Trusted by early adopters and security teams
"Lockr allowed us to tackle complex key rotation across our entire CI/CD pipeline with incredibly easy integration."
Secrets Management is Broken
Current tools force you to choose between insecure .env files or overly complex enterprise systems.
The Problem
- Storing secrets in .env files is insecure and leaks happen constantly
- HashiCorp Vault requires a dedicated platform engineer and weeks of setup
- Doppler is cloud-only with expensive per-seat pricing and vendor lock-in
- No existing tool helps you pass SOC-2 or ISO 27001 audits automatically
- Compliance consultants charge $50,000+ to collect evidence manually
The Lockr Solution
- Git-style commands you already know (checkout, merge, diff)
- Post-quantum encryption that's future-proof against quantum computers
- Generate compliance reports with a single command
- Self-host on your infrastructure or use our managed cloud
- Save $50,000 per year on compliance consulting fees
Core Platform
Built for Modern Engineering
Everything you need to secure your infrastructure, built into a workflow developers actually want to use.
Git for Secrets
Store and manage secrets exactly like you manage code with Git.
- Familiar commands: checkout prod, merge staging prod
- Environment isolation: prod, staging, dev branches
- Full version control for sensitive data
- Complete CLI and REST API
Future-Proof Security
Enterprise-grade security with post-quantum cryptography.
- FrodoKEM-1344 post-quantum encryption (NIST-approved)
- Token-based RBAC with namespace scoping
- Tamper-evident hash-chained audit logs
- Pre-commit hooks prevent secret leaks
Compliance Automation
The only secrets manager that auto-generates audit evidence.
- Automated SOC-2 compliance checks
- Automated ISO 27001 compliance checks
- Support for custom frameworks: HIPAA, PCI-DSS, GDPR
- PDF reports ready for auditors
- Continuous compliance monitoring dashboard
How It Works
From empty directory to SOC-2 ready in 5 minutes.
Install
Install the CLI with a single command. Works on Linux, macOS, Windows.
Initialize Vault
Create your encrypted vault with post-quantum key generation.
Store Secrets
Store secrets with git-style paths. Environment-isolated by default.
Run Compliance Check
Automated checks for all secret-related compliance controls.
Pass Your Audit
Hand the generated PDF report to your auditor. Pass SOC-2 on the first try.
Pricing
Simple, Predictable Pricing
Start for free, upgrade when you need compliance automation. No per-seat pricing for core features.
Community Edition
Self-Host Forever
Team Edition
For Small Development Teams
Compliance Edition
For Series A/B Startups
Enterprise Edition
For Fortune 500 and Regulated Industries
Annual plans save 20% | No vendor lock-in | Self-host any tier
How Lockr Compares
The Only Automated
Compliance Solution
| Feature | Lockr | HashiCorp Vault | Doppler | 1Password |
|---|---|---|---|---|
| Self-Hosting | Free and Simple | Free but Complex | Not Available | Not Available |
| Compliance Automation | Fully Automated | Manual Process | No Features | No Features |
| Post-Quantum Crypto | Yes (FrodoKEM) | No | No | No |
| User Experience | Simple (Git-style) | Complex | Medium | Simple |
| Pricing | $0 to $299/month | Free (Open Source) | $7 to $15 per user | $8 per user |
| Best For | Startups Seeking SOC-2 | Large Enterprises | Developer Teams | General Users |
FAQ
Frequently Asked Questions
Everything you need to know about Lockr and how it works.
Vault is an infrastructure tool designed for platform engineering teams at large enterprises. Lockr is a developer tool built for startups. We prioritize simplicity with a git-like user experience over enterprise complexity. If you know git commands, you already know how to use Lockr.
No installation required. You can use our fully managed cloud-hosted version with zero infrastructure setup. Alternatively, self-host the open-source CLI on your own infrastructure if you prefer. It runs as a simple Python application.
Lockr automates approximately 70% of SOC-2 Trust Services Criteria controls related to secret management. You still need broader organizational security policies and procedures, but we provide pre-collected technical evidence for all secret-related compliance controls, saving months of manual work.
Yes. We implement FrodoKEM-1344-SHAKE, a NIST-approved post-quantum key encapsulation mechanism at security level 5 (equivalent to AES-256). This protects against future quantum computer attacks. The system falls back to X25519 classical cryptography if the liboqs library is not installed.
No limitations or tricks. The core secrets management features are MIT licensed open source. You can self-host forever at no cost. We generate revenue from compliance automation features and managed cloud hosting. No vendor lock-in.
Yes. We provide migration scripts and documentation. Export your secrets from your current tool, import them into Lockr using our CLI. Most migrations complete in under 30 minutes.
Cancel anytime with no penalties. Export all your secrets before canceling. If self-hosting, you retain full access to your vault data indefinitely since it is stored on your infrastructure.
We are currently pursuing SOC-2 Type II certification and expect completion in Q3 2024. Our product helps customers achieve SOC-2 compliance by automating evidence collection for secret management controls.
Security First
Enterprise-Grade Security by Default
Built from the ground up to protect your most sensitive data against current and future threats.
Post-Quantum Crypto
FrodoKEM-1344 secures against harvest-now-decrypt-later attacks
Zero Knowledge Architecture
We cannot read your secrets, ever
Role-Based Access Control
Granular permissions for users and machine identities
Audit Logging
Cryptographically verifiable, hash-chained logs
Early Access
Join the Lockr Waitlist
We are currently in private beta. Tell us how you plan to use Lockr so we can prioritize your onboarding.