No. Secrets are never public.
Secrets always require a Vault Access Key, whether accessed via REST API or MCP.
Public does not mean unauthenticated.
It means:
No. Projects cannot be deleted.
This ensures structural integrity and audit continuity.
You can submit bugs and feature requests directly from the app in the Support section in the sidebar.
No.
Keys and certificates are immutable. If you need a new version, create a new resource.
Secrets are versioned.
When listed via vault: it may appear with "Resource expired".
When fetched directly: API returns 410 Gone.
Expired resources are not automatically deleted.
You will receive:
401 Unauthorized
All API requests require authentication.
Vault Access Key:
Public Resource Token:
Yes.
Secryn is fully compatible with:
Use Vault Access Keys stored in your CI secret store.
No.
Vault credentials are passed per request (unless configured otherwise in your deployment). MCP acts as a secure bridge and forwards credentials to the Secryn API.
The MCP server will reject the request.
Session protection prevents unauthorized access to the MCP endpoint.
Yes.
When using preferPublic=true, you must provide the resource-specific public token (code).
Yes.
Every backup is encrypted with a unique one-time key.
Secryn does not store the encryption key.
No.
Restore replaces the entire instance.
No.
Secret values are never written to logs.
Yes.
All log types support CSV export.