DEV Community

Cover image for 10 open source tools that platform, SRE and DevOps engineers should consider in 2024.
Utpal Nadiger for Digger

Posted on

10 open source tools that platform, SRE and DevOps engineers should consider in 2024.

This article highlights ten open source tools that have gained significant attention amongst infrastructure engineers and are considered essential for professionals in Platform Engineering/DevOps/Site Reliability engineering.

These tools cover a wide range of functionalities, including Infrastructure as Code management, secret management, distributed filesystems, internal developer portals, continuous integration and deployment (CI/CD), and self-hosted Git services.

Each of these open-source projects, from Digger's Infrastructure as Code platform to Gitea's self-hosted Git service, represents a key component in the modern DevOps toolkit, helping engineers to build, deploy, and maintain scalable and efficient software systems.

The tools are:

  • Digger - an Open Source Infrastructure as Code management platform.[Infrastrucutre as code automation]
  • Git Secret - A bash-tool to store your private data inside a git repository. [Secret Management]
  • Infisical - Open source end-to-end encrypted secrets sync for teams and infrastructure. [Secret Management]
  • Lade - Automatically load secrets from your preferred vault as environment variables. [Secret Management]
  • Ceph - Highly scalable object, block and file-based storage under one whole system. [Distributed Filesystems]
  • Backstage - An open platform for building developer portals. [Internal Developer Portal]
  • Kraken CI - Modern CI/CD, open-source, on-premise system that is highly scalable and focused on testing. [CI/CD]
  • Buildbot - automate all aspects of the software development cycle. [CI framework]
  • Gogs - A self-hosted Git service. [Git]
  • Gitea - Another self-hosted Git service. [Git]

Now lets dive into each tool one by one:

Digger

Digger

Digger is an IaC management tool for Terraform and OpenTofu, addressing the complexities often encountered with specialized IaC CI systems like Terraform Cloud and Atlantis.

Its unique approach integrates Terraform/OpenTofu directly into your existing CI infrastructure, leveraging its asynchronous jobs, compute, orchestration, and logging capabilities.

This integration not only enhances security by keeping cloud access secrets within your CI environment but also proves cost-effective by eliminating the need for extra compute resources. Digger's feature set includes Terraform plan and apply within pull request comments, private runners utilizing existing CI compute environments, Open Policy Agent (OPA) support for robust access control, and PR-level locks to prevent race conditions. Additionally, it supports advanced functionalities like Terragrunt, multiple Terraform versions, and drift detection, making it an all-encompassing solution for managing Terraform/OpenTofu deployments efficiently and securely.

Star Digger on GitHub ✨

Check out self hosting documentation

Git Secret

Git Secret

Git Secret is an essential bash tool for developers and DevOps professionals, offering a robust solution for secret management within a Git repository. This open-source tool effectively encrypts sensitive files and data, ensuring that confidential information like passwords, keys, and credentials are securely stored in the repository.

By encrypting files with the public keys of allowed users, Git Secret ensures that only authorized personnel can access and decrypt these secrets. This method not only enhances security but also simplifies the process of sharing sensitive data among team members. It's particularly valuable in collaborative environments, where managing access to sensitive information is crucial for maintaining security and compliance. Git Secret stands out as a practical, secure, and efficient way to handle private data in code repositories.

Star Git Secret on GitHub ✨

Infisical

Infisical

Infisical is an open source secret management platform tailored for teams to centralize crucial data such as API keys, database credentials, and configurations. Aimed at making secret management accessible to everyone, not just security experts, it redesigns the entire developer experience. The platform offers a user-friendly dashboard for managing secrets across various projects and environments, client SDKs for on-demand secret retrieval, and a CLI tool for integrating secrets into any framework during local development.

Infisical includes native integrations with platforms like GitHub, Vercel, and Netlify, and features such as automatic Kubernetes deployment secret reloads, self-hosting options on different infrastructures, secret versioning, Point-in-Time Recovery, comprehensive audit logs, Role-based Access Controls, simplified on-premise deployments to AWS and Digital Ocean, along with secret scanning and leak prevention capabilities.

Star Infisical on GitHub ✨

Lade

Lade

Lade is a practical tool designed to enhance secret management by automatically loading secrets from a user's chosen vault into environment variables or files. This functionality is key in minimizing the exposure of sensitive information, as it restricts access to secrets only for the duration of a specific command's execution. By ensuring that secrets are only available when absolutely necessary, Lade significantly reduces the risk of unauthorized access or leaks. This approach is particularly beneficial in environments where security and data privacy are paramount. Lade is part of the Metatype ecosystem. Consider checking out how this component integrates with the whole ecosystem and browse the documentation to see more examples.

Star Lade on GitHub ✨

Ceph

Ceph

Ceph stands out in storage technology, offering a scalable and reliable solution where traditional systems fall short. It supports object, block, and file storage in one system, adaptable for various environments including on-premises, cloud, or container-native setups. Key benefits include scalability, enabled by the CRUSH algorithm, allowing for expansion without typical downtime. This makes Ceph suitable for businesses and institutions needing to grow their storage capacity rapidly.

Ceph is also notable for its reliability. It is self-managing and self-healing, with Monitor and Manager daemons enhancing data availability. The CRUSH algorithm reduces failure risks, ensuring a robust storage solution.Performance-wise, Ceph's customizable deployment suits diverse needs without compromising efficiency. As a software-defined system, it performs well regardless of the infrastructure, addressing the limitations of traditional storage systems.

Backstage

Backstage

Backstage is an innovative open platform designed for creating internal developer portals, streamlining the developer experience within organizations. As a centralized hub, it allows teams to manage software components, monitor services, and access tools and documentation from a single interface.

This enhances collaboration and increases efficiency by reducing the complexity often associated with accessing various development tools and resources. By providing a unified, customizable environment, Backstage fosters a more organized and coherent workflow. Its open-source nature invites contributions and adaptations to suit specific organizational needs, making it an invaluable tool for companies looking to optimize their internal software development processes.

Star Backstage on GitHub ✨

Kraken CI

Kraken CI

Kraken CI is a modern CI/CD system that operates on the Continuous Integration philosophy, focusing on pre-commit and post-commit phases in software development. In the pre-commit phase, developers and testers prepare code changes, aiming to minimize the risk of breaking production code. Kraken CI facilitates this by providing a validation environment that simplifies testing, making it easier to produce quality code. It reduces the likelihood of large, risky changes and helps manage code integration more effectively.

In the post-commit phase, the emphasis is on maintaining the stability of production code. Kraken CI's effective post-commit validation delivers clear, unambiguous information about the production code, reducing the time to feedback and allowing for quick response to any issues. This results in greater stability and release-readiness of the production code. By improving both pre-commit and post-commit phases, Kraken CI fosters a culture shift in software development. It moves away from a gate-focused approach, where each stage of development is a barrier, to a more fluid process where small changes are made frequently. This shift reduces the impact of breaks and improves the overall quality and efficiency of the engineering process, allowing teams to focus on innovation and delivering unique value to customers.

Buildbot

Buildbot

Buildbot is a versatile CI framework designed to automate all aspects of the software development cycle, enhancing efficiency and reliability. As an open-source platform, it is highly customizable, allowing teams to tailor the automation process to their specific needs. Buildbot excels in integrating various stages of development, from code integration, testing, to deployment, ensuring a seamless and coherent workflow. This framework supports multiple development environments, making it adaptable to different technologies and project requirements. Its ability to streamline complex processes and foster continuous integration and deployment makes Buildbot a valuable tool for teams seeking to optimize their software development lifecycle.

Gogs

Gogs

The Gogs project is dedicated to creating a simple, stable, and extensible self-hosted Git service, emphasizing ease of setup. Utilizing Go, Gogs offers an independent binary distribution compatible across multiple platforms, including Linux, macOS, Windows, and ARM systems. The platform features a comprehensive user dashboard, profile, and activity timeline, and supports repository access through SSH, HTTP, and HTTPS.

It includes robust management tools for users, organizations, and repositories, alongside webhooks and Git hooks. Gogs facilitates repository issues, pull requests, wiki, and collaboration features. It also offers migration and mirroring of repositories, a web editor for repository files, Jupyter Notebook and PDF rendering, and supports various authentication methods including SMTP, LDAP, and GitHub integration. Additionally, Gogs is customizable, supports a range of databases like PostgreSQL and MySQL, and is localized in over 31 languages, making it a versatile and user-friendly solution for Git hosting.

Star Gogs on GitHub ✨

Gitea

Gitea

Gitea is a versatile tool for creating and managing git-based repositories, streamlining Code Review to enhance code quality for users and businesses. It integrates a CI/CD system, Gitea Actions, compatible with GitHub Actions, allowing users to create workflows in YAML or use existing plugins. Gitea's project management features include issue tasks, labeling, and kanban boards for efficient management of requirements, features, and bugs. These tools integrate with branches, tags, milestones, assignments, time tracking, and dependencies to plan and track development progress. Furthermore, Gitea supports over 20 package management types, such as Cargo, Composer, NPM, and PyPI, catering to a wide range of public or private package management needs. This comprehensive suite of features makes Gitea a powerful platform for managing development projects and packages.

Top comments (12)

Collapse
 
Sloan, the sloth mascot
Comment deleted
Collapse
 
bcouetil profile image
Benoit COUETIL 💫

Would you mind elaborating on the reasons, or say why you are an authority in this field ?

Collapse
 
Sloan, the sloth mascot
Comment deleted
 
bcouetil profile image
Benoit COUETIL 💫

Thank you Mike for the details.

Your response urged me to a little bit of research. With enough security on passphrase and/or encryption size, the "little bit of extra money and time" is still multiple years at best. And I do not have NSA level secrets to store.

I will take care of those parameters and consider myself fine with the risk !

Thread Thread
 
Sloan, the sloth mascot
Comment deleted
 
bcouetil profile image
Benoit COUETIL 💫

Your dedication to security practices is wonderful !

On my side, I don't take myself and my projects too seriously, the world is in of the verge of apocalyptic events way more deep than my problems.

Thanks to you, I learned some stuff about the encryption key size, the passphrase length, and if someday someone is able to crack 256-bits encryption keys under a few weeks, he won't go to first to my clients' repos, we are too small fishes to catch 😊

Collapse
 
matijasos profile image
Matija Sosic

Digger sounds interesting! On which type of projects should it be use it? E.g., I'm developing my own side project SaaS, reflectdaily.app/, and currently deploy to Fly via Wasp. At which point could I benefit from Digger?

Collapse
 
bcouetil profile image
Benoit COUETIL 💫

Thanks for sharing !

git-secret is what I was searching for 🎉

I have implemented this myself for now.

Collapse
 
annaredbond profile image
annaredbond

Ooh, good list!

Collapse
 
debadyuti profile image
Deb

This is a decent list. Ceph and Minio are legit S3 alternatives.

Collapse
 
fernandezbaptiste profile image
Bap

Great article!

Collapse
 
mv-turtle profile image
mv-turtle

Infisical 🚀

Some comments may only be visible to logged-in visitors. Sign in to view all comments.