-class citizen in a developer’s workflow.
We’re actively looking for feedback and contributions! Please star and check out our GitHub repo to read more on what we’re building: https://github.com/garnet-labs/garnet-oss
Yes i created my account 6 mins ago but i am not exactly sure why this is so concerning. I have been part of the beta testers for garnet and am currently an experienced infrastructure engineer with experience in both azure and aws. I created my account to provide insights on this post as i have already used the product.
E.g. in a Dockerfile … RUN garnet run --service-key=$GARNET_SERVICE_KEY -- npm start
If this container is running on k8s, you can supply $GARNET_SERVICE_KEY as a k8s secret mounted on the pod
That’s great you have experience in aws and azure i do as well but i don’t see how this product facilitates auth in those environments outside of being able to deploy it there.
I believe their current focus is on injecting secrets into apps through the CLI, and they’re not natively syncing with cloud provider APIs as of yet.
Integration with identity providers is definitely a feature that would be required for adoption in the enterprise. It seems like that is on their roadmap, and their closed enterprise beta comes with WorkOS integration.
This is heavily discouraged here, and most of the times it will make users old angry and flag your post. I'd recommend that only 2 or 3 of the main developers are active in the thread. (Or perhaps a power user that is good replying instead or a developer.) There are not hard rules about this, but too many new users is a bad idea.
> all comments are actual
But some of the comments are too optimistic and look like shills, that make old users unhappy and flag the post. I'd recommend to write only one top level comment explaining that you are the developers, and some backstory, and then only reply to questions from old users.
It's very important to reply to technical questions, with clear and technical answers. It buys a lot of good will of old users. (Avoid adjectives like "awesome" , no one used "awesome" yet, but some comments are too optimistic for the dry style of HN).
> and anyone is free to share their opinion on the project
And everyone is free to complain and flag. It's not a good idea to break the explicit or implicit rules of the site. I think bogota first made a few technical questions. It's a good sign that some old user cares enough about your post to ask a technical question.
The questions are unanswered yet. It's not mandatory to reply to every single question (some questions are bad, sometimes they are repetitive, but not in this case). Anyway, I'd recommend to answer most of them.
Try to send an email to the mods and ask how to post again and any additional recommendation.