Teller: Cloud Native Secrets Management for Developers
This repository profile is provided by osrepos.com, an open source repository discovery platform.

Summary
Teller is an open-source, universal secret manager designed for developers, enabling seamless interaction with secrets directly from the command line. It eliminates the need for scattered .env files or hardcoded tokens, integrating with various vaults and cloud services like Hashicorp Vault, AWS Secrets Manager, and Google Secret Manager. This tool streamlines secret workflows, enhances security, and helps fight secret sprawl across development environments.
Repository Information
Topics
Click on any tag to explore related repositories
Use at your own risk
OSRepos shares public repositories for knowledge and discovery only. Any installation, execution, configuration, or use of code from these repositories is the user's own responsibility. Always review the repository, source code, dependencies, licenses, and security implications before running or installing anything. OSRepos is not responsible for issues, damages, or losses resulting from third-party repositories.
Introduction
Teller is an open-source, cloud-native secret management tool that empowers developers to handle sensitive information directly from their command line. It acts as a universal interface for various secret providers, including Hashicorp Vault, AWS Secrets Manager, Google Secret Manager, and more. By centralizing secret access and management, Teller helps developers maintain clean, secure workflows without ever leaving their terminal. It's built in Rust, offering performance and reliability.
Installation
Getting started with Teller is straightforward. You can either download a pre-built binary or compile it from source.
Download a binary:
Pre-built binaries are available for various platforms.
Build from source:
For those who prefer to build from source, ensuring full transparency and control, follow these steps:
$ cd teller-cli
$ cargo install --path .
This command will install the Teller binary locally on your machine.
Examples
Teller offers a rich set of features to manage and interact with your secrets.
Create a new configuration:
Initialize a new .teller.yml file to define your secret providers and mappings.
$ teller new
? Select your secret providers ›
? hashicorp_consul
? aws_secretsmanager
? ssm
? dotenv
? hashicorp
? google_secretmanager
Running subprocesses with secrets:
Execute commands with secrets automatically injected as environment variables, avoiding manual exports or .env files.
$ teller run --reset --shell -- node index.js
Inspecting variables:
View the secrets Teller has picked up, with sensitive parts redacted for security.
$ teller show
Populating local shell:
Integrate Teller into your shell configuration, like .zshrc, to dynamically load secrets.
eval "$(teller sh)"
Easy Docker environment:
Streamline Docker container execution by injecting secrets directly, preventing them from appearing in shell history.
$ docker run --rm -it --env-file <(teller env) alpine sh
Scanning for secrets:
Identify hardcoded secrets and secret sprawl within your codebase. This can be integrated into CI/CD pipelines.
$ teller scan
To fail a build if secrets are found:
run: teller scan --error-if-found
Redacting secrets from outputs and files:
Cleanse logs, process outputs, or files by redacting sensitive information.
$ cat some.log | teller redact
$ tail -f /var/log/apache.log | teller redact
$ teller redact --in dirty.csv --out clean.csv
Populating templates:
Use secrets to populate custom templates, supporting the Tera templating engine.
$ teller template --in config-templ.t
Copying/syncing data between providers:
Synchronize secrets between different providers or mappings.
$ teller copy --from source/dev --to target/prod
Writing and multi-writing to providers:
Store new secrets or update existing ones in your configured providers.
$ teller put --providers new --map-id one NEW_VAR=s33kret
Deleting and multi-deleting from providers:
Remove secrets from your providers.
$ teller delete --providers new --map-id one DELETE_ME
Exporting secrets:
Export secrets in YAML or JSON format for integration with other tools or workflows.
$ teller export yaml
$ teller export json
Why Use Teller
Teller addresses common challenges in secret management for developers. It centralizes access to secrets from various providers, reducing the risk of hardcoded credentials and .env file proliferation. By providing a unified command-line interface, it simplifies workflows for development, testing, and deployment across different environments. Its scanning and redaction capabilities further enhance security by fighting secret sprawl and preventing sensitive data exposure in logs. Built in Rust, Teller offers a robust and efficient solution for modern cloud-native development.
Links
- GitHub Repository: https://github.com/tellerops/teller
- Releases: https://github.com/tellerops/teller/releases
- Providers Documentation: https://docs.rs/teller-providers/latest/teller_providers/providers/index.html
Related repositories
Similar repositories that may be relevant next.

Zeroboot: Sub-millisecond VM Sandboxes for AI Agents
June 11, 2026
Zeroboot is an innovative open-source project that delivers sub-millisecond VM sandboxes, primarily designed for AI agents and other applications requiring extremely fast, isolated code execution environments. It leverages copy-on-write forking and Firecracker microVMs to achieve hardware-enforced isolation with minimal overhead. This approach enables rapid, secure code execution, ideal for high-performance AI applications.

Inkwell: A Sovereign, Lightweight Markdown Editor for Focused Writing
June 10, 2026
Inkwell is a fast, portable, and privacy-focused markdown editor designed to enhance your writing experience. Built with Rust and Tauri v2, it offers a distraction-free environment with powerful features like Typst PDF exports, local SQLite persistence, and extensive customization. This tool is ideal for writers seeking a robust, local-first solution that respects user privacy.

mullvadvpn-app: Secure and Private Mullvad VPN Client for Desktop and Mobile
June 4, 2026
The `mullvadvpn-app` is the official open-source client application for the Mullvad VPN service, designed for both desktop and mobile platforms. Developed by Mullvad VPN AB, this project is primarily written in Rust, with frontends built using Electron for desktop and native implementations for Android and iOS. It provides a secure, privacy-preserving VPN experience, supporting protocols like WireGuard and OpenVPN, and is known for its strong emphasis on user anonymity and leak prevention.

ApiArk: A Privacy-First, Lightweight API Platform Built with Tauri v2
May 29, 2026
ApiArk is an innovative API platform designed as a privacy-first, lightweight alternative to traditional tools like Postman. Built with Tauri v2, it offers exceptional performance, consuming only about 60 MB of RAM, and operates entirely locally with no login or cloud requirements. It supports a wide array of protocols and stores data in Git-friendly YAML files, empowering developers with full control over their API workflows.
Source repository
Open the original repository on GitHub.
6 counted GitHub visits