Thrippy is a CLI application and gRPC client/server to manage authentication configurations and secret tokens for third-party ("3P") services.
It supports both static and OAuth 2.0 credentials, and it is designed to be simple and secure by default.
Thrippy manages "links", which are collections of configurations, credentials, and metadata.
When you create a link, you specify a "template" for it, which identifies a specific well-known service (e.g. ChatGPT, GitHub, Gmail, Slack) and its authentication type (see the list below). This enables Thrippy to set most configuration details automatically.
Static credentials (e.g. API keys) are set manually by the user. Dynamic credentials (e.g. OAuth 2.0 tokens) are refreshed automatically by Thrippy after an initial interactive user authorization.
- Atlassian
- Products: Bitbucket, Confluence, Jira
- OAuth 2.0 (3LO) app / user API token / webhook-only
- ChatGPT
- Static API key
- Claude
- Static API key
- Generic OAuth 2.0
- GitHub
- App installation using JWTs based on static credentials
- App authorization to act on behalf of a user
- User's static Personal Access Token (PAT)
- Webhook
- Google
- OAuth 2.0 to act on behalf of a user
- Static Google Cloud service account key
- Gemini using a static API key
- Slack
- App using a static bot token
- App using OAuth v2 (regular Slack / GovSlack)
- Private "Socket Mode" app using a static app-level token
-
Install Thrippy:
go install github.com/tzrikka/thrippy
Tip
The binary will be located here: $(go env GOPATH)/bin
-
Start the Thrippy server:
thrippy server --dev
Important
In dev mode, Thrippy uses an in-memory secrets manager by default, which is destroyed when the server goes down.
- Create any static link, based on the documentation
- Secure secrets manager
- HTTP tunnel to enable OAuth 2.0 links
- m/TLS for Thrippy client/server communication