Of course you don’t feel like sharing your infrastructure secrets with us. Luckily you don’t have to. Every secret is encrypted before a single byte ever leaves your device. Only you control the encryption keys and only the people you choose can decrypt your secrets.
State of the Art Cryptography
Your secrets are encrypted with the most widely accepted and battle-tested algorithms: AES-256 and RSA-4096. Under the hood, the code only uses modern, open source libraries that are trusted by the industry. Some would call it military grade, but we just call it secure.
How strong is 256-bit security?
The AES keys used to encrypt your secrets are 256 bits long. But how strong is that really?
- Imagine we have 1 billion Galaxies
- Every galaxy has 100 billion planets (as big as our Milky Way)
- On every planet, there are 8 billion people
- And every person has 1 million super-computers
…so we have 800,000,000,000,000,000,000,000,000,000,000,000 (35 zeroes) super-computers
- Let’s assume those super-computers can all try 100 quadrillion keys per second (which is optimistic, to say the least)
- And we let all those super-computers run for 14 billion years (the age of the universe)
If even we had all that, we’d still have less than one in a million chance of finding the key to decrypt your secrets.
Open Security Design
We believe in transparency. So much so that we’ve documented our entire encryption design and published it for security researchers to review. The following design decisions (and more) are covered in-depth:
- Encryption at rest and in transit
- Secure secret sharing with your team
- Account revocation and key rotation process
- Motivation behind chosen encryption algorithms
Available from 6 data-centers on 2 continents
From the law of truly big numbers follows that if you host software long enough, failure is inevitable. We have servers in 6 data centers on 2 continents, so when one fails, SecretHub can automatically fail-over to another region. Even if a server or even a whole data-center fails, we can still serve your secrets from one of our other data-centers.
We care about bugs
If someone finds a bug in our software, we are ready for them. Our Responsible Disclosure Policy is there to help security researchers responsibly report any problems they find and to help us fix it accordingly.