EnvKey Security Goals
To provide our users a highly available, end-to-end encrypted secrets management system that is secure, cryptographically sound, easy to use, and easy to integrate.
Users should not have to know or care about the underlying cryptography implementation to use it securely and gain its benefits.
The server should not be trusted by any EnvKey client. Even in the unlikely scenario of a compromise of EnvKey's servers, it should not be possible for the attacker to read or modify an organization's secrets (apart from deleting them). Public keys should be verified by a web of trust before using them in crypto operations.
Completely decouple api authentication from cryptography. Authentication is based on email tokens, not passwords. The master encryption passphrase has no role in authentication, and authentication tokens have no role in encryption, decryption, or the web of trust.
Implement reliable, standards-based cryptography that protects against real world threats and avoids known theoretical vulnerabilities. Beyond that, don't increase key sizes, add optimizations, or complicate user experience beyond what is necessary to achieve this goal.