Last year, a well-known software company traced a major data breach back to a single API key sitting in a private GitHub repository. The repository had been accessed by a third-party contractor months earlier. Nobody noticed. By the time the key was rotated, customer data had already been copied. Stories like this one play out across the industry constantly, and yet most engineering teams are still running on the same credential model that made the breach possible in the first place. SikkerKey was built around a different premise entirely, and it is worth a close look for any team that manages infrastructure seriously.
The problem is not that developers are careless. Most teams have scanning tools, rotation policies, and access reviews. The problem is structural. Bearer tokens are designed to be copied, stored, and passed around. That is what makes them convenient. It is also what makes them dangerous. No amount of process discipline fully closes the gap when the credential itself is transferable by design.
Tokens Leak Because They Are Meant To Travel
Think about what happens when a new service needs access to a database. Someone creates a token, drops it into an environment variable, and commits a deployment config. A week later a junior developer copies the config to set up a staging environment. The token is now in two places. Then someone pastes it into a Slack message to help debug a connection issue. Now it is in three places, one of which is a chat platform with its own retention policies and access controls you do not manage.
However, rotation is the classic solution, but rotation has its drawbacks. Services have to be maintained, coordination needs to happen between all the parties involved, and there needs to be someone responsible for fixing all issues that might arise once the old token stops functioning. It often turns out that tokens that should only last 30 days run for six months due to coordination issues around the product launch. The security policy exists on paper. The credential does not match it.
Scope is the other issue. Whereas a token is used to gain access to a particular project, it is likely to give access to everything within the project. A system that relies on one password for database authentication will have a credential that would read Stripe credentials and any other credential stored with it. A compromised token is rarely a small problem.
What It Looks Like When the Machine Is the Credential
SikkerKey does not issue tokens to machines. In fact, each device creates its own Ed25519 key pair when registering with the platform. The private key remains at the device level. Each time the device wants to access a secret, it signs its request using the private key. The signature includes information about the method, path, body of the request, timestamp, and unique nonce value. After a single use, the signature becomes worthless; it cannot be reused or passed onto any other device.
This is the same trust model that SSH has used for decades. The credential is not a string that can be copied and pasted somewhere else. It is proof that a specific machine sent a specific request at a specific moment in time. If someone intercepts the request, they have a signature for a transaction that has already happened. There is nothing in that request they can use to make another one.
When the private key never leaves the machine, there is nothing for an attacker to find in a log file, a build artifact, or an environment variable. The leak surface is gone, not reduced.
For teams that have spent time trying to reduce token exposure through scanning and rotation, this is a meaningful shift. You are not building better fences around the same problem. You are working with a model where the most common attack paths simply have nothing to find.
Every machine gets only what it actually needs.
Authentication is one part of the picture. Access control is the other. SikkerKey ties each machine to specific secrets through explicit grants. There are no project-wide permissions, no inheritance, no wildcards. A CI runner that needs to read a deployment key gets access to that key and nothing else in the vault. If that runner is somehow compromised, the attacker has access to one secret on one project. The damage is bounded by design rather than by accident.
The canary feature takes this further. You can plant a decoy secret inside any project that looks identical to a real credential from the outside. The moment any machine reads it, the entire project locks down automatically in the same database transaction. There is no delay, no alert queue, no human in the loop. The first unauthorized read triggers an immediate response. For teams protecting high-value credentials, that kind of automatic containment is genuinely hard to build on your own.
On top of that, access policies let you add time-window restrictions, IP allowlists, per-day read caps, and co-sign requirements for sensitive credentials. These stack independently and can be attached to any secret without restructuring anything else in the project.
CI Runners, Short-Lived Pods, and AI Tooling
Ephemeral infrastructure is where token-based secrets management tends to fall apart fastest. CI runners spin up for a few minutes and disappear. Giving each one its own token is impractical, so teams usually hand out a shared service token that covers the whole pipeline. One compromised runner means a live credential that works for every other runner on the fleet, often for months.
SikkerKey handles this through enrollment tokens. You generate a bootstrap token from the dashboard, configure the grants and policies it should receive, and set a maximum lifetime. When a new runner starts, it calls the bootstrap endpoint, generates its own keypair, and registers automatically. The enrollment token expires after first use. Each runner has its own cryptographic identity from the first request it makes, and that identity expires when the runner does.
AI coding agents get their own identity class entirely. Claude Code, Codex, Cursor, and similar tools can be given scopes to manage vault operations, create machines, configure policies, and read audit logs. Reading the actual plaintext value of a stored secret is not on the list of available scopes. That capability does not exist for agents at the route and database layer, which means there is no permission setting or misconfiguration that could grant it. Engineering teams can give their AI tooling real operational access to infrastructure without opening up the secrets themselves.
Plans, Pricing, and Who Uses It
There is a permanent free tier that covers two machines, two projects, and twenty secrets, with seven days of audit log retention. It does not expire and does not require a credit card. The Pro plan runs 25 dollars a month for unlimited machines, projects, and secrets, with five team members and three months of audit history. Enterprise is 75 dollars a month, removing team size limits and extending audit retention further. The pricing is flat; there are no per-read charges, per-secret fees, or seat costs that show up at the end of the billing cycle.
This product is intended for DevOps professionals, developers, and system administrators who are handling credentials within actual infrastructure. The method of doing so is identical on AWS, GCP, bare metal, and even on a physical rack in your own data center since the authentication process relies on a key pair stored locally on your machine, as opposed to a cloud identity provider.
A Different Starting Point
Most of the tooling built around credential security in recent years has been reactive. Scanners look for tokens that have already leaked. Rotation systems clean up credentials that have already been sitting around too long. Monitoring catches suspicious usage after access has already happened. These tools are valuable, but they are all responding to the same underlying design decision: credentials that travel.
SikkerKey starts from the other end. Where the key resides exclusively on the machine that created it, the elements that contribute to the danger of token security are irrelevant. There is nothing to search for in a code repository, nothing to rotate at periodic intervals, and nothing to be harvested from the logs. The attack surface that the rest of the tooling is trying to manage gets removed from the architecture instead of patched around. For teams that have been through a credential incident or are trying to get ahead of one, that is a meaningfully different place to start. Full documentation and a free account are available at sikkerkey.com.