What is SecretHub?

SecretHub stores encrypted secrets and helps you inject them securely into applications at runtime.

Create free account
STEP 1

Encrypt and store

You download and run a program on your machine that encrypts secrets for you. It connects to the SecretHub cloud service that stores secrets in a highly available repository. Everything is versioned automatically and fully encrypted client-side.

$ secrethub write path/to/secret

$ secrethub read path/to/secret:latest

STEP 2

Grant access

You use access rules to define who has read, write or admin access on a secret. Under the hood, access rules are cryptographically enforced with client-side encryption.

$ secrethub acl set path/to/dir john read

STEP 3

Inject at runtime

You use SecretHub templates or any of the native integrations to inject secrets into the systems that need them.

STEP 4

Monitor and revoke

You use detailed audit logs to monitor how secrets are used and can revoke access with one keystroke when people leave or an incident happens.

$ secrethub audit path/to/secret

$ secrethub repo revoke path/to/dir john

STEP 5

Update without downtime

Recover quickly by immediately updating secrets when access is revoked. Automatic versioning ensures existing applications keep working during the update process.

$ secrethub write path/to/secret

$ secrethub rm path/to/secret:1

Secrets are versioned

Each time you write a secret, a new version is created so you never accidentally overwrite a version.

Reusable templates

Template syntax allows you to remove secrets from configuration files and reuse them between environments.

High availability as a service

You don't have to host, maintain and monitor a highly available secret server. We take care of all that.

No crypto knowledge required

All you need is basic terminal skills to encrypt and share secrets instantly.