Security Goals

Our Goals

  • To provide our users end-to-end encrypted configuration and secrets management system that is secure, cryptographically sound, reliable, easy to use, and easy to integrate.

  • Users should not have to know anything about the underlying cryptography implementation to use it securely and gain its benefits.

  • No host server or third party should be trusted by any EnvKey client. Even if an EnvKey host server is compromised, it shouldn't be possible for the attacker to read or modify an organization's secrets (except for deleting them).

  • Public keys should be out-of-band verified by a distributed web of trust before using them in crypto operations.

  • Even if an attacker compromises the email or SSO account a user uses to authenticate with EnvKey, it shouldn't be possible for the attacker to read or modify an organization's secrets.

  • Implement reliable, standards-based cryptography with proven libraries.

  • Protect against real world threats and avoid known theoretical vulnerabilities. Beyond that, don't increase key sizes, add optimizations, or complicate user experience beyond what's needed to achieve this goal.

Not In Scope

User devices and connected servers are assumed to be trusted. EnvKey does not attempt to protect against endpoint compromise, either through physical access, or through viruses, keyloggers, Operating System exploits, privilege escalation, or other attacks.

EnvKey does make it easy to cut off access as soon as possible, to track which secrets may have been exposed, and to contain the fallout by rotating them quickly.

EnvKey also integrates with the OS keyring on Mac and Windows, only stores encrypted data on disk, and evicts secrets from RAM if they haven't been accessed recently, all of which could help to mitigate the fallout of an endpoint attack.