Should I Build It Should I Build It
03 Jun 2025
Open Source Security

An encrypted secrets manager for small project teams building ...

...software

Confidence
Engagement
Net use signal
Net buy signal

Idea type: Freemium

People love using similar products but resist paying. You’ll need to either find who will pay or create additional value that’s worth paying for.

Should You Build It?

Build but think about differentiation and monetization.

Your are here

You're entering a competitive space with your encrypted secrets manager for small project teams, as evidenced by the 26 similar products we found. This indicates a recognized need, which is good, but also means you'll need to differentiate to stand out. Many similar products follow a freemium model, where users enjoy the basic functionality for free but need to pay for advanced features. Engagement around these products is moderate. Given the prevalence of the freemium model, the key will be identifying specific user needs and developing a compelling monetization strategy. Keep in mind that the discussion and criticism summaries from the similar product launches highlighted security concerns, comparisons to established tools and differentiation, and the need for robust encryption.

Recommendations

  1. Given that you're targeting small project teams, focus your marketing on the specific pain points they face when managing secrets. Highlight the ease of use and security of your encrypted secrets manager. Tailor your messaging to resonate with the collaborative nature of these teams, showcasing features that streamline secret sharing and access control.
  2. Since many similar products are open-source, you could consider offering a self-hosted option to address security concerns. Clearly communicate your encryption methods and security protocols to build trust. Based on feedback from similar products, prioritize robust encryption, regular security audits, and transparent handling of vulnerabilities.
  3. Explore premium features that cater to the specific needs of larger teams or organizations. This could include advanced access controls, audit logs, or integrations with other development tools. Consider offering a paid tier with priority support and dedicated account management to incentivize upgrades.
  4. Consider charging teams rather than individuals. Many users like using similar products, but may resist paying. By focusing on team collaboration and productivity, you can justify a higher price point. Also, think about implementing features for SSH key management, since this was a common request from similar products.
  5. Address the recurring concern about differentiation from existing tools like Infisical and Doppler. Clearly articulate your unique value proposition and how you solve specific problems better than the competition. Consider creating comparison charts or blog posts that highlight your strengths and advantages.
  6. Develop comprehensive documentation and tutorials to help users get started quickly. Make it easy for them to understand your product's features and benefits. Provide ample examples and code snippets to demonstrate how to integrate your secrets manager into their workflows.
  7. Actively solicit feedback from your users and iterate on your product based on their suggestions. Pay close attention to bug reports and feature requests. By continuously improving your product, you can ensure that it meets the evolving needs of your target audience.
  8. To tackle the issue of false positives reported by similar products, implement advanced algorithms for filtering and prioritizing alerts. Provide users with customizable rules and thresholds to fine-tune the detection process. Offer options for whitelisting specific secrets or patterns to reduce noise and improve accuracy.

Questions

  1. Given that the market has several established players, what specific security features will your encrypted secrets manager offer to truly differentiate it from competitors and alleviate user concerns about open-source security risks?
  2. Considering the negative feedback surrounding complex setups and maintenance with existing solutions, how will you ensure that your secrets manager offers a streamlined and user-friendly experience, particularly for smaller project teams with limited resources?
  3. Many users expressed concern about the lack of testing and code quality in similar open-source projects. What steps will you take to ensure the reliability and security of your secrets manager, and how will you communicate these measures to build trust with potential users?

Your are here

You're entering a competitive space with your encrypted secrets manager for small project teams, as evidenced by the 26 similar products we found. This indicates a recognized need, which is good, but also means you'll need to differentiate to stand out. Many similar products follow a freemium model, where users enjoy the basic functionality for free but need to pay for advanced features. Engagement around these products is moderate. Given the prevalence of the freemium model, the key will be identifying specific user needs and developing a compelling monetization strategy. Keep in mind that the discussion and criticism summaries from the similar product launches highlighted security concerns, comparisons to established tools and differentiation, and the need for robust encryption.

Recommendations

  1. Given that you're targeting small project teams, focus your marketing on the specific pain points they face when managing secrets. Highlight the ease of use and security of your encrypted secrets manager. Tailor your messaging to resonate with the collaborative nature of these teams, showcasing features that streamline secret sharing and access control.
  2. Since many similar products are open-source, you could consider offering a self-hosted option to address security concerns. Clearly communicate your encryption methods and security protocols to build trust. Based on feedback from similar products, prioritize robust encryption, regular security audits, and transparent handling of vulnerabilities.
  3. Explore premium features that cater to the specific needs of larger teams or organizations. This could include advanced access controls, audit logs, or integrations with other development tools. Consider offering a paid tier with priority support and dedicated account management to incentivize upgrades.
  4. Consider charging teams rather than individuals. Many users like using similar products, but may resist paying. By focusing on team collaboration and productivity, you can justify a higher price point. Also, think about implementing features for SSH key management, since this was a common request from similar products.
  5. Address the recurring concern about differentiation from existing tools like Infisical and Doppler. Clearly articulate your unique value proposition and how you solve specific problems better than the competition. Consider creating comparison charts or blog posts that highlight your strengths and advantages.
  6. Develop comprehensive documentation and tutorials to help users get started quickly. Make it easy for them to understand your product's features and benefits. Provide ample examples and code snippets to demonstrate how to integrate your secrets manager into their workflows.
  7. Actively solicit feedback from your users and iterate on your product based on their suggestions. Pay close attention to bug reports and feature requests. By continuously improving your product, you can ensure that it meets the evolving needs of your target audience.
  8. To tackle the issue of false positives reported by similar products, implement advanced algorithms for filtering and prioritizing alerts. Provide users with customizable rules and thresholds to fine-tune the detection process. Offer options for whitelisting specific secrets or patterns to reduce noise and improve accuracy.

Questions

  1. Given that the market has several established players, what specific security features will your encrypted secrets manager offer to truly differentiate it from competitors and alleviate user concerns about open-source security risks?
  2. Considering the negative feedback surrounding complex setups and maintenance with existing solutions, how will you ensure that your secrets manager offers a streamlined and user-friendly experience, particularly for smaller project teams with limited resources?
  3. Many users expressed concern about the lack of testing and code quality in similar open-source projects. What steps will you take to ensure the reliability and security of your secrets manager, and how will you communicate these measures to build trust with potential users?

  • Confidence: High
    • Number of similar products: 26
  • Engagement: Medium
    • Average number of comments: 10
  • Net use signal: 1.0%
    • Positive use signal: 10.8%
    • Negative use signal: 9.8%
  • Net buy signal: -4.9%
    • Positive buy signal: 0.3%
    • Negative buy signal: 5.2%

This chart summarizes all the similar products we found for your idea in a single plot.

The x-axis represents the overall feedback each product received. This is calculated from the net use and buy signals that were expressed in the comments. The maximum is +1, which means all comments (across all similar products) were positive, expressed a willingness to use & buy said product. The minimum is -1 and it means the exact opposite.

The y-axis captures the strength of the signal, i.e. how many people commented and how does this rank against other products in this category. The maximum is +1, which means these products were the most liked, upvoted and talked about launches recently. The minimum is 0, meaning zero engagement or feedback was received.

The sizes of the product dots are determined by the relevance to your idea, where 10 is the maximum.

Your idea is the big blueish dot, which should lie somewhere in the polygon defined by these products. It can be off-center because we use custom weighting to summarize these metrics.

Similar products

Relevance

Phase - Open source application secrets manager

21 Aug 2024 Open Source GitHub Developer Tools

Open source platform for fast-moving engineering teams to secure and deploy application secrets — from development to production.

The launch of Phase, an open-source secret management tool, received positive feedback for its ease of use, GitHub and AWS integrations, and potential to streamline workflows and improve team productivity. Users are excited about its password-sharing solution and CLI secret management. Questions arose about differentiation from tools like Infisical and Doppler, security concerns related to the open-source nature of the tool, and the need for robust encryption. Some users suggested implementing features for SSH key management and requested more information on integrations and security measures.

Users expressed significant concerns regarding the product's security due to its open-source nature, questioning data safety, breach handling, and potential loopholes. Comparisons to established tools and differentiation were requested, alongside clarity on security protocols and workflow integration. Market saturation and management overhead were also noted as potential drawbacks. The security risks associated with open-source secrets management were a recurring theme.

calv_chlo

I have been using Phase for a few months now and I am impressed with its functionality and ease of use. As a member of a fast-moving engineering team, I appreciate how Phase allows us to securely manage and deploy our application secrets from development to production. The open source platform is extremely reliable and efficient, making it a breeze to securely handle sensitive information without any hassle. The streamlined workflow has definitely improved our team's productivity and allowed us to focus on creating high-quality products. I highly recommend Phase to any engineering team looking for a secure and efficient platform to manage application secrets. It has definitely made a positive impact on our workflow and I can't imagine going back to our old methods. Five stars!

crebuh

Hey @nimishk , this is a great tool. When you work with a distributed team it is always a real pain to share secrets and credentials. I also love the fact that you offer a self-hosted version. Especially in Europe a lot of companies insist on hosting on premise 😅 Congrats on the launch! 🚀

elke_qin

This looks fantastic, @nimishk ! The ease of integrating with tools like GitHub and AWS is a game-changer for teams. Excited to see how Phase can streamline secrets management! Upvoted! 🚀

antoine_gauthier_

Loving the direction Phase is going, @nimishk ! 🔥 The integration with tools like GitHub and AWS is a game changer for secure deployments. Can't wait to try it out! Upvoted! 🚀

ema_elisi

Nice launch, @nimishk ! 🎉 Finally, a way to stop password-sharing chaos. Can't wait to see this in action across my projects. Upvoted! 💯

star_boat

Congrats on the launch of Phase, @nimishk ! 🎉 As someone who’s seen the challenges of managing application secrets firsthand, this tool looks like a lifesaver. The seamless integration with existing workflows—whether it's GitHub, Docker, or AWS—along with end-to-end encryption, makes Phase a must-have for fast-moving engineering teams. Can’t wait to dive into the GitHub repo and give Phase a try in our next project. Upvoted and looking forward to seeing how this evolves! 🚀

userinsite

Great job! I love the home page! it's a great walk-through of the product. It's so easy to see how it works without doing any extra digging. I have many API keys lying around, I will try this out!

michacassola

I would love something like this for SSH keys. Maybe with local encryption and decryption on demand with some other key, like a smart card or something like that.

yiraika_bacchi

The CLI-based secret management is a neat feature. It’s going to save a lot of time for our developer team.

awesomeyang

Congratulations @nimishk on launching Phase! This looks like a game changer for managing application secrets. The end-to-end encryption and seamless integrations with tools like GitHub and AWS will definitely help teams streamline their workflows. Excited to try it out! 🚀

Avatar
370
38
21.1%
0.0%
38
370
26.3%
2.6%
Relevance

Infisical - Open-source secrets manager

08 Mar 2023 Open Source Software Engineering Developer Tools

Infisical is an open-source, end-to-end encrypted platform that helps software developers manage secrets and environment variables across their teams, devices, and infrastructure. In the last 30 days, we have processed over 14M secrets for our users.

Infisical's Product Hunt launch received overwhelmingly positive feedback. Users praise its open-source nature, security features (including end-to-end encryption), efficiency in secret management, and seamless integrations. Many are excited to use it for managing secrets and environment variables across teams and environments, highlighting it as a single source of truth. Users appreciate the detailed documentation and the team's work. Several comments express excitement about the launch and congratulate the team, with some users migrating from Doppler.

Avatar
220
29
27.6%
29
220
27.6%
Relevance

Infisical – open-source secrets manager for developers

24 Jan 2023 Open Source Developer Tools

Two months ago, we left our jobs at AWS and Figma to continue building Infisical.It is an open-source end-to-end encrypted tool that helps you manage developer secrets across your team, devices, and infrastructure.During the previous Show HN, we got a lot of useful feedback which we’ve been iterating on A LOT!In the past month, we’ve been pretty much working 24/7, and we added: - Integrations for Vercel, Netlify, GitHub Actions, Render, and Fly.io - Public API - User activity logs - Point-in-time recovery and secret versioning - Custom environments - Kubernetes operator (https://infisical.com/docs/integrations/platforms/kubernetes) And made lots of other performance improvements both on the frontend and backend.Our repo is published under the MIT license so any developer can use Infisical. The goal is to not charge individual developers. We make money by charging a license fee for some enterprise features as well as providing a hosted version and support.In the coming weeks, we plan to add features like key rotation, alerts, and secret groups - as well as continue adding more integrations.Give it a try (https://github.com/Infisical/infisical)! We’d love to hear what you think!Main website: https://infisical.com/

The Show HN product received mixed feedback. Users praised the idea and ongoing improvements but raised concerns about security, code quality, and the MongoDB dependency. Some suggested alternative solutions like SecureStore. The product's monetization and open-source nature sparked debate on financial sustainability. Users were interested in features like multi-cloud support and simpler secret management, comparing it to Vault. Questions arose about documentation, encryption, and licensing. The need for early testing and clarity on GitHub repositories was noted. Pricing and the lack of SSO for self-hosted versions were also discussed.

Users criticized the product for its light secret management coverage, lack of tests, and security focus. There were concerns about non-committal security guarantees, a high number of dependencies, and the need for automated testing. The MongoDB dependency, licensing restrictions, and heavy network dependency were also noted. Skepticism about the project's sustainability without paid components, unclear documentation, and the complexity of setup were mentioned. Criticisms included the absence of SSO for self-hosted versions and limited functionality to only syncing environment variables.

https://news.ycombinator.com/user?id=rubenfiszel

I saw your post a few months ago and already thought it was awesome. Congrats on quitting your job to devote yourself to this project. I would assume that you have considered joining YC?I'm the founder of the OSS project windmill [1] that, among others, separates the code logic from the management of secrets. We are in the same boat of being a small team doing too many features and hence have covered very lightly the secret management. I would love to see if we could write some integrations between our projects so that scripts and workflows could leverage advanced secret management.[1]: https://github.com/windmill-labs/windmill

https://news.ycombinator.com/user?id=vmatsiiako

Thank you for your kind words! Yes, we have joined the YC W23 batch :)You’ll be surprised but I actually heard a lot about windmill - would love to talk! I sent you a LinkedIn invite

https://news.ycombinator.com/user?id=lucideer

> Any considerations about securityThe copy on their website is somewhat non-committal on this:> Infisical uses end-to-end encryption (E2EE) whenever possible [...] it makes no security guarantees for malicious events that can occur beyond its control [...] we do our best to maintain platform privacy and security [...] we will be adding more opt-in security measures > > -- https://infisical.com/docs/security/overviewDon't get me wrong - I do prefer honesty over empty promises and hot-air, but the above caveats seem worded as if intended for a legal document, rather than copy selling your product.As for the code - on cursory scan it's three apps: a CLI written in golang, a frontend on next.js, and the backend is a NodeJS express server backed by mongodb, with 1042 transitive NPM package dependencies. That doesn't indicate anything in and of itself, but it's a lot of surface area (and growing if their README roadmap is anything to go by).None of the above is a major red flag though - certainly things one would expect (& much much worse) from any closed-source competitor (just those don't have the transparency to check it out yourself). Yes, the focus does seem to be on feature addition & iteration though rather than instilling confidence in a solid, secure core, which is a bit of a pity, but all that said it would take much more than a cursory glance to audit properly, and they've stated they intent to have a full professional independent audit this year, so probably best to just wait for that. The fact it's open-source out-the-gate is extremely promising.100% going to keep an eye on this.

https://news.ycombinator.com/user?id=llarsson

Cool idea, and would love to take it for a spin!Feedback: the MongoDB dependency is annoying, from an enterprise (self-hosting) perspective. Due to their licencing, you can't have a managed service provider host it for you (unless that provider is Mongo itself). I have not looked into what data you store, but I can't imagine it's that schema-less at this point, so perhaps it could be possible to store in an SQL database instead? Or in PostgreSQL via its JSON support?

https://news.ycombinator.com/user?id=vmatsiiako

This is very interesting - we keep hearing about this pretty frequently. Will definitely look into this

https://news.ycombinator.com/user?id=whazor

From my experience (running Kubernetes at home), the biggest problem is that secrets managers are used to bootstrap clusters. Having to run three deployments (backend, frontend, mongodb) is a lot for a component that is supposed to bootstrap the cluster. Especially the MongoDB component is annoying, as it needs an username and password. That is why Vault from Hashicorp is so good, it supports many backends and provides distributed integrated storage (Raft), which is perfect for bootstrapping.

https://news.ycombinator.com/user?id=vmatsiiako

The main goal is to provide similar levels of security at a significantly reduced learning curve. These services can all be replaced with Infisical.When we spoke with engineers that work in companies of all sizes - most of them have mentioned how complicated Hashicorp Vault is. And indeed, while Vault has a lot of features, it is pretty overwhelming to setup and maintain.With Infisical, we want to take a modern approach to secret management by simplifying the whole process of configuring secrets to injecting them into your stack with little friction as possible. We invested a lot in the UI/UX in order to make everything more intuitive for developers when compared to Hashicorp Vault or any other alternative.Also, Infisical is meant to be multi-cloud unlike the cloud-specific secret managers/vaults. Give it a go and let me know what you think

Avatar
103
31
19.4%
-3.2%
31
103
22.6%
Relevance

Infisical – open-source secret management platform

19 Jul 2023 Developer Tools

Hi HN, we’re the founders of Infisical, the open source secret management platform – it provides an end-to-end set of tools to manage your secrets across your team and infrastructure (https://infisical.com/).Excited to show you all the progress that we’ve made in the past few months after our Launch HN in February (https://news.ycombinator.com/item?id=34955699) and Show HN in December (https://news.ycombinator.com/item?id=34055132).During the previous Show HN and Launch HN, we received a ton of feedback which helped us improve Infisical. We’ve since released:- Secret scanning: a new toolset to block commits with hardcoded secrets and continuously monitor your code.- Folders: Deeper organizational structure within projects to accommodate for microservice architectures and storage of more secret types like user API keys and OAuth tokens.- Node and Python SDKs, Webhooks: More ways to integrate and start syncing secrets with Infisical across your infrastructure.- Integrations with Terraform, Supabase, Railway, Checkly, Cloudflare Pages, Azure Key Vault, Laravel Forge, and more.- Secret Referencing and Importing: to create a proper single source of truth.- 1-click deployments to AWS EC2, Digital Ocean, Render, Fly.io: More ways to self-host Infisical on your own infrastructure.In addition, the platform has become more stable and undergone a full-coverage penetration test; we’ve also begun the SOC 2 (Type II) certification process.Overall, we’re really lucky to have support of the developer community, and, in fact, Infisical has gathered over 7k GitHub stars, and now processes over 200 million secrets per month for everyone from solo developers to public enterprises.Our repo is published under the MIT license so any developer can use Infisical. Again, the goal is to not charge individual developers. We make money by charging a license fee for some enterprise features as well as providing a hosted version and support.Check out Infisical Cloud (https://infisical.com/) or self-host Infisical on your own infrastructure (https://github.com/Infisical/infisical). We’d love to hear what you think!We’re excited to continue building Infisical, and keep shipping features for you. Please let us know if you have any thoughts, feedback, or feature suggestions!

Users expressed concerns about the lack of tests, security, and the open core model of the secret management platform. There was confusion over certain files and the use of terms like 'open source'. Some praised the platform's functionality and the founders, while others compared it to Hashicorp Vault and questioned its ease of use. The business model, pricing for security features, and SDK availability were also discussed. Positive feedback included appreciation for the landing page and fast responses, with interest in using the platform for specific projects.

Users criticized the product for lacking tests and having a codebase with all lines commented out, indicating poor engineering practices. Concerns were raised about insecure storage, complicated setup and maintenance of HCP Vault, and difficulty using Vault. The product's name was deemed hard to spell and not memorable. Criticisms also targeted the limitations of on-premise installations, the misleading open core model, and the confusion between open core and open source. Users questioned the Docker requirement, the absence of Java/Rust SDKs, and the unclear business model. The need to pay for security features like YubiKey two-factor authentication was also highlighted.

Avatar
131
43
-16.3%
-11.6%
43
131
Top