A simple tool to keep secrets out of
SecretHub helps developers inject passwords and other secrets securely into applications at runtime, removing the limitations and risks of placing them in static configuration code.
brew install secrethub/tools/secrethub-cli
SecretHub works with your favorite tools
Take advantage of native integrations to inject secrets into your stack without reinventing the wheel.
Why teams SecretHub
Unburden your team
Use the CLI to write a secret once and automatically inject it into your apps at runtime. Your team never has to see production secrets again.
Decouple apps & secrets
Achieve dev/prod parity by extracting the one thing that must be different per environment: the secrets that secure it. Use template files and native integrations to make your delivery pipelines reproducible.
Stay protected
Know and restrict which secrets are used by whom with access controls and audit logs. Stay compliant and ensure you can prove it.
Open source
All client code is fully open sourced and developed in the open. Pull requests are welcome!
Open security
Your secrets are encrypted client-side so SecretHub never sees your secrets. But don't take our word for it, review the security docs yourself.
Highly available service
SecretHub is hosted in 6 datacenters on 2 continents. Enjoy high availability, zero maintenance and multi-cloud straight out of the box.
What our users say
The experience using SecretHub has been super nice - zero friction setting it up, integrating the proof of concept solution into our configuration management pipeline and managing team members and their access to different repos. What else could you ask for? We’ve tried pretty much every solution and pattern out there for secrets management automation, and SecretHub is The Thing filling the void in our pipeline.
Janar Todesk, Lead DevOps Engineer, Smaily
By injecting passwords and tokens with the template tags, we’re now able to keep our application config files the same throughout the entire DTAP street. This is a real time saver, especially when you do a dedicated DTAP pipeline per customer.
Rianne Ubbink, Lead Software Engineer, Conclusion Digital
I have to confess something. I used a product from a twitter ad and I love it. @GetSecretHub you win. Never happened before. I recommend it to people trying to run their own nonsense in “the cloud.” Because if I tried to setup Vault for myself one more time I was going to lose it.
Mark Anderson (markemer), Software Engineer
You are in good company
