Secrets that know when to disappear.
Every time you paste an API key into Slack, a .env file into email, or a database URL into an AI assistant, you create a credential that lives forever in someone else's system. Sirr fixes this.
One read. Then it's gone forever.
TTL
Expires after a duration. 30 minutes, 24 hours, 7 days.
Read Limits
Burns after N reads. One read? One read.
Burn-After-Read
The default. Read it, it's gone. Server-side deletion.
Give Claude a credential. It reads it. It's gone. MCP server included.
$ sirr set PROD_DB="postgres://..." --org myteam --reads 1
# Tell Claude: "PROD_DB is in sirr. Analyze the schema."
# Claude reads it via MCP. The credential is gone.Single Rust binary. Self-host or use our cloud.
“Sirr handles our ephemeral secrets so we can focus on shipping our API. Deploy once, forget about it.”
jsondb.cloud
Cloud JSON Storage Platform
“We needed ephemeral secret sharing our AI agents could use natively via MCP. Sirr was the only tool that fit.”
AskEmilia
AI Assistant Platform
“Self-hosted, zero dependencies, and the audit trail our team needed. Checked every box on our compliance review.”
Billy.lv
Digital Services
Self-host on your infrastructure
One Binary
sirrd serve — that's it. No cluster, no unsealing, no dependencies.
Your Network
Secrets never leave your infrastructure. Air-gap ready. Zero phone-home required.
8x Cheaper
$499/yr vs Vault HCP's $4,320/yr minimum. Same security, fraction of the cost.
Start free. No credit card. Three seats included.
Self-Hosted
Your secrets never leave your network.