Enterprise secrets management. No enterprise required.

Secure your credentials. Authenticate your team. Extend with your own plugins. One binary. No platform team required.

⚡ 5 minutes to dynamic secrets
00days
:
00hours
:
00min
:
00sec
Install & Secure
$

Built for operators and developers

Published SLAs on every GitHub issue. 48-hour bug response. 5-day feature review. Open source users deserve the same respect as enterprise customers.

One Binary. Every Platform.

curl -fsSL getarcan.dev/install.sh | sh — done. Linux, macOS, ARM, x86. One binary, under 30MB. No runtime, no dependencies.

Running in Five Minutes

No Redis. No etcd. No external database. Built-in storage gets you running instantly — PostgreSQL when you need high availability.

Enterprise Auth. Instantly.

Google, Okta, Azure AD, ADFS, LDAP. Select your provider, enter credentials, done. The wizard handles discovery and encryption automatically.

TLS. Everywhere. Always.

Auto-generated internal CA. HTTPS enforced on every connection — including development. AES-256-GCM at rest. There is no insecure mode.

Environment Aware

Detects Docker, Kubernetes, AWS, Azure, GCP automatically. Adjusts logging, storage, and configuration to match your runtime — zero manual tuning.

Audit Everything

Every access, login, and policy change — logged and forwarded in real time. Built-in integrations for Splunk, Microsoft Sentinel, Elastic, CrowdStrike, Datadog, Palo Alto Cortex, and Google Chronicle.

12 official plugins. Enterprise auth built in.

Dynamic credentials for databases, cloud, and infrastructure. Authenticate with your existing identity provider.

Dynamic Credentials

PostgreSQL
MySQL
MongoDB
Redis
AWS IAM
Azure
GCP
SSH CA
Kubernetes
RabbitMQ
PKI / TLS
TOTP

Enterprise Authentication

OIDC

Google · Okta · Azure AD · Auth0 · Keycloak

SAML 2.0

Okta · Azure AD · ADFS · OneLogin

LDAP

Active Directory · OpenLDAP · FreeIPA

Setup wizard auto-detects your provider. Secrets encrypted in config.

Consume secrets everywhere

From your IDE to production. Every tool your team already uses.

IDE

Browse, peek, and inject secrets without leaving your editor

VS CodeJetBrains (coming soon)

CI/CD

Fetch secrets at build time. Values masked in logs automatically.

GitHub ActionsGitLab CI (coming soon)

Configuration Management

Inject secrets into playbooks and automation scripts

AnsibleChef (coming soon)

Application Runtime

Fetch secrets in code with built-in caching and auto-refresh

GoPythonNode.js

Kubernetes

Sync secrets to K8s via ESO webhook or sidecar injection

External SecretsSidecarInit Container

Docker

Generate .env files for Compose or sync to Swarm secrets

ComposeSwarm

Build your own secrets engine

The only open-source secrets manager with a plugin SDK.
Scaffold with the CLI. Generate with AI. Ship in minutes.

Plugin Workflow
MCP Native — Arcan's MCP server lets Claude, Cursor, and other AI assistants scaffold, configure, and manage plugins without exposing secrets.
Setup SDKView on GitHub