Delft, Netherlands
Apr 8, 2021   |  By Marc Mackenbach
Today, I am thrilled to announce that SecretHub has joined the team at 1Password. Together, we’ll be working to help every business manage both their human and machine credentials in one unified platform. We know that secrets aren’t just used in one part of your infrastructure; they’re everywhere from development, to testing, to production—and we need tools that are designed to work for all of those platforms and the people that use them.
Jan 18, 2021   |  By Eric Boersma
The vast majority of software has secrets. While this makes that software sound mysterious, like a femme fatale in a noir film, most software secrets are mundane. But that doesn’t mean those secrets aren’t important! Software secrets management can often be the difference between someone leaking confidential customer data or keeping that data secure. Understanding what secrets management is, and how you should approach it in your application, is a critical step in application maturity.
Dec 14, 2020   |  By Pudji Siregar
Hi developers, What a crazy year 2020 has been! The coronavirus pandemic has made 2020 a year like no other. It has been challenging for all of us, and hopefully, the pandemic will end soon. All we can do at SecretHub is not to give up and keep supporting you guys to manage your secrets securely.
Aug 19, 2020   |  By Pudji Siregar-Perk
We live in a world where many a company has seen the light and is combining software development and IT operations (DevOps), to increase productivity. Increased collaboration and communication between teams helps them to shorten development processes and allows companies to ship (new) features faster. With the focus on speed, security often comes as an afterthought, as its process is considered to slow down the delivery pipeline.
Aug 19, 2020   |  By Pudji Siregar-Perk
We all know that secrets management shouldn’t be overlooked as it’s a fundamental part of security and shouldn’t be treated as an afterthought. If you’re on a mission to find the best secrets management solution, great! You’re one step closer to improving your security maturity level. And if you’ve already implemented a secrets management solution in your infrastructure, you might still wonder how to manage the tool’s key securely.
Jun 23, 2020   |  By Simon Barendse
Last Tuesday, the Go team published an updated draft design for Generics in Golang, and they are providing an experimentation tool, which lets you play around with generics. This makes it easier to see what your code would look like when using generics. We’re super excited about this and can’t wait to try it out! We’ll be using our use case to show what impact generics could have on production code.
Apr 2, 2020   |  By Josephine Mackenbach
Welcome to the new age, where the majority of the working population doesn’t have their colleagues at arm’s length anymore. We’ve gone radically digital, but are your processes and infrastructure ready for this? Here are our tips to make sure you give your processes, infrastructure and security the attention they deserve. Both in day-to-day operations and in incident response.
Oct 30, 2019   |  By Floris van der Grinten
If you’ve tried to implement secret management into your infrastructure, then you’ve likely run into this problem: How can you build your app so it can independently load the passwords and API keys it needs, without placing some magic keyfile somewhere? We’ll show you how we eliminated this last secret on AWS and how you can do the same for your infrastructure.
Sep 25, 2019   |  By Floris van der Grinten
We’re thrilled to announce that you can now create shared workspaces for free! Previously, collaboration was a paid feature. If you wanted to create a shared workspace, you were prompted to start a 14-day trial. We went around the team and asked: “When was the last time you started a trial for a developer tool?” Turns out our own developers avoid them at all cost and really want to see the full tool in action without being constrained by time.
Jun 26, 2019   |  By Floris van der Grinten
The pipelines we set up to deliver the software we create — consisting of infrastructure as code, configuration management, CI services, orchestrators, and more — tend to share a fundamental flaw: They pass application secrets down the delivery pipeline, and along the way leave traces of your most critical infrastructure secrets. Secrets end up in all sorts of JSON files, container definitions, jobspecs, ConfigMaps, and much more.

SecretHub is an encrypted service to help teams manage and distribute the secrets, keys, and tokens they use to secure their infrastructure. No more secrets lingering on harddrives throughout your organization. No more emailing and slacking secrets around. SecretHub centralizes all secrets and makes them available to your team where they need it, when they need it.

Much like a traditional password manager does for humans who log into websites, SecretHub automatically injects passwords and keys whenever a machine needs to 'log into' another machine, allowing you to automate software delivery without leaking secrets throughout your pipeline.

SecretHub comes packed with useful features to make developers and operations engineers more productive:

  • Cross-Platform Portability: SecretHub works in the same standardized way across all platforms, which ensures consistency across multiple development & release cycles and means you don't have to reinvent the wheel for each tool in your stack.
  • End-to-End Encryption: Safely store secrets knowing that we can never read their contents. Every secret is encrypted before it ever leaves your device. Only you and your team own the encryption keys.
  • Team-Wide Consistency: SecretHub's standardized approach allows every team member to work in a production parity environment, with less time being spent setting up environments and debugging environment-specific issues.
  • Any Engineer Can Use It: Any engineer can use SecretHub with a 10-minute tutorial, which pays off in time spent incident-responding and time spent training people.
  • Open Source: All client code is fully open source so you can inspect the code and tweak it to your specific needs. Contributions are welcome!

Automate Software Delivery Without Exposing Secrets.