Weâre excited to welcome OpenBao to the Open Source Security Foundation (OpenSSF) as a newly accepted sandbox project!
OpenBao is an open source identity-based secrets and encryption management system that helps organizations securely store, manage, and audit access to sensitive data like API keys, passwords, and certificates. Originally developed under LF Edge and forked from HashiCorp Vault, OpenBao has now found its new home in the OpenSSF, where it aligns more directly with the needs of security professionals and open source maintainers.
âJoining OpenSSF has been a dream come true,â said Alex Scheel, Chair of the OpenBao Technical Steering Committee. âThis wouldnât be possible without the support of OpenSSFâs Technical Advisory Councilâmany thanks for their help and consideration!â
Why OpenBao?
Modern systems rely on a growing number of secrets to operate securelyâfrom database credentials to cloud service API tokens. Managing and auditing access to these secrets is complex, and building custom solutions can introduce more risk than reward. OpenBao solves this problem by providing robust encryption services that are tightly gated by authentication and authorization controls. It integrates with the tools and ecosystems open source developers and security teams already use, including Sigstore and SLSA.
Through its CLI, UI, and HTTP API, OpenBao makes it easier to:
- Securely manage and distribute secrets across teams and environments
- Apply fine-grained access controls
- Rotate keys and credentials automatically
- Maintain detailed audit trails for compliance and incident response
Moving to the OpenSSF
The move from LF Edge to OpenSSF reflects a strategic decision by OpenBaoâs Technical Steering Committee to better align with its contributor base and project mission. While the project is deeply grateful for the support from LF Edge during its early development, the OpenSSF offers a broader and more targeted platform to grow its community and expand adoption.
âWeâre looking forward to collaborating with various working groups and SIGs within OpenSSFâespecially to help strengthen secrets management best practices in open source policy and guidance,â said Scheel. âWe also remain committed to maintaining partnerships with LF Edge and other Linux Foundation projects as our ecosystems evolve.â
Whatâs Next
Now in the sandbox stage of OpenSSFâs project lifecycle, OpenBao is focused on increasing transparency, improving governance, and deepening integration with other OpenSSF initiatives. Its ongoing work will support supply chain security, secrets hygiene, and broader security-by-design efforts across open source projects.
Weâre thrilled to support the OpenBao community and look forward to seeing its impact grow across the open source security landscape.
đ Get Involved: Visit the OpenBao GitHub repository and join the conversation on the OpenSSF Slack and Matrix.Â