Of course you don’t feel like sharing your infrastructure secrets with us. Luckily you don’t have to. Every secret is encrypted before a single byte ever leaves your device. Only you control the encryption keys and only the people you choose can decrypt your secrets.
State of the Art Cryptography
Your secrets are encrypted with the most widely accepted and battle-tested algorithms: AES-256 and RSA-4096. Under the hood, the code only uses modern, open source libraries that are trusted by the industry. Some would call it military grade, but we just call it secure.
Open Security Design
We believe in transparency. So much so that we’ve documented our entire encryption design and published it for security researchers to review. The following design decisions (and more) are covered in-depth:
- Encryption at rest and in transit
- Secure secret sharing with your team
- Account revocation and key rotation process
- Motivation behind chosen encryption algorithms
Available from 6 data-centers on 2 continents
From the law of truly big numbers follows that if you host software long enough, failure is inevitable. We have servers in 6 data centers on 2 continents, so when one fails, SecretHub can automatically fail-over to another region. Even if a server or even a whole data-center fails, we can still serve your secrets from one of our other data-centers.
We care about bugs
If someone finds a bug in our software, we are ready for them. Our Responsible Disclosure Policy is there to help security researchers responsibly report any problems they find and to help us fix it accordingly.