Hacker News new | ask | show | jobs
by danesparza 3802 days ago
This is not a trivial thing. Why should I trust you with my company's secrets?

How do you manage key storage securely? Can people at your company see my secrets? If somebody comes with a court order will you give them my secrets and not tell me? What encryption algorithms do you use? What experience do you have in reducing attack surfaces from internal and external threats? Is any of your software open source? Has your software been audited? Is it PCI (or any other standard) compliant?
1 comments
kt9 3801 days ago
All good questions. We do not store your secrets. You do not give us your secrets. Your secrets do not live on our servers. No one at our company can see your secrets or access them.

We provide you with an agent that you install on your own servers and that agent is marked as a key management server. That agent is contacted to do asymmetric key encryption.

Here is a more detailed blog post about this: https://www.distelli.com/blog/keeping-your-application-secre...

Also we use standard encryption algorithms and have not written our own crypto (and never will).

link