About Sirr

Sirr is an open-source, self-hosted ephemeral secret manager. Every secret you store comes with an expiration — a time-to-live, a read count, or both. When the conditions are met, the secret is gone. Permanently.

Built as a single Rust binary with no external dependencies, Sirr uses a two-tier encryption-at-rest architecture. Every secret is encrypted server-side with AES-256-GCM before touching disk, with the master key held only in memory and loaded from a secure mounted key file — never from environment variables. For high-sensitivity data, optional client-side encryption lets you store opaque blobs the server cannot decrypt. The embedded redb database means zero external dependencies. Deploy anywhere with Docker in 30 seconds.

Sirr includes a built-in MCP (Model Context Protocol) server, so AI agents can store and retrieve ephemeral secrets using the same protocol they already speak. The MCP server is a pure protocol adapter — no RAG, no vectors, just CRUD over a different wire format.

SecretDrop provides api.secretdrop.app as a managed proxy to Sirr. Point your SDKs, CLI, or MCP clients at the cloud endpoint and authenticate with your license key — same API, zero infrastructure. SecretDrop adds usage analytics, team management, and rate limits on top.

Sirr is licensed under BSL 1.1 and is free for up to 100 secrets per instance. For teams needing more, Pro and Enterprise plans are available through this platform.