SecretHub is joining 1Password!

The SecretHub team is now part of 1Password. Together, we’ll be working to help every business manage both their human and machine credentials in one unified platform.

SecretHub + 1Password

Secrets Get In Your Way

Putting passwords and API keys in source code creates a security risk. But handling them properly creates complexity that makes it extremely cumbersome to deploy.

Secrets in source code graphic
  • icon Secrets Leak

    Git, Slack, and email are designed to share information, not to keep secrets.

  • icon Manual Deploys Don't Scale

    Copy-pasting values and waiting on that one admin who holds all the keys simply don't scale when you're deploying software multiple times a week.

  • icon No Traceability

    It's impossible to track who accessed what secrets at what time, making compliance audits a nightmare.

  • 38%

    of organizations report having exposed hardcoded secrets in their source code

  • 96%

    of developers report that disconnected security & development workflows inhibit productivity

Deploy Software Without
Exposing Secrets

Eliminate secrets in source code by replacing plaintext values with a reference to the secret. SecretHub then automatically loads secrets into your app the moment it starts.

Step 1

Replace plaintext secrets with reference tags

Use the CLI to encrypt and store secrets and then simply tell the code where to look for the secret. Your code is now free of secrets and can be shared with everyone on your team.

Step 2

Load secrets into your app the moment it starts

Install the lightweight agent to automatically provision secrets to your app, wherever it runs. Secrets are only temporarily loaded where needed and are wiped when the app exits.

Step 3

Control & monitor privileged access to secrets

Enforce security with access controls and audit logs. When people leave or an incident happens, update secrets in one place and push it out everywhere.


Open Source

We understand you don’t trust people blindly. We wouldn’t either. That’s why all client-side code is open source and available on GitHub. This not only means that you can inspect our code, but that others have done so too.

SecretHub on GitHub

End-to-End Encryption

Of course you don’t feel like sharing your precious secrets with us. Luckily you don’t have to. Every secret is encrypted before a single byte ever leaves your device. Only you and your team control the encryption keys and who is able decrypt your secrets.

Read More

High Availability as a Service

You don't have to set up, monitor, and maintain a highly available cluster. Take advantage of the globally distributed service to get up and running on production in less than a day. Custom hosting and uptime SLAs are available.

Service Status Page

Security That Benefits Everyone

Good secrets management doesn’t just make things more secure, it simplifies critical processes and makes the entire organization move faster.



Develop, test, and deploy software without secrets near your code.



Effectively support developers to deploy their code by standardizing across teams & stacks.



Ensure secrets are properly handled, monitor (ab)use, and take effective action when incidents occur.

Every day I have clients that have cleartext passwords or need to manage various password vaults. The common denominator is that code becomes a security risk, and it becomes extremely cumbersome to deploy applications and share secrets. With SecretHub, I can now develop, test and deploy without a single secret anywhere near my code or tools. This is what the industry has needed for a long long time!

Peter Cummings

Independent Senior Security Consultant

We've tried pretty much every solution out there for secrets management and SecretHub is The Thing filling the void in our pipeline. The experience was super nice, we had zero friction integrating SecretHub with our infrastructure.

Janar Todesk

Principal Engineer at Smaily

As someone working in ops, I do not want to burden our developers with complex security. With SecretHub, the developers give me environment variables and I only have to add the SecretHub binary to my containers. It allows them to focus on their job and I know all the secrets are secure. SecretHub is a perfect example of KISS. It took me less than two days to get from zero to hero on our infrastructure. If I had to use HashiCorp Vault, I would still be here studying.

Jeremy Rossi

Systems Administrator at Mnemonica

We were really looking for a solution that we could implement quickly and all the alternatives were way too complicated and created lots of friction. With SecretHub, there are no complex setups, self-managed clusters or complicated key management operations on GCP and AWS. From finding SecretHub, to signing up, to actually using it on production and deploying secrets into Kubernetes, was a day’s work.

Shaun Sephton

Head of Operations at

Our systems handle large amounts of privacy data, so infrastructure security and compliance is crucial. SecretHub was instrumental in getting certified for ISO 27001 and NEN 7510, the chapters on key management practically wrote themselves.

Bob Woudstra

Director at CVS

Managing secrets for most CI tools is a pain in the ass. The only way to define secrets is to manually define them as environment variables in the GUI, which takes a lot of time. This is fine for 1 project, but we have over 180 projects so that’s not an option. SecretHub is a big time saver in that regard. It’s really easy to use and I got a pipeline with secrets up and running within half an hour!

Andrey Adamovich

Independent DevOps Consultant