Keywhiz is a system for managing and distributing secrets. It can fit well with a service oriented architecture (SOA).

Every organization has services or systems that require secrets. Secrets like:

TLS certificates/keys GPG keys API tokens database credentials Common practices include putting secrets in config files next to code or copying files to servers out-of-band. The former is likely to be leaked and the latter difficult to track. Keywhiz makes managing secrets easier and more secure. Keywhiz servers in a cluster centrally store secrets encrypted in a database. Clients use mutually authenticated TLS (mTLS) to retrieve secrets they have access to. Authenticated users administer Keywhiz via CLI or web app UI. To enable workflows, Keywhiz has automation APIs over mTLS and support for simple secret generation plugins.