Open-source Key Management Service: Manage secrets, API keys, certificates, and encryption keys across your infrastructure.

Hanzo KMS is the open-source key management service built for the AI era — centralize secrets, API keys, and certificates across your infrastructure with first-class AI access controls.

Built by Hanzo AI, we believe you should always control what AI can access. Every secret has a policy: some auto-approve for development velocity, others require explicit human sign-off before any AI agent can read them.

Your secrets, your rules. AI agents are first-class citizens in Hanzo KMS — and so is your ability to block them.

• Per-secret AI policies: Mark any secret as human-approval required for AI access. Claude, GPT, or any agent requesting that secret triggers a real-time approval request.
• Auto-approve mode: Building fast? Set policies to auto-approve for your team's agents — flip to manual approval before shipping.
• Device & agent tracking: See exactly which AI model, tool, or agent accessed which secret and when.
• Full audit trail: Every secret read by an AI is logged with the agent identity, timestamp, and reason.
• One-tap approval: Approve or deny AI secret requests from Slack, email, or the KMS dashboard.

Secret: STRIPE_LIVE_KEY
  AI Access Policy: requires-human-approval
  Last accessed by: claude-sonnet-4-6 via hanzo-mcp
  Status: waiting for your approval → [Approve] [Deny]

• Dashboard: Manage secrets across projects and environments through a user-friendly interface.
• Secret Syncs: Sync secrets to platforms like GitHub, Vercel, AWS, and use tools like Terraform, Ansible, and more.
• Secret versioning and Point-in-Time Recovery: Track every secret and project state; roll back when needed.
• Secret Rotation: Rotate secrets at regular intervals for services like PostgreSQL, MySQL, AWS IAM, and more.
• Dynamic Secrets: Generate ephemeral secrets on-demand for services like PostgreSQL, MySQL, RabbitMQ, and more.
• Secret Scanning and Leak Prevention: Prevent secrets from leaking to git.
• Kubernetes Operator: Deliver secrets to your Kubernetes workloads and automatically reload deployments.
• KMS Agent: Inject secrets into applications without modifying any code logic.

• Internal CA: Create and manage a private CA hierarchy directly within KMS.
• External CA: Integrate with third-party certificate authorities such as Let's Encrypt, DigiCert, Microsoft AD CS, and more.
• Certificate Lifecycle Management: Create certificate profiles and policies to control how certificates are issued.
• Certificate Syncs: Sync certificates to external platforms like AWS Certificate Manager and Azure Key Vault.
• Alerting: Configure alerting for expiring CA and end-entity certificates.

• Cryptographic Keys: Centrally manage keys across projects through a user-friendly interface or via the API.
• Encrypt and Decrypt Data: Use symmetric keys to encrypt and decrypt data.

• Signed SSH Certificates: Issue ephemeral SSH credentials for secure, short-lived, and centralized access to infrastructure.

• AI Identity Tracking: Identify which AI model or agent is requesting secrets — Claude, GPT, Gemini, or any MCP-compatible tool.
• Per-secret AI policies: Set auto-approve, requires-approval, or blocked per secret per AI identity.
• Real-time approval requests: Pending AI secret reads appear in your dashboard, Slack, or email — one tap to approve or deny.
• Auto-approve mode: Teams move fast by default; escalate specific secrets to manual approval as you go to production.
• Device registry: Register and manage AI agent devices; revoke access instantly.
• AI audit log: Separate audit trail for all AI-originated secret reads, with model ID, tool name, and request context.

• Authentication Methods: Authenticate machine identities with KMS using cloud-native or platform agnostic authentication methods (Kubernetes Auth, GCP Auth, Azure Auth, AWS Auth, OIDC Auth, Universal Auth).
• Access Controls: Define advanced authorization controls for users and machine identities with RBAC, additional privileges, temporary access, access requests, approval workflows, and more.
• Audit logs: Track every action taken on the platform.
• Self-hosting: Deploy KMS on-prem or cloud with ease; keep data on your own infrastructure.
• SDKs: Interact with KMS via client SDKs (Node, Python, Go, Ruby, Java, .NET)
• CLI: Interact with KMS via CLI; useful for injecting secrets into local development and CI/CD pipelines.
• API: Interact with KMS via REST API.

To set up and run KMS locally, make sure you have Git and Docker installed on your system. Then run:

Linux/macOS:

git clone https://github.com/hanzoai/kms && cd kms && cp .env.dev.example .env && docker compose -f docker-compose.prod.yml up

Windows Command Prompt:

git clone https://github.com/hanzoai/kms && cd kms && copy .env.dev.example .env && docker compose -f docker-compose.prod.yml up

Create an account at http://localhost:80

Scan for over 140+ secret types in your files, directories, and git repositories.

To scan your full git history, run:

hanzo-kms scan --verbose

Install pre-commit hook to scan each commit before you push:

hanzo-kms scan install --pre-commit-hook

This repo is available under the MIT expat license, with the exception of the ee directory which contains premium enterprise features requiring a license.

If you are interested in managed KMS Cloud or self-hosted Enterprise offering, visit kms.hanzo.ai or contact us.

Please do not file GitHub issues or post on public forums for security vulnerabilities, as they are public!

KMS takes security issues very seriously. If you have any concerns or believe you have uncovered a vulnerability, please get in touch via email at security@hanzo.ai. In the message, try to provide a description of the issue and ideally a way of reproducing it. The security team will get back to you as soon as possible.

Whether it's big or small, we love contributions. Check out our guide to see how to get started.

Not sure where to get started? Join our Discord and ask us any questions there.