All work

Shush

Logical (in-house)

A secrets manager that thinks like a developer.

Visit live site
Year
2025
Industry
Developer tools
What we did
Product strategy · Design & UX · Engineering

Encrypted, auditable secrets with first-class environments, version history, and a runtime API — so teams stop grepping Slack for .env files.

The challenge

Every team starts with secrets in plaintext .env files, pasted into chats and CI by hand. It works until it doesn't: a leaked key, an audit, a new hire who can't find anything. The fix has to be safer and easier than the bad habit — or nobody adopts it.

The approach

We built it backend-first on Bun + Hono + Drizzle, with AES-256-GCM envelope encryption — a master key wraps a per-organisation key, values are encrypted with that. TOTP two-factor is mandatory on every account. Environments (dev, staging, prod) inherit and override with visual diffs; every read, write and rotation is logged in human-readable audit trails. A CLI and runtime SDK inject secrets into a process without ever writing them to disk.

The outcome

Secrets live in one encrypted place with full history and one-click rollback, and reach apps at runtime instead of sitting in plaintext on disk.

The outcome

No more plaintext .env on disk

Want results like these?

Tell us what you're building. We'll tell you, honestly, whether we're the right team for it.

Start a project