Managing application secrets can be a risky, stressful process.

It doesn't have to be.

Learn More about AuthJanitor

Enhance the security of your system with regular key and secret rotations.

Juggling application secrets and encryption key versions is a hassle. That means good practices fall by the wayside and become manual operations. By the time you're ready to go with your application, you may not even be thinking about regular key or secret rotations!

Adding AuthJanitor to your operations workflow enables automatic rekeying of all of your services, as well as manages those credentials among your deployed applications.

Simplify your application security nightmare.

AuthJanitor is designed to work with your resources, on your schedule and on your terms. You can provide as much or as little access as you need to either your administrator users or to the AuthJanitor Agent, a fully-isolated service apart from the Administrator Tool.

Take the power out of the hands of the robots.

Many automation strategies for key and secret rotation are dependent on a single non-user identity which has broad read/write access to your services and/or cloud provider. This leaves a window wide open for an attacker to compromise many services via that single account.

AuthJanitor's workflow supports an administrator user "signing off" on potentially complex automated secret rotations with a single click, providing a human point of contact for security event logs.

By Security Engineers, For Anyone

Built upon decades of experience building and securing software and identities across multiple industries, AuthJanitor handles the technical security hurdles of managing application secrets, so you can get back to developing or operating your application.

Security-First

AuthJanitor is split into multiple components with different levels of access, to help safeguard your system from lateral movement by an attacker.

Easy to Extend

Using a service that's not supported yet? No problem! Adding new Providers to AuthJanitor can be done in as little as 50 lines of code.

Open-Source License

AuthJanitor is an MIT-licensed open-source project, so anyone can audit its components at any time, and it is free to use for your next application!

Flexible Approach

AuthJanitor implements mechanisms for administrative signoff as well as service principal/managed identity for authenticating key rotation, so your organization's auditing requirements are met!

Give yourself peace of mind.

Implement a flexible secret rotation strategy for your application without the hassle.

Let authJanitor Help

We  our users and contributors!