BridgekitBridgekit
All capabilities

Secrets encrypted at rest

Your API keys never sit on disk in plaintext.

Every credential a workflow uses, API keys, OAuth tokens, passwords, is encrypted with AES-256-GCM and a versioned envelope on its way to the database. The plaintext lives only in memory while a step runs, then it's gone. No logs leak. No backups expose. Key rotation supported.

  • AES-256-GCM authenticated encryption, fresh nonce per write
  • Versioned envelope to support seamless key rotation
  • Plaintext credentials never persisted, never logged, never displayed in UI

Sounds like a fit?