What is new in SikkerKey
Product updates, security improvements, and platform changes. Subscribe to the feed to stay current.
RSS feed
Group a service's projects with Applications
Group the projects for one service, its Prod, Staging, and Dev, under one named application created in a single step. They appear grouped in the dashboard sidebar and the CLI, and the CLI can scope listing, export, and run to one application.
Read full update →
Stronger isolation for the key that protects your secrets, plus reliability fixes
The root key that unlocks your secrets now runs on separate, isolated infrastructure, so a copy of the database alone can't be decrypted. Plus: removing a machine from a project is fixed, and our status page now reports webhook delivery.
Read →
See the audit trail for any machine, AI agent, or member
View a dedicated audit trail for any single machine, AI agent, or organization member, filtered by action, severity, and time. The Machines page also gains a Default view and clearer status labels, and large vaults stay fast across the dashboard.
Read →
Secret retrieval that scales under load, plus reliability and security hardening
Your applications can now pull secrets in far greater volume at once without slowing each other down, and a slow database no longer ripples into unrelated requests. Plus tighter brute-force lockout counting under simultaneous attempts and steadier long-run stability.
Read →
Alerts for blocked access attempts, plus security and reliability hardening
Connections from an IP outside your allowlist now show in your audit log and alerts. Plus single-use two-factor codes, stricter webhook delivery, canary tripwires and read limits that now cover bulk export, and more resilient managed-secret rotation.
Read →
More reliable secret access, plus security improvements
Secret retrieval for your applications now runs on its own dedicated infrastructure, so it stays fast and available on its own. We also fixed a problem that could lock machines out by mistake, and strengthened protection for machine connections and automated secret rotation.
Read →
Full data erasure on vault deletion, plus security hardening
Delete a vault and your secrets, audit logs, and machine identities are now erased from production and backups within 30 days. Plus tighter browser security across the apps, abuse protection on single sign-on, and auto-clearing clipboard copies in SikkerLink.
Read →
SikkerLink, free one-time secret links
SikkerLink is a free tool for sending a secret over a link that opens once, then deletes itself. No account needed. Everything is encrypted in your browser, so only the recipient can read it, and the link self-destructs after the first view or when it expires.
Read →
Single sign-on (SAML 2.0) for your organization
SikkerKey organizations can now sign members in with SAML 2.0 single sign-on (SSO). Connect your identity provider, verify your domains, and new members provision on first sign-in. Offer it next to existing sign-in, or enforce it.
Read →
Multi-user secrets management with Organizations
Convert a personal vault to an organization, invite people by email, and assign each one a capability template that bundles permissions and project scope. The machine plane is untouched.
Read →
Temporary machines for scoped, time-bounded access
Provision a single machine with a fixed lifetime from one hour to twelve months, with optional per-machine guardrails covering IP, country, and time-of-day. Manual approval, single-step revert on extensions, and a clear audit signal on every guardrail block.
Read →
AI agents for Claude Code, Codex, and Cursor
Manage your vault from any MCP-compatible AI client. Ed25519-bound, scope-restricted, fully audited, and structurally unable to read the plaintext content of any stored secret.
Read →