v0.25.3 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: May 17, 2024 License: BSD-2-Clause


VMware Secrets Manager for Cloud-Native Apps

OpenSSF Best Practices Version Contributors Slack Twitch Artifact Hub License Go Report Card Go Coverage Using Better Commits

|   Protect your secrets, protect your sensitive data.
:   Explore VMware Secrets Manager docs at
<>/ keep your secrets... secret

The Elevator Pitch

VMware Secrets Manager is a delightfully-secure Kubernetes-native secrets store.

VMware Secrets Manager (VSecM) keeps your secrets secret.

With VMware Secrets Manager, you can rest assured that your sensitive data is always secure and protected.

VMware Secrets Manager is perfect for securely storing arbitrary configuration information at a central location and securely dispatching it to workloads.

Tell Me More

VMware Secrets Manager is a cloud-native secure store for secrets management. It provides a minimal and intuitive API, ensuring practical security without compromising user experience.

VMware Secrets Manager is resilient and secure by default, storing sensitive data in memory and encrypting any data saved to disk.

Endorsed by industry experts, VMware Secrets Manager is a ground-up re-imagination of secrets management, leveraging SPIFFE for authentication and providing a cloud-native way to manage secrets end-to-end.

Getting Your Hands Dirty

Before trying VMware Secrets Manager, you might want to learn about its architecture and design goals.

Once you are ready to start, see the Quickstart guide.

Or, if you are one of those who "learn by doing", you might want to dig into the implementation details later. If that's the case, you can directly jump to the fun part and follow the steps here to install VMware Secrets Manager to your Kubernetes cluster.

Dive Into Example Use Cases

There are several examples demonstrating VMware Secrets Manager sample use cases inside the ./examples/ folder.

Container Images

Pre-built container images of VMware Secrets Manager components can be found at:

Build VMware Secrets Manager From the Source

You can also build VMware Secrets Manager from the source.

The Roadmap

We publicly track all VMware Secrets Manager plans on this roadmap page.

You can check it out to get a glimpse of the current planned features and how the future of VMware Secrets Manager looks like.

Status of This Software

VMware Secrets Manager is under dynamic and progressive development.

The code we've officially signed and released maintains a high standard of stability and dependability. However, we do encourage it to be used in a production environment (at your own risk--see LICENSE).

It's important to note that, technically speaking, VMware Secrets Manager currently holds the status of an alpha software. This means that as we journey towards our milestone of v1.0.0, it's possible for changes to occur--both major and minor. While this might mean some aspects are not backward compatible, it's a testament to our unwavering commitment to refining and enhancing VMware Secrets Manager.

In a nutshell, we are ceaselessly pushing the boundaries of what's possible while ensuring our software stays dependable and effective for production use.


A Note on Security

We take VMware Secrets Manager's security seriously. If you believe you have found a vulnerability, please follow this guideline to responsibly disclose it.

A Tour Of VMware Secrets Manager

Check out this quickstart guide for an overview of VMware Secrets Manager.


Open Source is better together.

If you are a security enthusiast, join these communities and let us change the world together :

Guides and Tutorials


Check out this quickstart guide for an overview of VMware Secrets Manager, which also covers installation and uninstallation instructions.

You need a Kubernetes cluster and sufficient admin rights on that cluster to install VMware Secrets Manager.


Here is a list of step-by-step tutorials covers several usage scenarios that can show you where and how VMware Secrets Manager could be used.

Architecture Details

Check out this VMware Secrets Manager Deep Dive article for an overview of VMware Secrets Manager system design and how each component fits together.

Folder Structure

VSecM == "VMware Secrets Manager for Cloud-Native Apps"

Here are the important folders and files in this repository:

  • ./app: Contains core VSecM components' source code.
    • ./app/init_container: Contains the source code for the VSecM Init Container.
    • ./app/inspector: Contains the source code for the VSecM Inspector.
    • ./app/keygen: Contains the source code for the VSecM Keygen.
    • ./app/keystone: Contains the VSecM KeyStone source code.
    • ./app/safe: Contains the VSecM Safe source code.
    • ./app/sentinel: Contains the source code for the VSecM Sentinel.
    • ./app/sidecar: Contains the source code for the VSecM Sidecar.
  • ./ci: Automation and CI/CD scripts.
  • ./helm-charts: Contains VSecM helm charts.
  • ./core: Contains core modules shared across VSecM components.
  • ./dockerfiles: Contains Dockerfiles for building VSecM container images.
  • ./examples: Contains the source code of example use cases.
  • ./hack: Contains scripts for building, publishing, development , and testing.
  • ./k8s: Contains Kubernetes manifests that are used to deploy VSecM and its use cases.
  • ./sdk: Contains the source code of the VSecM Developer Go SDK.
  • ./sdk-cpp: Contains the source code of the VSecM Developer C++ SDK.
  • ./sdk-java: Contains the source code of the VSecM Developer Java SDK.
  • ./sdk-python: Contains the source code of the VSecM Developer Python SDK.
  • ./sdk-rust: Contains the source code of the VSecM Developer Rust SDK.
  • ./docs: Contains the source code of the VSecM Documentation website (
  • ./ Contains VSecM Code of Conduct.
  • ./ Contains VSecM Contributing Guidelines.
  • ./ Contains VSecM Security Policy.
  • ./LICENSE: Contains VSecM License.
  • ./Makefile: The Makefile used for building, publishing, deploying, and testing the project.


There are special long-living branches that the project maintains.

  • main: This is the source code that is in active development. We try out best to keep it stable; however, there is no guarantees. We tag stable releases off of this branch during every release cut.
  • gh-pages: This branch is where VSecM Helm charts are maintained. ArtifactHub references this branch.
  • docs: This branch contains versioned documentation snapshots that we take
    during releases.
  • tcx: This is an internal "experimental" branch that is not meant for public consumption.


You can find the changelog and migration/upgrade instructions (if any) on VMware Secrets Manager's Changelog Page.

What's Coming Up Next?

You can see the project's progress in this VMware Secrets Manager roadmap.

Code Of Conduct

Be a nice citizen.


To contribute to VMware Secrets Manager, follow the contributing guidelines to get started.

Use GitHub issues to request features or file bugs.



Check out the Maintainers Page for a list of maintainers of VMware Secrets Manager.

Please send your feedback, suggestions, recommendations, and comments to

We'd love to have them.


BSD 2-Clause License.


Path Synopsis
Package std provides a simple and flexible logging library with various log levels.
Package std provides a simple and flexible logging library with various log levels.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL