Skip to content

Competitor: Strongauth KeyAppliance (or any local HSM)

Kyle Kamperschroer edited this page Jan 26, 2016 · 1 revision

What are they?

An encryption/decryption piece of hardware that lives locally in your datacenters. Encryption and decryption keys backed by hardware, and physically cannot leave.

Where does their secrets solution excel?

  • Safer than storing secrets in source and safer than GitCrypt
  • Not as worrying if encrypted secrets leak
  • Encryption keys never leave the HSM
  • Not multi-tenant, so really safe
  • Probably simple to add auditing

Where does their secrets solution fall short?

  • Super pricey (in the $10,000+ range for each piece of hardware)
  • You still have to manage the encrypted secrets and get them to the right places
  • Unencrypted secrets can still end up at rest with a crappy implementation

Clone this wiki locally