Terminal window showing the usage of SecretHub

A simple tool to keep secrets out of

SecretHub helps developers inject passwords and other secrets securely into applications at runtime, removing the limitations and risks of placing them in static configuration code.

SecretHub works with your favorite tools

Take advantage of native integrations to inject secrets into your stack without reinventing the wheel.

Docker logo Terraform logo Ansible logo Kubernetes logo

See all integrations

Why teams SecretHub

Illustration of three people

Unburden your team

Use the CLI to write a secret once and automatically inject it into your apps at runtime. Your team never has to see production secrets again.

Illustration of a rocket

Decouple apps & secrets

Achieve dev/prod parity by extracting the one thing that must be different per environment: the secrets that secure it. Use template files and native integrations to make your delivery pipelines reproducible.

Illustration of an umbrella

Stay protected

Know and restrict which secrets are used by whom with access controls and audit logs. Stay compliant and ensure you can prove it.

Open source

All client code is fully open sourced and developed in the open. Pull requests are welcome!

SecretHub on GitHub

Open security

Your secrets are encrypted client-side so SecretHub never sees your secrets. But don't take our word for it, review the security docs yourself.

Explore the security design

Highly available service

SecretHub is hosted in 6 datacenters on 2 continents. Enjoy high availability, zero maintenance and multi-cloud straight out of the box.

Check out the status page

World map

Making teams happy at

Independer logo
Conclusion logo
Hoogheemraadschap van Delfland logo

Try SecretHub today

Personal developer accounts are free - as in beer 🍺

brew install secrethub/tools/secrethub-cli