# berglas mit Homebrew, Nix installieren

Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für berglas in AI-Agent-Workflows.

## Installation

```sh
sudo av install brew:berglas
```

Weitere Installationsbefehle:

### macOS

- Homebrew (100%):

```sh
brew install berglas
```

  Evidenz: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#berglas
```

  Evidenz: nixpkgs package indexes: pkgs/by-name/be/berglas/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Paketfakten

- **Paketschlüssel:** brew:berglas
- **Paketmanager:** Homebrew
- **Paketmanager-Seite:** <https://formulae.brew.sh/formula/berglas>
- **Version:** 2.0.14
- **Quellzusammenfassung:** Tool for managing secrets on Google Cloud
- **Homepage:** <https://github.com/GoogleCloudPlatform/berglas>
- **Repository:** <https://github.com/GoogleCloudPlatform/berglas>
- **Upstream-Dokumentation:** <https://github.com/GoogleCloudPlatform/berglas#readme>
- **Lizenz:** Apache-2.0
- **Quellarchiv:** <https://github.com/GoogleCloudPlatform/berglas/archive/refs/tags/v2.0.14.tar.gz>
- **Zuletzt aktualisiert:** 2026-06-25T08:16:09Z
- **Generiert:** 2026-07-08T18:08:21+00:00

## Executables

- berglas (cli)
- berglas (Alias)

## Build-Abhängigkeiten

- go

## Installationsverhalten

- Post-install-Hook: nicht definiert
- Bottle: verfügbar auf arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Version und Aktualität

- Seite generiert: 2026-07-08
- Manager-Version: 2.0.14
- Manager aktualisiert: 2026-06-25
- lokale Daten: OK
- Upstream-Repository: https://github.com/GoogleCloudPlatform/berglas
- neueste erkannte Version: v2.0.14 (aktuell)
## Projektgeschichte und Nutzung

Berglas is a GoogleCloudPlatform command-line tool and Go library for storing and retrieving secrets on Google Cloud. It predates some common Secret Manager workflows and bridges Cloud KMS, Cloud Storage, and Secret Manager access patterns.

### Projektgeschichte

The Berglas repository was created in April 2019, with a v0.1.3 release published in June 2019. Its README describes it as both a CLI for encrypting, decrypting, and storing data on Google Cloud and a library for injecting secrets into Google Cloud runtimes.

The project is explicit about its support status: it lives under GoogleCloudPlatform but is not an officially supported Google product.

### Adoptionsgeschichte

Berglas adoption came from teams that needed secret handling around Cloud KMS and Cloud Storage, then later interoperability with Secret Manager. It fit CI/CD and serverless workflows where environment injection and CLI automation were convenient.

Homebrew packaging made it easy for macOS operators to bootstrap and inspect Google Cloud secret workflows locally while using Application Default Credentials from the Cloud SDK.

### Wie es verwendet wird

Common commands create secrets, grant access, read secret data, bootstrap buckets and KMS keys, and run child processes with secrets populated in the environment.

Authentication usually follows Google Cloud Application Default Credentials, which is why the package curation points at the gcloud ADC credentials file rather than a Berglas-specific credentials file.

### Warum Paket-Nerds sich dafür interessieren

Berglas is package-nerd significant as a small Go security CLI with cloud-side state. Installing the package gives a local executable, but most real behavior depends on enabled Google Cloud services, IAM, KMS keys, buckets, or Secret Manager resources.

It is also a snapshot of a transitional Google Cloud secrets era: the tool supports the older Cloud Storage plus KMS pattern while documenting interoperability with Secret Manager.

### Zeitleiste

- 2019-04: The GoogleCloudPlatform/berglas repository was created.
- 2019-06: Berglas v0.1.3 was published.
- 2020s: Berglas documentation continued to emphasize Cloud KMS, Cloud Storage, Secret Manager interoperability, and ADC-based setup.

### Related projects

- Google Cloud KMS supplies encryption keys for the original storage model.
- Google Cloud Storage stores encrypted secret blobs in the original model.
- Google Secret Manager is the related managed service with Berglas interoperability.

### Quellen

- <https://github.com/GoogleCloudPlatform/berglas>
- <https://github.com/GoogleCloudPlatform/berglas/releases/tag/v0.1.3>


## Sicherheitshinweise

infrastructure mutation or orchestration signal.

- **Geiger-Risiko:** orange / mittel
- infrastructure mutation or orchestration signal


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Credential files

- Unix: ~/.config/gcloud/application_default_credentials.json
- Windows: %APPDATA%\gcloud\application_default_credentials.json
## Details aus der Quelldatenbank

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** berglas
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Andere Paketmanager-Einträge

- Nix - berglas: normalized package name match | nixpkgs package indexes: pkgs/by-name/be/berglas/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1


## Verwandte Links

- [Cloud CLI packages](https://www.automicvault.com/de/pkg/cloud-clis/) - Belongs to a cloud or infrastructure command family.
- [Source-control packages](https://www.automicvault.com/de/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Secret-risk packages](https://www.automicvault.com/de/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/de/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [go](https://www.automicvault.com/de/pkg/brew/go/) - Build dependency declared by Homebrew.
- [apkleaks](https://www.automicvault.com/de/pkg/brew/apkleaks/) - Shares av.db curated category or tags: cli, secrets, security.
- [blackbox](https://www.automicvault.com/de/pkg/brew/blackbox/) - Shares av.db curated category or tags: cli, secrets, security.
- [doppler](https://www.automicvault.com/de/pkg/brew/doppler/) - Shares av.db curated category or tags: cli, secrets, security.
- [fnox](https://www.automicvault.com/de/pkg/brew/fnox/) - Shares av.db curated category or tags: cli, secrets, security.
- [git-crypt](https://www.automicvault.com/de/pkg/brew/git-crypt/) - Shares av.db curated category or tags: cli, secrets, security.
- [git-secret](https://www.automicvault.com/de/pkg/brew/git-secret/) - Shares av.db curated category or tags: cli, secrets, security.
- [go-passbolt-cli](https://www.automicvault.com/de/pkg/brew/go-passbolt-cli/) - Shares av.db curated category or tags: cli, secrets, security.
- [gopass-jsonapi](https://www.automicvault.com/de/pkg/brew/gopass-jsonapi/) - Shares av.db curated category or tags: cli, secrets, security.
- [credstash](https://www.automicvault.com/de/pkg/brew/credstash/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, cloud, managing, secrets, security.

## Combined YAML source

View the package source record on GitHub. [combined/berglas.yml](https://github.com/automic-vault/db/blob/main/combined/berglas.yml)


## Quellen

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
