Secureable provides secure, tightly controlled access and management to secrets, while providing tight access control and recording a detailed audit log.

What is Secureable?

Secureable is a system tool for…


Securely managing and accessing secrets


Encryption / Decryption as a service

Securely managing and accessing secrets

A secret is any sensitive information such as API keys, passwords, or certificates.

Secureable provides secure, tightly controlled access and management to secrets while providing tight access control and recording a detailed audit log.

Most modern systems require access to a multitude of secrets, such as database credentials, API keys for external services, and credentials for service-oriented architecture communication. Understanding who is accessing what secrets is already very difficult and platform-specific. Adding on key rolling, secure storage, and detailed audit logs is almost impossible without a custom solution. This is where Secureable steps in.
Key features:


Secureable can authenticate a user in a number of ways, such as username/password, Active Directory, TLS certificates and Radius. A user can be associated with more than one authentication account.

Secure Secret Storage

Arbitrary key/value secrets can be stored in Secureable, which are encrypted prior to writing them to persistent storage, so gaining access to the raw storage isn’t enough to access your secrets.

Dynamic Secrets

Secureable can generate secrets on-demand for some systems, such as AWS or SQL databases. For example, when an application needs to access an S3 bucket, it asks Secureable for credentials, and Secureable will generate an AWS keypair with valid permissions on demand. After creating these dynamic secrets, Secureable will also automatically revoke them after the lease is up.


Secureable can encrypt and decrypt data without storing it. This allows security teams to define encryption parameters and developers to store encrypted data in a location such as SQL without having to design their own encryption methods.

Leasing and Renewal

All secrets in Secureable have a lease associated with them. At the end of the lease, Secureable will automatically revoke that secret. Clients are able to renew leases via built-in renew APIs.


Secureable has built-in support for secret revocation. Secureable can revoke not only single secrets, but a tree of secrets, for example all secrets read by a specific user, or all secrets of a particular type. Revocation assists in key rolling as well as locking down systems in the case of an intrusion.


For OpenEdge systems, using Secureable is as simple as calling the sdk methods. The authentication methods return a Client Principal with user metadata to use as the developer wishes.