Self-hosted secret manager for API keys, credentials, and environment variables. Simple alternative to HashiCorp Vault.
Strongbox stores secrets encrypted at rest with a simple HTTP API. Team access, audit logs, and version history included. It runs as a single Go binary with embedded SQLite — no unsealing, no cluster setup.
curl -fsSL https://stockyard.dev/strongbox/install.sh | sh
API keys, database passwords, encryption keys, and service tokens are the most sensitive data in any infrastructure. HashiCorp Vault solves this problem comprehensively but requires a cluster, an unsealing process, and operational expertise that most teams do not have. Doppler and 1Password charge per user per month and store your secrets on their servers. Self-hosted secret management puts your credentials on your infrastructure in encrypted storage, accessible only to the processes that need them.
A self-hosted secret manager should encrypt values at rest — not just store them in plaintext in a database. It should support access controls so different services can read different secrets. It should provide a simple retrieval API that a shell script or application can call. And it should keep an audit log of every access so you can answer the question: who accessed which secret, and when.
Strongbox encrypts every secret value with AES-256-GCM before storing it in the embedded SQLite database. The listing endpoint shows secret names and metadata without exposing values. The resolve endpoint decrypts and returns a specific secret by name. The audit log records every access with timestamp and requesting IP. Categories and tags let you organize secrets by service, environment, or team.
HashiCorp Vault is powerful but operationally complex — unsealing, HA configuration, and a learning curve measured in weeks. Managed services like Doppler charge per seat. Self-hosted secret management can be simpler for teams that need basic secret storage without enterprise complexity.
Replaces: HashiCorp Vault, 1Password Teams ($19.95/mo), Doppler ($6/user/mo)
25 secrets, 1 vault
Unlimited usage, full features
Single binary. Free to start. $1.99/mo for Pro.