-
Notifications
You must be signed in to change notification settings - Fork 1
Competitor: Strongauth KeyAppliance (or any local HSM)
Kyle Kamperschroer edited this page Jan 26, 2016
·
1 revision
An encryption/decryption piece of hardware that lives locally in your datacenters. Encryption and decryption keys backed by hardware, and physically cannot leave.
- Safer than storing secrets in source and safer than GitCrypt
- Not as worrying if encrypted secrets leak
- Encryption keys never leave the HSM
- Not multi-tenant, so really safe
- Probably simple to add auditing
- Super pricey (in the $10,000+ range for each piece of hardware)
- You still have to manage the encrypted secrets and get them to the right places
- Unencrypted secrets can still end up at rest with a crappy implementation