Automate Software Delivery
Without Exposing Secrets
Securely provision passwords and keys to the applications that power your business, with just a few lines of code.
Provisioning passwords and keys to applications doesn't have to be painful...
Protecting access to secrets while trying to release more features every day can be overwhelming & stressful.
The good news? It doesn't have to be this way.
Anxious about plaintext secrets in source code?
When machine credentials end up in source code, critical data breaches happen. But without a safe place to store those secrets, where can you put them?
Managing secrets across many different platforms?
Some platforms offer basic secret storage, but are bound to a single ecosystem. This fragments your infrastructure and forces you to reinvent the wheel for every tool in your stack.
Do you have months to spend implementing a solution?
No one likes data breaches, but classic secrets management solutions are often so complex they take months to implement, require extensive training, and end up creating a lot of maintenance and operations overhead.
How SecretHub helps you protect access to secrets across your entire stack in a single afternoon
Much like a traditional password manager does for humans who log into websites, SecretHub automatically injects passwords and keys whenever a machine needs to 'log into' another machine, allowing you to automate software delivery without leaking secrets throughout your pipeline.
Replace plaintext secrets with reference tags
Use the CLI to encrypt and store secrets and then put the path to the secret in the configuration code that needs it.
You can store any sensitive data, e.g. database passwords, API keys, and even files.
Load secrets into your app the moment it starts
Use any of the native integrations to automatically load secrets when your app actually needs them, instead of hard-coding secrets in software.
Nope, SecretHub is a lightweight addition to your existing software that provides secrets in a way it already knows how to load them. Simply add the CLI or native plugins to your Cl/CD flow and you're done.
Control & monitor privileged access to secrets
Enforce security with access controls and audit logs. When people leave or an incident happens, update secrets without changing your source code.
Everything is automatically end-to-end encrypted under the hood, which keeps your secrets safe while you don't need any cryptography experience to use it.
…and lots more!
SecretHub comes packed with useful features to make developers and operations engineers more productive.
SecretHub works in the same standardized way across all platforms, which ensures consistency across multiple development & release cycles and means you don't have to reinvent the wheel for each tool in your stack.
Safely store secrets knowing that we can never read their contents. Every secret is encrypted before it ever leaves your device. Only you and your team own the encryption keys.
You don't have to set up, monitor, and maintain a highly available cluster. Take advantage of the globally distributed service to get up and running in less than a day. Custom hosting and uptime SLAs are available.
SecretHub's standardized approach allows every team member to work in a production parity environment, with less time being spent setting up environments and debugging environment-specific issues.
Any Engineer Can Use It
Any engineer can use SecretHub with a 10-minute tutorial, which pays off in time spent incident-responding and time spent training people.
All client code is fully open source so you can inspect the code and tweak it to your specific needs. Contributions are welcome!
Integrate in Minutes
All you need is a few lines of configuration code to provision secrets on any OS, any Cloud and any machine - from local development, to CI/CD, to production.
Why Both Dev & Ops Love SecretHub
We've tried pretty much every solution out there for secrets management and SecretHub is The Thing filling the void in our pipeline. The experience was super nice: we had zero friction integrating SecretHub with our infrastructure.View case study
Every day I have clients that have cleartext passwords or need to manage various password vaults. The common denominator is that code becomes a security risk, and it becomes extremely cumbersome to deploy applications and share secrets. With SecretHub, I can now develop, test and deploy without a single secret anywhere near my code or tools. This is what the industry has needed for a long long time!
By injecting passwords and tokens with the template tags, we’re now able to keep our application config files the same throughout the entire DTAP street. This is a real time saver, especially when you do a dedicated DTAP pipeline per customer.
Managing secrets for most CI tools is a pain in the ass. The only way to define secrets is to manually define them as environment variables in the GUI, which takes a lot of time. This is fine for 1 project, but we have over 180 projects so that’s not an option. SecretHub is a big time saver in that regard. It’s really easy to use and I got a pipeline with secrets up and running within half an hour!
As someone working in ops, I do not want to burden our developers with complex security. With SecretHub, the developers give me environment variables and I only have to add the SecretHub binary to my containers. It allows them to focus on their job and I know all the secrets are secure. SecretHub is a perfect example of KISS. It took me less than two days to get from zero to hero on our infrastructure. If I had to use HashiCorp Vault, I would still be here studying.