Can’t find your answer? Please feel free to reach out.


Can you really not read my team's secrets?

No, we cannot. You are 100% the cryptographic owner of your secrets. All secrets are encrypted on the client with a combination of AES256-GCM and public key cryptography. Even secret names are encrypted and indexed using SHA256 Hash-based Message Authentication Codes (HMACs), so only you know their name. We will publish a whitepaper on encryption soon.

Why are you in private beta?

We have worked closely with some of our early customers to finalize the API and CLI over the past few months. This to increase the system's reliability and fully test it before releasing it to the public. You will be able to use it very soon.

Can I see a demo?

Absolutely! Contact us and we'll be more than happy to show you how it works.

What if SecretHub goes down?

We make it our business to deliver uptime and host our service accross multiple datacenters. However, in the case of downtime or network unavailability in all locations, your infrastructure is not immediately affected. Your servers only need a connection to SecretHub when booting up. Once your servers have the secrets loaded in memory, they do not strictly need a connection to stay operational. So, in the event of downtime, your servers will have access to their secrets while we work to get SecretHub back up again. Of course, you cannot update your secrets during downtime.

What if SecretHub is hacked?

We do our utmost to prevent such an event, but if it were to happen hackers can only steal encrypted blobs and have to hack each individual SecretHub user to gain access to the stolen encrypted secrets. Because secret names are encrypted as well, decryption attacks targeted at a single secret are infeasible.

What if an intelligence agency requests information?

SecretHub is incorporated in the Netherlands with a completely Dutch management. We follow the very privacy respecting Dutch law. We can only be forced to cooperate with a legitimate investigation by a Dutch court order. And even then, we cannot disclose any secrets as we cannot even read them ourselves.

Do I need some Public Key Infrastructure (PKI) for this?

In our experience, implementing and maintaining a PKI can be a daunting task for many teams. That's why we use a simple public key system based on ssh keys your team likely already has in place.

Do I need to host a server myself?

No you don't. SecretHub delivers secret management as a service and takes care of all the hassle of hosting a secret service. You only need to install the client on the right systems.

Do you do on-premise deployments?

Lets find out together what suits your needs best. Everything is possible, so give us a call and we can discuss the options.