• Secrets—things that grant authentication or authorization
    • Usernames, passwords, TLC certs, API tokens etc.
  • Secret sprawl—secrets end up everywhere
    • Source code, config, VCS etc.


  • Solves secret sprawl—centralization of secrets
    • Encrypt at rest/transit
    • Fine-grained access control—ACLs
    • Audit trail
  • Dynamic secrets
    • Ephemeral
    • If leaked by app—only valid for a short period of time
    • Each credential unique to each client—can identify source of leaks, and reduce blast radius by revoking for a single client only
  • Encryption as a service
    • Solve issue with apps performing encryption incorrectly—vetted implementation
    • Named keys
    • Expose API to do cryptography
    • Full key lifecycle


Graph View