Replaces HashiCorp Vault for distributing TLS certificates and API keys to distributed services. Uses a central server to manage access control lists and distribute secrets over mutual TLS to authenticated clients.
Tech Stack
JavaSecurity & Passwords
Why keywhiz?
• Strong identity-based access control
• Designed for high-availability environments
• Battle-tested at Square
Limitations
• Complex initial setup
• Java runtime overhead
• Smaller ecosystem than Vault
3/3/2026
Last Update
213
Forks
46
Issues
Apache-2.0
License
Financial Leak Detected
Stop the "SaaS Tax"
Your team could be burning cash. Switching to keywhiz instantly boosts your runway.
