This service is under active development. Features may change without notice.

Webhooks and audit logs — now you'll know everything

If you ever asked yourself 'who read that secret and when?', we now have an answer. Today we shipped a full audit log system that records every key action — creates, reads, revocations — and a webhook system that fires HMAC-signed payloads when things happen in your account. The dashboard got two new pages to browse audit events and manage webhook endpoints. We also caught and fixed a privacy slip: Sentry was collecting more data than we intended. PII collection is now explicitly off.

Highlights

  • Audit log table with filterable event history (key.created, key.revoked, etc.)
  • Webhooks with HMAC-SHA256 signatures, retry logic, and delivery tracking
  • Dashboard pages for browsing audit events and managing webhook endpoints
  • Webhook events fire on key create/revoke actions automatically
  • Sentry PII collection disabled — no personal data sent to error tracking

The homepage got a glow-up

We redesigned the landing page from the ground up. The new look uses a light crimson palette with a two-column hero, and the headline is now a canvas particle animation that cycles through the things people use SecretDrop for — 'The secret that disappears', 'The key that self-destructs', that kind of thing. Secrets now reveal themselves on a button click instead of auto-displaying, which turned out to be a pretty important UX call. We also shipped a copy button because apparently people want to paste things without selecting them manually.

Highlights

  • Light crimson redesign with two-column hero layout
  • Particle text canvas animation cycling through use-case phrases
  • Secrets now reveal on click — no more accidental exposure on page load
  • Copy-to-clipboard button on the secret reveal view
  • Mobile-responsive header and particle font scaling for small screens

Invite your team, pick your language, and we respect your cookies

Huge update today. You can now invite teammates to your organization with role-based access — admins, members, the whole deal. Seat limits are enforced per plan so everything stays fair. We also flipped the switch on multi-language support across the entire platform (10 languages, including RTL for Arabic). Oh, and we added a proper GDPR cookie banner because we care about your privacy. Google Analytics only loads if you explicitly say yes.

Highlights

  • Team invitation flow with email, role assignment, and seat limits
  • Accept invitation page with sign-in/sign-up redirect
  • 10-language support with browser detection and manual override
  • Privacy policy and terms of service pages
  • GDPR-compliant cookie consent — analytics only on opt-in

New auth, new billing, new everything

We ripped out Clerk and Stripe and replaced them with BetterAuth and Polar. Why? Because we wanted full control over the auth stack and a billing provider that doesn't charge us to charge you. The migration also brought GitHub OAuth, organization-scoped sessions, and a much cleaner codebase. Plus, the new instance dashboard now shows all your Sirr servers with live heartbeat status — green means it's running, red means you should probably check on it.

Highlights

  • Migrated from Clerk to BetterAuth with GitHub OAuth
  • Switched from Stripe to Polar for billing
  • Instance heartbeat dashboard — see all your Sirr servers at a glance
  • Organization-scoped sessions with automatic workspace creation

Production-ready deployment pipeline

Both the docs and the dashboard now deploy automatically via Docker. Every build gets a version number you can trace back to the exact commit. We also set up GHCR publishing so container images are always fresh. Hit /api/version on any of our services and you'll see exactly what's running.

Highlights

  • Automated Docker builds with multi-stage optimization
  • Traceable version numbers on every deployment
  • GHCR container registry publishing
  • One-command production deploys via Dokploy

SecretDrop is live

Day one. We built the entire SecretDrop platform from the ground up — authentication, dashboard, license key management, and billing integration. The dashboard lets you create and manage license keys for your Sirr instances, view your plan, and manage your account. All backed by a Turso database with Drizzle ORM. It's live at secretdrop.app.

Highlights

  • Full SaaS platform with auth, dashboard, and billing
  • License key creation and management
  • Plan-based limits with free tier (5 seats, 10 keys)
  • Production deployment on Dokploy with custom domain