Platform teams
Keep environment secrets, shared runtime credentials, and rotation policy inside one auditable control plane.
Multi-tenant KMS with policy-aware secret operations
Turn Secrets
Into Security.
Automate key rotation, enforce deliberate access policy, and protect operational secrets with a control plane that mirrors the real system underneath.
Protection
3-tier
Policy model
URN IAM
Operator surfaces
Web + CLI
hermit.com/dashboard
Organization
Acme Security
Owner-scoped tenant with dedicated roles, teams, and invite flow.
Vault
Production Vault
Runtime credentials, payment secrets, and operational isolation in one partition.
Key
payments-master-key
Transit key rotated under policy with auditable version history.
Secret
STRIPE_API_KEY
Secret-level password challenge enabled with audit logging on reveal.
Policy engine
organizations:readAllow
vaults:createAllow
keys:useAllow
secrets:useAllow
Audit flow
Last 24hSecret reveal challenged with vault password
Transit key rotated for production
Invite accepted by platform operator
Use Cases
Built for teams that need structure under pressure.
Hermit is most useful when secret handling has to stay explicit, reviewable, and resilient across fast-moving teams.
Security teams
Model access through custom IAM roles, explicit deny rules, and team-based assignments instead of static RBAC shortcuts.
Developers
Use the dashboard and CLI together so secrets flow into delivery workflows without ending up in source control or local files.
Features
Security posture designed into the workflow.
The product surface follows the system model directly, so operators can reason about what they are doing without UI shortcuts hiding the security model underneath.
Organization-first hierarchy
Every vault, key, and secret belongs to a tenant boundary that operators can switch, audit, and reason about.
Vault transit-backed crypto
Hermit stores metadata in Postgres while HashiCorp Vault transit performs encryption, decryption, and key rotation.
Three-tier secret protection
Authentication, vault passwords, and secret passwords each have a clear purpose, and reveal flows preserve that distinction.
Runtime-evaluated IAM
Policies are checked against resource URNs in real time so permissions stay precise instead of collapsing into coarse roles.
About
The interface should mirror the system, not obscure it.
Principle 1
Keep hierarchy explicit. Organizations, vaults, keys, and secrets should be visible in the interface and reflected in every creation flow.
Principle 2
Make access feel deliberate. Permissions, reveal challenges, and share flows should explain themselves without adding operator friction.
Principle 3
Design for trust. Operators need interfaces that feel controlled, legible, and production-ready under pressure.
Start with the dashboard, then use the CLI when secrets need to move through terminal-driven workflows.
Enter Hermit