[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-71459":3},{"id":4,"name":5,"fullName":6,"owner":5,"repo":5,"description":7,"homepage":8,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":9,"rankLanguage":9,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":24,"hasPages":24,"topics":25,"createdAt":9,"pushedAt":9,"updatedAt":29,"readmeContent":30,"aiSummary":31,"trendingCount":15,"starSnapshotCount":15,"syncStatus":32,"lastSyncTime":33,"discoverSource":34},71459,"openbao","openbao\u002Fopenbao","OpenBao is a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys.","https:\u002F\u002Fopenbao.org\u002F",null,"Go",6293,451,37,205,0,35,80,255,105,38.97,"Mozilla Public License 2.0",false,"main",true,[26,27,28],"go","secret-management","security","2026-06-12 02:02:52","# OpenBao\n\n----\n\n**Please note**: We take OpenBao's security and our users' trust\nvery seriously. If you believe you have found a security issue\nin OpenBao, _please responsibly disclose_ by contacting us at\n[openbao-security@lists.openssf.org](mailto:openbao-security@lists.openssf.org).\n\n----\n\n[![OpenSSF Scorecard](https:\u002F\u002Fapi.scorecard.dev\u002Fprojects\u002Fgithub.com\u002Fopenbao\u002Fopenbao\u002Fbadge)](https:\u002F\u002Fscorecard.dev\u002Fviewer\u002F?uri=github.com\u002Fopenbao\u002Fopenbao) [![OpenSSF Best Practices](https:\u002F\u002Fwww.bestpractices.dev\u002Fprojects\u002F9126\u002Fbadge)](https:\u002F\u002Fwww.bestpractices.dev\u002Fprojects\u002F9126)\n\n- [Website](https:\u002F\u002Fwww.openbao.org)\n- [Mailing List](https:\u002F\u002Flists.openssf.org\u002Fg\u002Fopenbao)\n- [GitHub Discussions](https:\u002F\u002Fgithub.com\u002Fopenbao\u002Fopenbao\u002Fdiscussions)\n- [Chat Server](https:\u002F\u002Flinuxfoundation.zulipchat.com\u002F)\n  - [`#openssf-openbao-discussion`](https:\u002F\u002Flinuxfoundation.zulipchat.com\u002F#narrow\u002Fchannel\u002F529890-openssf-openbao-discussion)\n  - [`#openssf-openbao-support`](https:\u002F\u002Flinuxfoundation.zulipchat.com\u002F#narrow\u002Fchannel\u002F530381-openssf-openbao-support)\n  - [`#openssf-openbao-tsc`](https:\u002F\u002Flinuxfoundation.zulipchat.com\u002F#narrow\u002Fchannel\u002F530382-openssf-openbao-tsc)\n  - Working Groups:\n    - [`#openssf-openbao-wg`](https:\u002F\u002Flinuxfoundation.zulipchat.com\u002F#narrow\u002Fchannel\u002F574533-openssf-openbao-wg)\n    - [`#openssf-openbao-wg-namespaces`](https:\u002F\u002Flinuxfoundation.zulipchat.com\u002F#narrow\u002Fchannel\u002F532995-openssf-openbao-wg-namespaces)\n    - [`#openssf-openbao-wg-pkcs11`](https:\u002F\u002Flinuxfoundation.zulipchat.com\u002F#narrow\u002Fchannel\u002F532994-openssf-openbao-wg-pkcs11)\n    - [`#openssf-openbao-wg-scalability`](https:\u002F\u002Flinuxfoundation.zulipchat.com\u002F#narrow\u002Fchannel\u002F532998-openssf-openbao-wg-scalability)\n    - [`#openssf-openbao-wg-supply`](https:\u002F\u002Flinuxfoundation.zulipchat.com\u002F#narrow\u002Fchannel\u002F532999-openssf-openbao-wg-supply)\n    - [`#openssf-openbao-wg-ui`](https:\u002F\u002Flinuxfoundation.zulipchat.com\u002F#narrow\u002Fchannel\u002F532997-openssf-openbao-wg-ui)\n\n\u003Cp align=\"center\">\n  \u003Cimg width=\"300\" alt=\"OpenBao Mascot\" src=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fopenbao\u002Fartwork\u002Fmain\u002Fcolor\u002Fopenbao-color.svg\">\n\u003C\u002Fp>\n\n**OpenBao is a software solution to manage, store, and distribute sensitive\ndata including secrets, certificates, and keys. The OpenBao community intends\nto provide this software under an OSI-approved open-source license, led by a\ncommunity run under open-governance principles.**\n\nA modern system requires access to a multitude of secrets: database credentials,\nAPI keys for external services, credentials for service-oriented architecture\ncommunication, etc. Understanding who is accessing what secrets is already very\ndifficult and platform-specific. Adding on key rolling, secure storage, and\ndetailed audit logs is almost impossible without a custom solution. This is\nwhere OpenBao steps in.\n\nThe key features of OpenBao are:\n\n* **Secure Secret Storage**: Arbitrary key\u002Fvalue secrets can be stored in\n  OpenBao. OpenBao encrypts these secrets prior to writing them to persistent\n  storage, so gaining access to the raw storage isn't enough to access your\n  secrets. OpenBao can write to disk, [PostgreSQL](https:\u002F\u002Fwww.postgresql.org\u002F),\n  and more.\n\n* **Dynamic Secrets**: OpenBao can generate secrets on-demand for some systems,\n  such as AWS or SQL databases. For example, when an application needs to access\n  an S3 bucket, it asks OpenBao for credentials, and OpenBao will generate an\n  AWS keypair with valid permissions on demand. After creating these dynamic\n  secrets, OpenBao will also automatically revoke them after the lease is up.\n\n* **Data Encryption**: OpenBao can encrypt and decrypt data without storing it.\n  This allows security teams to define encryption parameters and developers to\n  store encrypted data in a location such as a SQL database without having to\n  design their own encryption methods.\n\n* **Leasing and Renewal**: All secrets in OpenBao have a _lease_ associated with\n  them. At the end of the lease, OpenBao will automatically revoke that secret.\n  Clients are able to renew leases via built-in renew APIs.\n\n* **Revocation**: OpenBao has built-in support for secret revocation. OpenBao\n  can revoke not only single secrets, but a tree of secrets, for example,\n  all secrets read by a specific user, or all secrets of a particular type.\n  Revocation assists in key rolling as well as locking down systems in the case\n  of an intrusion.\n\n## Documentation and Getting Started\n\nDocumentation is available on the [OpenBao website](https:\u002F\u002Fopenbao.org\u002Fdocs\u002F).\n\n## Developing OpenBao\n\n> [!WARNING]\n> Before submitting pull requests to OpenBao, ensure that you have\n> read and understood our contribution guidelines described in\n> [`CONTRIBUTING.md`](.\u002FCONTRIBUTING.md). A failure to do so will likely result\n> in your pull request being rejected.\n\nIf you wish to work on OpenBao itself or any of its built-in systems,\nyou'll first need [Go](https:\u002F\u002Fwww.golang.org) installed on your\nmachine. The Go toolchain version used in CI and releases is pinned at\n[`.go-version`](.\u002F.go-version), but using the latest toolchain available for\nlocal development is typically fine.\n\nOpenBao uses [Go Modules](https:\u002F\u002Fgithub.com\u002Fgolang\u002Fgo\u002Fwiki\u002FModules), so it is\nrecommended that you clone the repository ***outside*** of the GOPATH.\n\nTo build a `bao` binary:\n\n```sh\n$ mkdir -p bin\n$ go build -o bin\u002Fbao .\n```\n\nTo run the OpenBao server in development mode:\n\n```sh\n$ go run . server -dev # Or `.\u002Fbin\u002Fbao server -dev` if you've built the binary already.\n```\n\nSince OpenBao is a large codebase that takes a short while to compile from a\ncold cache, it is useful to attach the `-v` flag to build commands to get a\nbetter sense of compilation progress.\n\nTo test a package:\n\n```sh\n$ go test .\u002Fsome\u002Fpackage\n```\n\nSome additional notes on development:\n\n- There is also a [`Makefile`](.\u002FMakefile) available for advanced build\n  configurations and maintenance tasks. It is not required to build, run & debug\n  OpenBao in most cases, but is worth a look.\n- This repository also houses OpenBao's website and documentation page\n  just as OpenBao's web UI application under the [`website`](.\u002Fwebsite)\n  and [`ui`](.\u002Fui) subtrees respectively. Development instructions\n  are available at [`website\u002FREADME.md`](.\u002Fwebsite\u002FREADME.md) and\n  [`ui\u002FREADME.md`](.\u002Fui\u002FREADME.md).\n\n### Importing OpenBao\n\nThis repository publishes two libraries that may be imported by other projects:\n`github.com\u002Fopenbao\u002Fopenbao\u002Fapi\u002Fv2` and `github.com\u002Fopenbao\u002Fopenbao\u002Fsdk\u002Fv2`.\n\nNote that this repository also contains OpenBao (the application), and as\nwith most Go projects, OpenBao uses Go modules to manage its dependencies.\nThe mechanism to do that is the [`go.mod`](.\u002Fgo.mod) file. As it happens, the\npresence of that file also makes it theoretically possible to import OpenBao\nas a dependency into other projects. Some other projects have made a practice\nof doing so in order to take advantage of testing tooling that was developed\nfor testing OpenBao itself. This is NOT, and has NEVER been, a supported way\nto use the OpenBao project. We will not fix bugs relating to failure to import\n`github.com\u002Fopenbao\u002Fopenbao` into your project or refactor internal code to make\nthis easier to do.\n","OpenBao 是一个用于管理、存储和分发敏感数据（如密钥、证书等）的软件解决方案。其核心功能包括安全的秘密存储，能够加密任意键值对形式的秘密信息，并在写入持久化存储前进行加密处理，确保即使直接访问存储也无法获取明文数据。此外，它还支持密钥滚动更新、安全存储以及详细的审计日志记录等功能。该软件采用 Go 语言编写，遵循开放治理原则并以 Mozilla Public License 2.0 许可证发布。OpenBao 非常适合需要管理和保护敏感信息的各种应用场景，尤其是那些对安全性有高要求的企业级环境或云原生架构中。",2,"2026-06-11 03:37:48","high_star"]