Shush
Logical (in-house)
A secrets manager that thinks like a developer.
Visit live site- Year
- 2025
- Industry
- Developer tools
- What we did
- Product strategy · Design & UX · Engineering
Encrypted, auditable secrets with first-class environments, version history, and a runtime API — so teams stop grepping Slack for .env files.
The challenge
Every team starts with secrets in plaintext .env files, pasted into chats and CI by hand. It works until it doesn't: a leaked key, an audit, a new hire who can't find anything. The fix has to be safer and easier than the bad habit — or nobody adopts it.
The approach
We built it backend-first on Bun + Hono + Drizzle, with AES-256-GCM envelope encryption — a master key wraps a per-organisation key, values are encrypted with that. TOTP two-factor is mandatory on every account. Environments (dev, staging, prod) inherit and override with visual diffs; every read, write and rotation is logged in human-readable audit trails. A CLI and runtime SDK inject secrets into a process without ever writing them to disk.
The outcome
Secrets live in one encrypted place with full history and one-click rollback, and reach apps at runtime instead of sitting in plaintext on disk.
The outcome
No more plaintext .env on disk
Want results like these?
Tell us what you're building. We'll tell you, honestly, whether we're the right team for it.
Start a project