Securely manage and inject application secrets at runtime
Hashyro is an open-source platform that centralizes sensitive configuration and injects it through a secure API and dedicated CLI. Secrets are injected as environment variables — no .env files committed, no leakage risk. Built for modern stacks, CI/CD pipelines, containers, and cloud-native applications.
Secure runtime injection
Deliver secrets at runtime via a hardened API — no secrets baked into images or stored in source repos.
Centralized config via API & CLI
Manage secrets in one place. Automate with a dedicated CLI and integrate with pipelines.
Env vars, not .env files
Inject secrets as environment variables with strict scoping — avoid committed .env files and leakage.
Modern stacks & pipelines
Designed for CI/CD, containers, serverless, and cloud-native deployments.
Enterprise Edition (EE)
Planned EE adds advanced security, RBAC, audit trails, SSO, policy-based access, and team features.
Open-source core
Transparent, extensible, and community-driven. Self-hostable with clean interfaces.
# Inject secrets at runtime into your process $ hashyro inject --env production --service api --exec "node server.js" # Pull secrets via API with short-lived tokens $ hashyro secrets get DATABASE_URL --env production # Rotate secrets and propagate safely $ hashyro secrets rotate --service payments --key STRIPE_API_KEY
Built for real-world workflows
Integrate with CI/CD and container platforms. Hashyro keeps secrets out of images and repos while making them available exactly when needed.