Teller: Cloud Native Secrets Management for Developers

This repository profile is provided by osrepos.com, an open source repository discovery platform.

Teller: Cloud Native Secrets Management for Developers

Summary

Teller is an open-source, universal secret manager designed for developers, enabling seamless interaction with secrets directly from the command line. It eliminates the need for scattered .env files or hardcoded tokens, integrating with various vaults and cloud services like Hashicorp Vault, AWS Secrets Manager, and Google Secret Manager. This tool streamlines secret workflows, enhances security, and helps fight secret sprawl across development environments.

Repository Information

Analyzed by OSRepos on December 30, 2025

Topics

Click on any tag to explore related repositories

Use at your own risk

OSRepos shares public repositories for knowledge and discovery only. Any installation, execution, configuration, or use of code from these repositories is the user's own responsibility. Always review the repository, source code, dependencies, licenses, and security implications before running or installing anything. OSRepos is not responsible for issues, damages, or losses resulting from third-party repositories.

Introduction

Teller is an open-source, cloud-native secret management tool that empowers developers to handle sensitive information directly from their command line. It acts as a universal interface for various secret providers, including Hashicorp Vault, AWS Secrets Manager, Google Secret Manager, and more. By centralizing secret access and management, Teller helps developers maintain clean, secure workflows without ever leaving their terminal. It's built in Rust, offering performance and reliability.

Installation

Getting started with Teller is straightforward. You can either download a pre-built binary or compile it from source.

Download a binary:

Pre-built binaries are available for various platforms.

Grab a binary from releases

Build from source:

For those who prefer to build from source, ensuring full transparency and control, follow these steps:

$ cd teller-cli
$ cargo install --path .

This command will install the Teller binary locally on your machine.

Examples

Teller offers a rich set of features to manage and interact with your secrets.

Create a new configuration:

Initialize a new .teller.yml file to define your secret providers and mappings.

$ teller new
? Select your secret providers ›
? hashicorp_consul
? aws_secretsmanager
? ssm
? dotenv
? hashicorp
? google_secretmanager

Running subprocesses with secrets:

Execute commands with secrets automatically injected as environment variables, avoiding manual exports or .env files.

$ teller run --reset --shell -- node index.js

Inspecting variables:

View the secrets Teller has picked up, with sensitive parts redacted for security.

$ teller show

Populating local shell:

Integrate Teller into your shell configuration, like .zshrc, to dynamically load secrets.

eval "$(teller sh)"

Easy Docker environment:

Streamline Docker container execution by injecting secrets directly, preventing them from appearing in shell history.

$ docker run --rm -it --env-file <(teller env) alpine sh

Scanning for secrets:

Identify hardcoded secrets and secret sprawl within your codebase. This can be integrated into CI/CD pipelines.

$ teller scan

To fail a build if secrets are found:

run: teller scan --error-if-found

Redacting secrets from outputs and files:

Cleanse logs, process outputs, or files by redacting sensitive information.

$ cat some.log | teller redact
$ tail -f /var/log/apache.log | teller redact
$ teller redact --in dirty.csv --out clean.csv

Populating templates:

Use secrets to populate custom templates, supporting the Tera templating engine.

$ teller template --in config-templ.t

Copying/syncing data between providers:

Synchronize secrets between different providers or mappings.

$ teller copy --from source/dev --to target/prod

Writing and multi-writing to providers:

Store new secrets or update existing ones in your configured providers.

$ teller put --providers new --map-id one NEW_VAR=s33kret

Deleting and multi-deleting from providers:

Remove secrets from your providers.

$ teller delete --providers new --map-id one DELETE_ME

Exporting secrets:

Export secrets in YAML or JSON format for integration with other tools or workflows.

$ teller export yaml
$ teller export json

Why Use Teller

Teller addresses common challenges in secret management for developers. It centralizes access to secrets from various providers, reducing the risk of hardcoded credentials and .env file proliferation. By providing a unified command-line interface, it simplifies workflows for development, testing, and deployment across different environments. Its scanning and redaction capabilities further enhance security by fighting secret sprawl and preventing sensitive data exposure in logs. Built in Rust, Teller offers a robust and efficient solution for modern cloud-native development.

Links

Related repositories

Similar repositories that may be relevant next.

Zeroboot: Sub-millisecond VM Sandboxes for AI Agents

Zeroboot: Sub-millisecond VM Sandboxes for AI Agents

June 11, 2026

Zeroboot is an innovative open-source project that delivers sub-millisecond VM sandboxes, primarily designed for AI agents and other applications requiring extremely fast, isolated code execution environments. It leverages copy-on-write forking and Firecracker microVMs to achieve hardware-enforced isolation with minimal overhead. This approach enables rapid, secure code execution, ideal for high-performance AI applications.

ai-agentssandboxvirtual-machine
Inkwell: A Sovereign, Lightweight Markdown Editor for Focused Writing

Inkwell: A Sovereign, Lightweight Markdown Editor for Focused Writing

June 10, 2026

Inkwell is a fast, portable, and privacy-focused markdown editor designed to enhance your writing experience. Built with Rust and Tauri v2, it offers a distraction-free environment with powerful features like Typst PDF exports, local SQLite persistence, and extensive customization. This tool is ideal for writers seeking a robust, local-first solution that respects user privacy.

markdown-editortext-editorwriting-tool
mullvadvpn-app: Secure and Private Mullvad VPN Client for Desktop and Mobile

mullvadvpn-app: Secure and Private Mullvad VPN Client for Desktop and Mobile

June 4, 2026

The `mullvadvpn-app` is the official open-source client application for the Mullvad VPN service, designed for both desktop and mobile platforms. Developed by Mullvad VPN AB, this project is primarily written in Rust, with frontends built using Electron for desktop and native implementations for Android and iOS. It provides a secure, privacy-preserving VPN experience, supporting protocols like WireGuard and OpenVPN, and is known for its strong emphasis on user anonymity and leak prevention.

rustvpnwireguard
ApiArk: A Privacy-First, Lightweight API Platform Built with Tauri v2

ApiArk: A Privacy-First, Lightweight API Platform Built with Tauri v2

May 29, 2026

ApiArk is an innovative API platform designed as a privacy-first, lightweight alternative to traditional tools like Postman. Built with Tauri v2, it offers exceptional performance, consuming only about 60 MB of RAM, and operates entirely locally with no login or cloud requirements. It supports a wide array of protocols and stores data in Git-friendly YAML files, empowering developers with full control over their API workflows.

api-clientdesktop-appdeveloper-tools

Source repository

Open the original repository on GitHub.

6 counted GitHub visits

View on GitHub
OS
OSRepos

Analysis and discovery of open source repositories. Find interesting projects and follow their updates.

Monitor your website with YourWebsiteScore

OSRepos shares public repositories for knowledge and discovery only. Any installation, execution, configuration, or use of third-party repository code is at your own risk. Always review source code, dependencies, licenses, and security implications before running anything.

© 2025 OSRepos. Built with Nuxt 3 and lots of ❤️