Universal secret manager for Python applications with multi-cloud support
Project description
AnySecret.io - Universal Secret & Configuration Management
One CLI. One SDK. All your cloud providers.
Stop writing boilerplate code for every cloud provider. AnySecret.io provides a universal interface for secret and configuration management across AWS, GCP, Azure, Kubernetes, and more.
๐ฏ Why AnySecret.io?
The Problem
- ๐ Different APIs for each cloud provider - AWS Secrets Manager vs GCP Secret Manager vs Azure Key Vault
- ๐ Boilerplate code everywhere - Same logic repeated for each provider
- ๐จ Migration nightmares - Vendor lock-in when switching clouds
- ๐ Mixed configurations - Secrets and parameters scattered across services
- ๐๏ธ Months of development - Building your own abstraction layer
Our Solution
import anysecret
# Works everywhere - AWS, GCP, Azure, K8s, local dev
db_password = await anysecret.get("db_password")
api_timeout = await anysecret.get("api_timeout")
# That's it. No provider-specific code needed.
โจ Key Features
๐ Universal Interface - Single API for all cloud providers
๐ Auto-Detection - Automatically detects your cloud environment
๐ก๏ธ Smart Classification - Auto-routes secrets to secure storage, configs to parameter stores
๐ฆ Zero Configuration - Works out of the box in most environments
๐ Migration Ready - Switch clouds without changing application code
โก Async First - Built for modern Python with FastAPI/asyncio
๐ฏ DevOps Friendly - CLI tools for CI/CD pipelines
๐ฅ HIPAA Compliant - Encrypted file support for healthcare
๐ Quick Start
Installation
# Basic installation
pip install anysecret-io
# With specific providers
pip install anysecret-io[aws] # AWS support
pip install anysecret-io[gcp] # Google Cloud support
pip install anysecret-io[azure] # Azure support
pip install anysecret-io[k8s] # Kubernetes support
# All providers
pip install anysecret-io[all]
Basic Usage
import asyncio
from anysecret import get_config_manager
async def main():
# Auto-detects environment and configures itself
config = await get_config_manager()
# Get secrets (auto-routed to secure storage)
db_password = await config.get_secret("DATABASE_PASSWORD")
api_key = await config.get_secret("STRIPE_SECRET_KEY")
# Get parameters (auto-routed to config storage)
api_timeout = await config.get_parameter("API_TIMEOUT", default=30)
feature_flag = await config.get_parameter("FEATURE_X_ENABLED", default=False)
asyncio.run(main())
CLI Usage
# For Terraform/CloudFormation
anysecret get database/password --format json
# For CI/CD pipelines
export DB_PASS=$(anysecret get database/password)
# For Kubernetes
anysecret get-all --format yaml | kubectl apply -f -
# For Docker
docker run -e DB_PASS=$(anysecret get db/password) myapp
๐ง DevOps & CI/CD Integration
Jenkins Pipeline
pipeline {
stage('Deploy') {
steps {
script {
env.DB_PASSWORD = sh(script: 'anysecret get db/password', returnStdout: true)
env.API_KEY = sh(script: 'anysecret get api/key', returnStdout: true)
}
}
}
}
GitHub Actions
- name: Get secrets
run: |
echo "DB_PASSWORD=$(anysecret get db/password)" >> $GITHUB_ENV
echo "API_KEY=$(anysecret get api/key)" >> $GITHUB_ENV
Terraform
data "external" "secrets" {
program = ["anysecret", "get-all", "--format", "json"]
}
resource "aws_instance" "app" {
user_data = <<-EOF
DB_PASSWORD=${data.external.secrets.result.db_password}
API_KEY=${data.external.secrets.result.api_key}
EOF
}
Kubernetes Integration
# Automatically sync to K8s secrets
anysecret sync-k8s --namespace production
# Or use in manifests
apiVersion: v1
kind: Pod
spec:
containers:
- name: app
env:
- name: DB_PASSWORD
value: $(anysecret get db/password)
๐ Supported Providers
| Provider | Secrets Storage | Config Storage | Auto-Detection |
|---|---|---|---|
| AWS | Secrets Manager | Parameter Store | โ |
| Google Cloud | Secret Manager | Config Connector | โ |
| Azure | Key Vault | App Configuration | โ |
| Kubernetes | Secrets | ConfigMaps | โ |
| HashiCorp Vault | KV Store | KV Store | โ |
| Encrypted Files | AES-256 | JSON/YAML | โ |
| Environment | .env files | .env files | โ |
๐ Intelligent Secret vs Parameter Classification
AnySecret.io automatically determines if a value should be stored securely (secret) or as configuration (parameter):
# Automatically classified as SECRETS (secure storage):
DATABASE_PASSWORD โ Secret Manager/Key Vault
API_KEY โ Secret Manager/Key Vault
JWT_SECRET โ Secret Manager/Key Vault
# Automatically classified as PARAMETERS (config storage):
DATABASE_HOST โ Parameter Store/Config Maps
API_TIMEOUT โ Parameter Store/Config Maps
LOG_LEVEL โ Parameter Store/Config Maps
๐ Migration Example
Migrating from AWS to GCP? No code changes needed:
# Your application code stays the same
db_password = await config.get_secret("DATABASE_PASSWORD")
# Just change the environment:
# AWS โ export SECRET_MANAGER_TYPE=aws
# GCP โ export SECRET_MANAGER_TYPE=gcp
# Azure โ export SECRET_MANAGER_TYPE=azure
๐ Documentation
- Quick Start Guide - Get up and running in 5 minutes
- API Reference - Complete API documentation
- Provider Setup - Configure each cloud provider
- Best Practices - Security and performance tips
- Migration Guide - Switch between cloud providers
- Examples - Sample applications and use cases
๐ค Contributing
We love contributions! Please see our Contributing Guide for details.
# Clone the repository
git clone https://github.com/anysecret-io/anysecret-lib.git
cd anysecret-lib
# Install development dependencies
pip install -e ".[dev,all]"
# Run tests
pytest
# Format code
black anysecret tests
isort anysecret tests
Development Setup
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
๐ Benchmarks
| Operation | Direct SDK | AnySecret.io | Overhead |
|---|---|---|---|
| Get Secret (AWS) | 45ms | 47ms | +4.4% |
| Get Secret (GCP) | 38ms | 40ms | +5.2% |
| Get Secret (Azure) | 52ms | 54ms | +3.8% |
| Batch Get (10 items) | 125ms | 85ms | -32% (cached) |
๐ก๏ธ Security
- SOC2 Compliant - Enterprise-grade security practices
- HIPAA Ready - Healthcare compliance with encrypted storage
- Zero Trust - Never logs or caches sensitive values
- Audit Trail - Complete access logging for compliance
Found a security issue? Please email security@anysecret.io (do not open a public issue).
๐ License
AnySecret.io uses dual licensing to support both open source and commercial use:
Open Source (AGPL-3.0)
- โ Free forever for all users and companies
- โ Commercial use allowed - Build and sell products
- โ Modification allowed - Customize for your needs
- โ ๏ธ Service providers - Must open-source modifications if offering as a service
Commercial License
- ๐ข For SaaS platforms - Include in your service without AGPL requirements
- ๐ Private modifications - Keep your changes proprietary
- ๐ Priority support - Direct access to our team
- ๐ผ Custom features - We'll build what you need
Need a commercial license? Visit anysecret.io/license
๐ Community & Support
- ๐ฌ Discord: Join our community
- ๐ Issues: GitHub Issues
- ๐ก Discussions: GitHub Discussions
- ๐ง Email: support@anysecret.io
- ๐ฆ Twitter: @anysecret_io
๐ฏ Roadmap
Current Release (v1.0)
- โ Universal secret/config interface
- โ AWS, GCP, Azure, K8s support
- โ Auto-environment detection
- โ Smart classification
- โ CLI tools for DevOps
Coming Soon (v1.1)
- ๐ง Secret rotation automation
- ๐ง Web UI dashboard
- ๐ง Terraform provider
- ๐ง Ansible module
- ๐ง GitHub Action
Future (v2.0)
- ๐ Multi-region replication
- ๐ Disaster recovery
- ๐ Advanced RBAC
- ๐ Compliance reporting
- ๐ Cost optimization
๐ช Powered By
Built by Adaptive Digital Ventures - We're hiring! Check our careers page.
๐ Users
AnySecret.io is used in production by:
- ๐ฅ Healthcare - HIPAA-compliant secret management
- ๐ฐ FinTech - SOC2 compliant configuration
- ๐๏ธ E-commerce - Multi-region secret distribution
- ๐ฎ Gaming - Low-latency config updates
- ๐ Startups - Simple, cost-effective secret management
Stop building secret management. Start shipping features.
anysecret.io โข
Docs โข
Discord โข
Twitter
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file anysecret_io-0.1.0.tar.gz.
File metadata
- Download URL: anysecret_io-0.1.0.tar.gz
- Upload date:
- Size: 46.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.11.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6af31b4cac7e6a15be5305f10380d673a7bfcadb692554346c2311b67a9334a3
|
|
| MD5 |
8da57ed31ae402318672d0cc0a6f33c8
|
|
| BLAKE2b-256 |
758d79b0cd70302f3f5a98f89014582467e917d8381473011ca9744e6b48f904
|
File details
Details for the file anysecret_io-0.1.0-py3-none-any.whl.
File metadata
- Download URL: anysecret_io-0.1.0-py3-none-any.whl
- Upload date:
- Size: 56.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.11.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4244661799f80973a174e48914e90a8774237bdfc163757c557615c0a578efbd
|
|
| MD5 |
dd425bb4790547416eeae630bfa69f12
|
|
| BLAKE2b-256 |
7e2a1bea9c62a925fabbabd9073a7844bdde8ab54927533b0c663054b51dd380
|
