🗂️ Navigation
📁 Cloud Security
📋 Dynamic Secrets
🔧 Keywhiz

Keywhiz

A system for distributing and managing secrets.

Visit Website →

Overview

Keywhiz is an open-source tool from Square designed to manage and distribute secrets within a service-oriented architecture. It provides mechanisms for clients to securely retrieve secrets, and for operators to manage them. It is particularly well-suited for environments with many ephemeral services, like containers.

✨ Key Features

  • Open source
  • Client certificate-based authentication
  • Granular access control for secrets
  • CLI for administration
  • Designed for service-oriented architectures

🎯 Key Differentiators

  • Focus on simplicity and security for service-oriented architectures
  • Strong authentication model based on client certificates
  • Battle-tested at scale by Square

Unique Value: Provides a secure, simple, and scalable open-source system for distributing secrets to services, with a strong emphasis on mutual TLS authentication.

🎯 Use Cases (3)

Distributing secrets to microservices Managing credentials for applications in a containerized environment Automating secret delivery to servers

✅ Best For

  • Mounting secrets as files for applications running in containers

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Teams looking for a managed SaaS solution or a rich web UI
  • Organizations not comfortable with managing a PKI for client certificates

🏆 Alternatives

HashiCorp Vault Confidant CyberArk Conjur

Simpler in scope and architecture than Vault, making it potentially easier to deploy and manage for its core use case. Relies on a different trust model (PKI) than tools like Confidant (IAM).

💻 Platforms

API CLI

🔌 Integrations

Docker Kubernetes (via sidecar or init container)

💰 Pricing

Contact for pricing
Free Tier Available

Free tier: Completely free and open source.

Visit Keywhiz Website →

🔄 Similar Tools in Dynamic Secrets

HashiCorp Vault

Secure, store, and tightly control access to tokens, passwords, certificates, and encryption keys....

Contact

AWS Secrets Manager

A secrets management service that helps you protect access to your applications, services, and IT re...

$0.40/mo

Azure Key Vault

A cloud service for securely storing and accessing secrets, keys, and certificates....

$0.03/mo

Google Cloud Secret Manager

A secure and convenient storage system for API keys, passwords, certificates, and other sensitive da...

$0.03/mo

Akeyless Vault Platform

A unified SaaS-based platform for managing secrets and securing access across hybrid and multi-cloud...

Contact

CyberArk Conjur

An open-source secrets management tool specifically designed for securing secrets in containerized a...

Contact