Secrets & Key Management across clouds
Secret stores and KMS (Key Vault, Secrets Manager, KMS, Vault) with verified, least-privilege modules.
7 verified modules, 2 of them live-tested apply→verify→destroy; the rest are static-validated, live-test pending.
Compare by provider
| Provider | Module | Verification | Price |
|---|---|---|---|
| AWS | KMS Key with Policy Patterns | ✓ live-tested | $49.00 |
| AWS | Secrets Manager Secret | ✓ live-tested | $49.00 |
| Azure | Azure Key Vault | static-validated | $49.00 |
| Google Cloud | Cloud KMS Keyring & Keys | static-validated | $49.00 |
| Google Cloud | Secret Manager Secrets | static-validated | $49.00 |
| Multi-cloud & platform-agnostic | Vault Policies & Auth | static-validated | $129.00 |
| Oracle Cloud | Vault, Keys & Secrets | static-validated | $129.00 |
How to choose
Use a KMS for encryption keys and envelope encryption; use a secrets manager for credentials with rotation. Vault fits multi-cloud or dynamic-secret needs.
When not to use
Never substitute environment variables or config files for these — but also do not store large blobs in a secrets store; it is not object storage.