Skip to main content

Secret Sharing by Authority Delegation With Zero-Trust Workflows

· 2 min read
Roger Qiu

The complexity of modern technology-driven organisations involve hybrid-cloud microservices, continuous integration & deployment, and a development environment that involves a globally connected remote workforce. Numerous security incidents have occurred that indicate that our existing tools for secrets management have not scaled in this new modern environment.

image

Polykey is a decentralised open-source secrets management system. It facilitates zero-trust workflows that require the sharing of secrets between individuals, teams and machines in order to coordinate the secure utilisation of digital and physical assets. It manages passwords, public & private keys, API keys, structured & smart tokens, certificates and any kind of confidential information.

Existing password management systems which focus on storing and retrieving passwords treat secret sharing as merely identity credential sharing. Secret sharing is actually about the delegation of authority, and when possible, the subdivision of authority for fine-grained least-privilege delegation. A secret tokenises the capability to manipulate a specific resource. Polykey provides interfaces and automation for structured secrets management designed for developer, security and operations (DevSecOps) oriented workflows.

Polykey is decentralised. This means Polykey nodes are deployed ubiquitously across platforms and devices (on and off-premise), eliminating third-party storage, providing end-to-end zero-trust delivery, and last-mile ingress and egress integration.

Polykey ensures that your secrets stay secret. To learn more about Polykey: