Aegis – self-hosted secrets broker for teams priced out of CyberArk

Name: Aegis – self-hosted secrets broker for teams priced out of CyberArk
Availability: InStock
Author: tahlos

by tahlos·Mar 22, 2026·4 points·0 comments

Visit Project View on HN

AI Analysis

●●SolidBold BetNiche Gem

CyberArk alternative for teams priced out, but still marked development-in-progress.

Strengths

•Scoped API keys per team-registry pair with immutable audit logs and structured diffs.
•Team self-service dashboard for webhooks and key rotation reduces security team ticket load.
•Vendor-agnostic proxy means migrate vault backends without changing application code.

Weaknesses

•Explicit development-in-progress warning means not production-ready for public-facing nodes.
•Only 1 GitHub star suggests minimal real-world testing at claimed 40,000+ secret scale.

Similar Projects

Security●●Solid

Secryn – a self-hosted secrets vault for dev teams (public demo)

HashiCorp Vault alternative that cuts cloud lock-in with one-time pricing instead of subscriptions.

Solve My ProblemNiche Gem

chintanb

513mo ago

AI/ML●●Solid

StrangeClaw – a self-hosted agent running inside a Firecracker microVM

Firecracker microVM isolation with host-side credential broker — agent observes denials.

Big BrainBold Bet

pstrange

103d ago

Security●●Solid

Aquaman keeping your OpenClaw secrets safe

The plugin-proxy split is smart: credentials live in a backend (Keychain/1Password/Vault/etc.) and a separate proxy injects auth headers over a UDS so the agent process never handles raw keys. It autosurveys plugin configs and channels to migrate plaintext secrets and even ships a Docker image and CLI for local setups — very practical for anyone already on OpenClaw, though it’s narrowly focused and adds an extra trusted component that deserves an audit.

Niche GemSolve My Problem

tech4242

104mo ago

Security●●●Banger