Secretless FAQs

Secrets are still being managed - but not by your applications. Which is huge! Before the Secretless Broker, the state of the art for secrets management was to store your secrets in a vault and update your applications to retrieve them from the vault. You could do this by updating your source code to interact directly with the vault API, or you could use a tool like Summon to abstract away the API interaction and inject the secret values into your application's environment at runtime.

But even if you are following best practices and storing your secrets in a vault, regardless of how you set up your apps to retrieve the secrets you still have to:

• Securely handle retrieved secrets within app
• Resiliently handle secret rotations

Using the Secretless Broker allows you to remove consideration of secrets from your applications. Once you use the Secretless Broker, your apps only have to worry about connecting to target services via a local socket or TCP connection without providing credentials, greatly simplifying the path to writing secure applications.

For info on currently supported vaults, please see our Secret Providers reference page.

If the vault you would like to use is not currently supported, please check our GitHub issues to see if we already have plans to support it. If not, please open a new issue with your request. The Secretless Broker is also open to contributions from the community, and we plan to standardize the Provider API to make it easy to contribute a Credential Provider.

For info on currently supported services, please see our reference.

If the service you would like to use is not currently supported, please check our GitHub issues to see if we already have plans to support it. If not, please open a new issue with your request. The Secretless Broker is also open to contributions from the community; please see our plugin reference for guidance on implementing new Service Connectors (to enable the Secretless Broker to proxy connections to a new service).