Can’t find your answer? Please feel free to reach out.
Can you really not read my team's secrets?
Yes, we cannot. The server never sees any plaintext secret content or key material used for encryption. Only you have the keys to unlock your secrets. Read more in the Security Design Document
Can I see a demo?
Absolutely! Contact us and we'll be more than happy to show you how it works.
What if SecretHub goes down?
We make it our business to deliver uptime and host our service across multiple datacenters. However, in the case of downtime or network unavailability in all locations, your infrastructure is not immediately affected. Your servers only need a connection to SecretHub when booting up. Once your servers have the secrets loaded in memory, they do not strictly need a connection to stay operational. So, in the event of downtime, your servers will have access to their secrets while we work to get SecretHub back up again. Of course, you cannot update your secrets during downtime.
What if SecretHub is hacked?
We do our utmost to prevent such an event, but if it were to happen hackers can only steal encrypted blobs and have to hack each individual SecretHub user to gain access to the stolen encrypted secrets. Because secret names are encrypted as well, decryption attacks targeted at a single secret are infeasible.
What if an intelligence agency requests information?
SecretHub is incorporated in the Netherlands with a completely Dutch management. We follow the very privacy respecting Dutch law. We can only be forced to cooperate with a legitimate investigation by a Dutch court order. And even then, we cannot disclose any secrets as we cannot even read them ourselves.
Do I need some Public Key Infrastructure (PKI) for this?
In our experience, implementing and maintaining a PKI can be a daunting task for many teams. That's why we use a simple public key system based on ssh keys your team likely already has in place.
Do I need to host a server myself?
No you don't. SecretHub delivers secret management as a service and takes care of all the hassle of hosting a secret service. You only need to install the client on the right systems.
Do you do on-premise deployments?
Lets find out together what suits your needs best. Everything is possible, so give us a call and we can discuss the options.