kms.hanzo.ai

Hanzo KMS

Secrets management

End-to-end encrypted secret storage with environment sync, automatic rotation, audit trails, and native K8s integration. Never hardcode a secret again.

E2EE

Encrypted

K8s

Native sync

Audit

Full trail

OSS

Self-hosted

Open KMS Documentation

Secrets Done Right

Centralize, encrypt, rotate, and audit every secret in your stack.

End-to-End Encryption

Secrets encrypted client-side before transmission. Server never sees plaintext. AES-256-GCM.

Environment Sync

Sync secrets to .env files, K8s secrets, Docker, Vercel, GitHub Actions, and more.

Auto Rotation

Schedule automatic secret rotation. Rotate database passwords, API keys, and certificates.

Audit Trail

Complete history of who accessed, changed, or rotated every secret. Compliance-ready logs.

CLI & SDK

Inject secrets at runtime. CLI for local dev. SDKs for Node.js, Python, Go, and Rust.

RBAC & SSO

Role-based access per project and environment. SSO via Hanzo IAM. Machine identities.

Inject Secrets Anywhere

terminal

# Login to KMS
hanzo kms login

# Pull secrets to .env
hanzo kms pull --env production --out .env

# Run with injected secrets
hanzo kms run --env production -- npm start

# Sync to Kubernetes
hanzo kms sync --env production --target k8s \
  --namespace hanzo --secret my-app-secrets

# Rotate a secret
hanzo kms rotate DATABASE_PASSWORD --env production

Open Source Revenue Sharing

25% of compute goes back to open source

Every deployment is SBOM-verified. Contributors to Infisical earn a share of compute revenue — transparent, on-chain, and customizable by the community.

Connect & Earn Learn More

Stop Leaking Secrets

Free for teams up to 5. Unlimited secrets and environments.

Open KMS View on GitHub

Open source

License: Apache-2.0hanzoai/kms

Get KMS

Secrets + key management

Deploy to Cloud Self-host