Search code, repositories, users, issues, pull requests...

Whispr (Pronounced as whisp-r) is a CLI tool to safely inject secrets from your favorite secret vault (Ex: AWS Secrets Manager, Azure Key Vault etc.) into your app's environment. This is very useful for enabling secure local software development.

Whispr uses keys (with empty values) specified in a .env file and fetches respective secrets from a vault, and sets them as environment variables before launching an application.

The MITRE ATT&CK Framework Tactic 8 (Credential Access) suggests that adversaries can exploit plain-text secrets and sensitive information stored in files like .env. It is essential to avoid storing sensitive information in unencrypted files. To help developers, Whispr can safely fetch and inject secrets from a vault into the current shell environment. This enables developers to securely manage credentials and mitigate advisory exploitation tactics.

Run whispr init <vault_type> in your terminal to create a whispr.yaml file in your project root. This file will store your configuration settings.

Leave a Comment