Tools

Infisical is the open-source platform for secrets, certificates, and privileged access management.

The authentication glue you need.

Share sensitive information securely with self-destructing links that are only viewable once.

Fully transparent SSH, HTTPS, Kubernetes, MySQL and Postgres bastion/PAM that doesn't need additional client-side software

Secure, browser-based, password-only self-custodial cryptocurrency wallet.

Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audit logs.

Authentication and authorization infrastructure for SaaS and AI apps, built on OIDC and OAuth 2.1 with multi-tenancy, SSO, and RBAC.

Single Sign-On for Your Self-Hosted Universe

Kanidm: A simple, secure, and fast identity management platform

A simple and easy-to-use OIDC provider that allows users to authenticate with their passkeys to your services.

Whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.

Privacy-first password manager with built-in email aliasing. Fully encrypted and self-hostable.

Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.

Secure sharing of secrets, passwords and files.

The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™

Complete, reliable, secure and zero-trust webapp based on zero-knowledge encryption to store your TOTP codes.

An editor of encrypted files that supports YAML, JSON and BINARY formats and encrypts with AWS KMS and PGP.

Open Source Identity and Access Management For Modern Applications and Services

OpenBao is a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys.

Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.

Passbolt Community Edition (CE) API. The JSON API for the open source password manager for teams!

Open source Auth0/Clerk/Firebase alternative. Passkeys, SSO, MFA, passwordless, biometric login. Self-hosted or cloud. Enterprise-ready for SaaS & mobile apps

Plugable framework for automated decryption, often used as a Tang client.

Single Sign-On Identity & Access Management via OpenID Connect, OAuth 2.0 and PAM

A turnkey OAuth & authentication system, designed for both Cloudflare Workers and Node.js

Credential isolation proxy for AI agents. Injects secrets at the network boundary with domain restrictions, agent authentication, and audit logging. No SDK required — works as a transparent HTTP proxy or MCP server.

Keep your sensitive information out of chat logs, emails, and more with encrypted secrets.

Web frontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory.

Keep secrets out of emails or chat logs, share them using secure links with passphrase and expiration dates. `MIT` `Python`

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

CLI for managing secrets

Self-evolving MCP server that generates and improves its own tools at runtime. Built on FastMCP, Janee uses LLM-driven tool generation to dynamically create, test, and refine MCP tools from natural language descriptions — enabling AI agents to extend their own capabilities on the fly.

Simple self hosted password generator

A helm plugin that help manage secrets with Git workflow and store them anywhere

ZITADEL - Identity infrastructure, simplified for you.

Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs

Superagent protects your AI applications against prompt injections, data leaks, and harmful outputs. Embed safety directly into your app and prove compliance to your customers.

Simple to use, simple to deploy, one time self destruct messaging service, with hashicorp vault as a backend

easy-rsa - Simple shell based CA utility

Password manager dedicated for managing passwords in a collaborative way. One symmetric key is used to encrypt all shared/team passwords and stored server side in a file and the database. works on any server Apache, MySQL and PHP.

A Web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes

Light LDAP implementation

KeePassXC is a cross-platform community-driven port of the Windows application “KeePass Password Safe”.

One-Time-Secret sharing platform with a symmetric 256bit AES encryption in the browser

AI-safe secrets manager with MCP integration. Run commands with credentials injected as environment variables - AI agents never see plaintext secrets. Features output sanitization, AES-256-GCM encryption, and Argon2id key derivation.

Quantum-inspired keyring for AI coding agents. Secure secrets with superposition, entanglement, tunneling, and teleportation.

Permission control plane for AI agents. MCP proxy that enforces least-privilege YAML policies on every tool call, classifies sensitive data (PII/PHI), detects dangerous skill chains, and generates compliance audit trails. Supports stdio and HTTP proxy modes.