All capabilities
Secrets encrypted at rest
Your API keys never sit on disk in plaintext.
Every credential a workflow uses, API keys, OAuth tokens, passwords, is encrypted with AES-256-GCM and a versioned envelope on its way to the database. The plaintext lives only in memory while a step runs, then it's gone. No logs leak. No backups expose. Key rotation supported.
- AES-256-GCM authenticated encryption, fresh nonce per write
- Versioned envelope to support seamless key rotation
- Plaintext credentials never persisted, never logged, never displayed in UI
Sounds like a fit?