Keys that never touch disk.

Store API keys and secrets encrypted with AES, scoped to a user or a whole workspace, and hydrated only at runtime.

Encrypted

AES at rest, hydrated at runtime.

Secrets are encrypted with a master key that lives in your secrets manager (Infisical), not on disk. Futsu decrypts them in memory only when a run needs them.

AES-256 encryption at rest
Master key in Infisical — never a disk file
Hydrated in-memory per run

Secrets● AES-256 · master key in Infisical

ANTHROPIC_API_KEY••••••••••••••••

workspace

OPENAI_API_KEY••••••••••••••••

workspace

GITHUB_TOKEN••••••••••••••••

user

OBSIDIAN_VAULT_PATH••••••••••••••••

user

Scoped

User and workspace scopes.

Keep personal tokens to yourself and share provider keys across a workspace. Scan a repo for leaked secrets and import them straight into the vault.

Per-user and per-workspace secrets
Scan code for live secrets
Import-from-code in one click

app.futsu.dev/vault

Secrets, handled the boring-safe way.

Encrypted, scoped, and never on disk.

Start building free See pricing

Product

Keys that never touch disk.

AES at rest, hydrated at runtime.

User and workspace scopes.

Secrets, handled the boring-safe way.