Store secrets encrypted at rest, share them with teammates by role, rotate them on a schedule, audit every access. Your 1Password Teams for infrastructure secrets.
Teams outgrow spreadsheet-based secrets tracking around the same time they realize SaaS alternatives want $15 to $50 per seat per month. Strongbox is a single binary that handles the same job without the recurring bill or the vendor dependency.
A solo developer built a weekend project that needed secrets tracking. Instead of spinning up Postgres and writing an admin panel, they added Strongbox as a sidecar process. The REST API covered every operation the project needed. Development time saved: roughly a full day.
Deploy Strongbox as a systemd service, a Docker container, or a bare process behind tmux. It reads two environment variables: PORT and DATA_DIR. Everything else is self-contained. The /api/health endpoint returns the service status and secrets count, which you can wire into your existing monitoring stack.
GET /api/secrets — List all secrets. Supports ?q=keyword for search and ?status=value for filteringPOST /api/secrets — Create a new secret. Send JSON with at least nameGET /api/secrets/{id} — Fetch one secret by IDPUT /api/secrets/{id} — Update fields on an existing secretDELETE /api/secrets/{id} — Remove a secretGET /api/stats — Returns total count and breakdown by statusGET /api/health — Returns {"status":"ok"} for uptime monitoringSelf-hosted secret manager. Self-hosted on your infrastructure. Your data never leaves your server.
curl -fsSL https://stockyard.dev/install.sh | sh -s -- --tool strongbox
PORT=8610 ./strongbox
http://localhost:8610
Single binary. Embedded SQLite. No Docker. No database. No dependencies.
Your license key arrives by email within 5 minutes of checkout. Set it as an environment variable and restart the binary.
export STRONGBOX_LICENSE_KEY=stockyard_xxxxxxxxxxxxxxxxxxxx ./strongbox
No cloud connectivity required. The binary validates the key offline with Ed25519 signatures.