SikkerKey Blog
Security writeups, engineering deep-dives, and practical guides from the team building SikkerKey.
RSS feed
Traditional vs Modern Secrets Management In 2026
Traditional secrets managers use your strong login only to mint a weaker bearer token, then bolt crutches like short expiry and rotation around it. A modern secrets manager proves a machine's identity on every request instead, so there is nothing reusable to steal.
Stop Using .env Files for Secrets in 2026: dotenv Alternatives for Every Language
Node, Python, Go, .NET, Kotlin, and PHP each have a dotenv, and they all load the same plaintext .env file on disk. The 2026 fix is the same in every language: inject secrets at runtime with SikkerKey's CLI or one of its six SDKs, so no .env file holds them.
Best EU Secrets Managers in 2026
A practical 2026 comparison of EU secrets managers: SikkerKey, STACKIT Secrets Manager, Scaleway Secret Manager, and OVHcloud Secret Manager, by jurisdiction, machine authentication, cloud independence, and the teams each one fits.
EU Secrets Management: Why We Built SikkerKey in Europe
SikkerKey is a European secrets manager: that keeps your secrets, audit logs, and machine identities on EU infrastructure, with signed machine authentication and per-secret access. Built in the EU for GDPR, NIS2, and DORA.
How to Give AI Agents Secure Access to Secrets Without API Keys
AI coding assistants and autonomous agents have become a credential-theft target. Here is why API keys in environment variables are the weak point, and how scoped, read-blind identities stop a compromised agent from leaking your secrets.
How to Create and Read Your First Secret in SikkerKey
Create a project, store your first secret, enroll the machine that needs it, and read the value back from the CLI and your code. A full walkthrough of SikkerKey's create-and-read flow, with no API key or bearer token to copy around.
Which Secrets Manager Is Best for Cloud? Pick the One That Works on All of Them
The instinct is to reach for your cloud's built-in secrets manager. But the best secrets manager for cloud is the one that does not depend on which cloud you are on, so it still works when you add a second, go hybrid, or migrate.
Your Secrets Manager Causes Secret Sprawl, and Sells It as a Feature
Turning on a secrets manager integration means writing a copy of your secret into that platform's storage. Enable five and your one secret is now stored across five more companies' systems. That is secret sprawl.
CI/CD Secrets Management: How to Secure Secrets in Build Pipelines
A practical guide to CI/CD secrets management: why provider-level secrets are not enough, how ephemeral runners change the threat model, and how SikkerKey uses short-lived machine identity, per-secret grants, signed requests, and audit logs to secure build pipelines.
How SikkerKey secures Agentic AI access to your credentials
AI coding agents now want production access. The default pattern is to share your credentials. SikkerKey's pattern is to give the AI agent its own first-class identity, structurally locked out of plaintext, audited by name, and revocable in one click.
What Is a Secrets Manager?
A secrets manager stores credentials like API keys and database passwords in one encrypted, access-controlled place and serves them to machines at runtime. How they work, why secrets sprawl makes them essential, and why complexity stops teams from adopting one.
The Best Secrets Management Tools in 2026
A practical 2026 comparison of the top secrets management tools, from HashiCorp Vault and the cloud-native managers to Doppler, Infisical, Akeyless, and SikkerKey, covering how each authenticates machines, rotates secrets, deploys, and which teams it fits.