Harp is for Harpocrates (Ancient Greek: Ἁρποκράτης) the god of silence, secrets and confidentiality in the Hellenistic religion. - Wikipedia

New to harp, let's start with onboarding tutorial ! TL;DR - Features overview

Harp provides :

• A methodology to design your secret management;
  • Secret naming convention;
  • A defined common language and complete processes to achieve secret management operations;
• A SDK to create your own tools to orchestrate your secret management pipelines;
  • A container manipulation library exposed as github.com/elastic/harp/pkg/container;
  • A secret bundle specification to store and manipulate secrets exposed as github.com/elastic/harp/pkg/bundle;
  • An on-steroid template engine exposed as github.com/elastic/harp/pkg/template
  • A path name validation library exposed as github.com/elastic/harp/pkg/cso
• A CLI for secret management implementation
  • CI/CD integration;
  • Based on human readable definitions (YAML);
  • In order to create auditable and reproducible pipelines.
  • An extensible tool which can be enhanced via plugins.

And allows :

• Bundle level operations
  • Create a bundle from scratch / template / json (more via plugins);
  • Generate a complete bundle using a YAML Descriptor (BundleTemplate) to describe secret and their usages;
  • Read value stored in the K/V virtual filesystem;
  • Update the K/V virtual filesystem;
  • Reproductible patch applied on immutable container (copy-on-write);
  • Import / Export to Vault.
• Immutable container level operations
  • Seal / Unseal a container for integrity and confidentiality property conservation to enforce at-rest encryption (aes256-gcm96 or chacha20-poly1305);
  • Multiple identities sealing algorithm;

harp artifacts and source code is released under Apache 2.0 Software License.

Download a release or build from source.

For stable version

brew tap elastic/harp
brew install elastic/harp/harp

Download a release or build from source.

Only last 2 minor versions of a major are supported.

Harp is compiled with :

$ go version
go version go1.16.3 linux/amd64

Simple go version manager - https://github.com/stefanmaric/g

Mage is an alternative to Make where language used is Go. You can install it using 2 different methods.

# Install mage
git clone https://github.com/magefile/mage
cd mage
go run bootstrap.go

brew install mage

git clone git@github.com:elastic/harp.git
# Go to tools submodule
cd harp/tools
# Pull tools sources, compile them and install executable in tools/bin
mage

export PATH=$HARP_REPO/tools/bin:$PATH
# Build harp in bin folder
mage

For Tools

You have to build this image once before executing artifact pipelines.

mage docker:tools

For CLI

# or docker image [distroless:static, rootless, noshell]
mage docker:harp
# To execute in the container
docker run --rm -ti --read-only elastic/harp:<version>

You can find more Harp feature extensions - https://github.com/elastic/harp-plugins

Here is the list of external projects used as inspiration :

• Kubernetes
• Helm
• Open Policy Agent ConfTest
• SaltPack
• Hashicorp Vault
• AWS SDK Go