Secure your secrets with absolute certainty.
Trufo is a high-performance, secure bridge for sharing sensitive data. Whether it's a configuration string, a deployment toggle, or a sensitive file, Trufo ensures it reaches the right hands and nowhere else.
Core Capabilities
Engineered for Versatility.
Multi-Type Secret Support
Go beyond simple text. Trufo supports polymorphic secret storage including strings, booleans, feature toggles, and direct file uploads, all encrypted with the same rigor.
Ephemeral Life-cycles
Configure "One-time use" (burn after reading) or set custom lifetimes from minutes up to 365 days.
Creator Visibility
Get notified the instant your secret is viewed. Combined with email verification, you maintain complete audit control.
CLI & GUI Access
Access your secrets through our intuitive dashboard or directly via curl for
automation scripts.
# AWS Infrastructure Deployment $ sam deploy --guided Deploying to us-east-1... Stack: Lambda + S3 + KMS Status: ACTIVE # Fetch via Curl $ curl -X GET \ https://api.trufo.maimons.dev/v1/secret/id \ -H "X-Auth-Token: magic-link-jwt"
Hardened Authentication
Security is our baseline. Trufo provides multiple layers of authentication to protect your workspace and your secrets.
-
verified_user
MFA Protection Multi-factor authentication required. Backup codes generated and displayed upon initial creation.
-
magic_button
Magic Link Sign-in Passwordless login for a seamless yet secure engineering workflow.
-
contact_mail
Email Verification Enforced verification layers for every secret recipient.
Choose your path.
Get started instantly with our managed cloud service, or maintain total control by deploying on your own AWS infrastructure.
Cloud Hosted (SaaS)
Zero configuration. Managed updates. Start sharing secrets in seconds.
Self-Hosted
Total sovereignty. Your VPC, your keys. Deploy with AWS CDK or Terraform.