Comparison with other SecOps solutions.

People often ask us: “Why should I switch to Onboardbase? My solution works!”

Onboardbase drastically simplifies a complex problem. It’s not just a better way to manage secrets, it’s an entirely different way to think about environment configuration as a whole to match modern dev workflows in teams of diverse, distributed people. We focus on the humans who create the chaos, not just the machines.

We summarize more on this question below while trying to stay objective.

Onboardbase vs. GitHub Secrets

GitHub Secrets is a Github feature to store sensitive information securely in your repository. You can also define secrets at the organization’s level. Anyone with collaborator access to the repositories can access secrets.

Pricing

GitHub Secrets is a free feature.

Features

  • Available to use in GitHub Actions workflows and Github Codespaces.

  • Encrypts secrets in a secure vault.

  • There are access policies to control which repositories can use organization secrets. Approval is required.

  • Organization-level secrets let you share secrets between multiple repositories, which reduces the need for creating duplicate secrets. Updating an organization secret in one location also ensures that the change takes effect in all repository workflows that use that secret.

  • Secrets can be accessed through CLI and API.

Pros & cons

  • Pros

    • Easy to use with GitHub repositories
    • Nothing to install
    • Free
    • Possible programmatic retrieval to use secrets outside Github using CLI and API
    • Free secret scanning to prevent leaks (like Onboardbase)

  • Cons

    • The GUI isn’t built for easy team collaboration: no granular access control by an individual contributor.
    • Limit: you can store up to 1,000 organization secrets, 100 repository secrets, and 100 environment secrets.
    • Secrets are limited to 64 KB in size.
    • Limited CLI features (list, create, delete)
    • No environment management: you need to create new secrets for each environment, so not straightforward to use on a local machine, for example.
    • You can’t inject secrets in your build command directly unless you use Github Actions or Codespaces. You’ll need to create a custom solution.

In summary, choose Onboardbase if you want maximum flexibility regarding environment config management without compromising security. Onboardbase is human-centric, whereas Github has a more repository-centric approach causing more back-and-forth to get projects running.

Onboardbase vs. AWS Secrets

AWS Secrets Manager is the equivalent of Github Secrets in the AWS ecosystem.

Pricing

$0.4 per secret per month and $0.05 per 10k API calls, with a 30-day trial period.

Features

  • AWS Secrets Manager encrypts secrets at rest using encryption keys that you own and stores in AWS Key Management Service (AWS KMS).

  • Secrets Manager integrates with AWS Identity and Access Management (IAM) to control access to the secret using fine-grained IAM policies and resource-based policies.

  • When you retrieve a secret, Secrets Manager decrypts the secret and transmits it securely over TLS to your local environment.

  • Automatic secrets rotation for AWS services.

  • Programmatic retrieval of secrets via CLI and API.

  • AWS Secrets Manager enables you to audit and monitor secrets through integration with AWS logging, monitoring, and notification services.

Pros & cons

  • Pros

    • Automated secret rotation
    • Programmatic retrieval with SDKs to use secrets outside of AWS
    • You can use AWS Secrets Manager to meet compliance requirements
    • Integration with all AWS tools

  • Cons

    • Complex pricing.
    • High price.
    • Need to play with many services to get it to work.
    • No environment or project segmentation.
    • The GUI is not built for easy team collaboration. An admin has to be responsible for the security and managing access.
    • You’ll need to create a custom solution to inject secrets into your development environment.

The one of Onboardbase here is it's ease of use and flexible approach to environment management that matches startups that need to move fast without breaking things. AWS Secrets Manager suffers the same problems as Github Secrets while adding even more complexity and costs.

Onboardbase vs. HashiCorp Vault

Vault is a secret vault, as its name suggests.

Pricing

Free if self-managed. From $0.5 per hour for the managed cloud option.

Features

  • Dynamic secrets

  • Secret storage

  • Automated credential rotation (expiration date)

  • API and CLI access

Pros & cons

  • Pros

    • Open source
    • Self-hosted option

  • Cons

    • Costly
    • Complicated install that needs a lot of configuration steps: Check here
    • You need to manage encryption keys yourself.
    • Not designed for team collaboration. A devops expert sets up user groups and gives instructions to retrieve secrets depending on the available auth methods.

HashiCorp Vault isn’t suitable for small and medium businesses or modern dev teams without security experts working around it. It’s costly if you opt for the cloud option, and it requires deep expertise to host yourself. With Onboardbase, you’ll save hundreds of dollars on installation alone.