Skip to content

Competitor: AWS KMS

Kyle Kamperschroer edited this page Jan 26, 2016 · 1 revision

What are they?

An encryption/decryption tool backed by some multi-tenant HSMs. Encrypted secrets then can be safely checked into source and decrypted when needed.

Where does their secrets solution excel?

  • Safer than storing secrets in source and safer than GitCrypt
  • Not as worrying if encrypted secrets leak
  • Encryption keys never leave the HSM

Where does their secrets solution fall short?

  • No auditing
  • Bad code allowing remote code execution exposes the secrets
  • Rolling secrets requires full deployment

Clone this wiki locally