Early access — founding teams get the Free tier locked in permanently.
Sirr is in public beta — APIs may change before 1.0

Multi-tenant UI: organizations that actually feel like organizations

We merged a big chunk of work that had been cooking in a worktree — the multi-tenant UI overhaul. Before this, switching between organizations was functional in the database layer but awkward in the UI. Now the dashboard properly reflects the org you're in, context switches cleanly, and the whole multi-org flow feels like it was designed that way from the start rather than bolted on.

Highlights

  • Multi-tenant organization UI merged and live on main
  • Dashboard context now correctly scoped to your active organization
  • Organization switching works cleanly without stale state

A new face for everything: dashboard, docs, and the landing page

Today was one of those days where you redesign everything and wonder if you'll ever sleep again. The entire marketing site got a hub-and-spoke layout rework — instead of a long scroll of features, each value prop now connects logically to the next. The dashboard got a visual overhaul too. We also wrote six missing documentation pages that users were definitely hitting dead ends on, and the licensing flow diagram finally explains how the whole thing actually works. Pricing and billing tiers got a clarity pass while we were in there.

Highlights

  • Hub-and-spoke landing page layout — cleaner story, less scrolling
  • Dashboard redesign with updated navigation and component system
  • 6 new documentation pages covering previously undocumented workflows
  • Flow diagram explaining the full licensing lifecycle
  • Pricing page updated to reflect current plan tiers and billing model

We killed SecretDrop. Long live SirrLock.

Today we formally made SirrLock the name. Not just the domain — everything. Every auth page, email template, legal doc, dashboard label, GitHub org reference, config file, and SEO tag got updated. It took more commits than we'd like to admit. We added a 301 redirect so secretdrop.app links never break — old bookmarks, old integrations, all still work. The pricing page got restructured around the Self-Host vs SirrLock Cloud framing, which is honestly how users were already thinking about it. The landing hero got new tagline variants. It's the same product with a name that actually matches what it does.

Highlights

  • 301 redirect middleware: secretdrop.app → sirrlock.com (old links still work)
  • Pricing page restructured around Self-Host vs Cloud framing
  • Landing page hero updated with SirrLock tagline and rotating variants
  • Full rebrand across auth pages, email templates, and legal docs
  • SEO metadata and sitemap updated for sirrlock.com

Webhooks and audit logs — now you'll know everything

If you ever asked yourself 'who read that secret and when?', we now have an answer. Today we shipped a full audit log system that records every key action — creates, reads, revocations — and a webhook system that fires HMAC-signed payloads when things happen in your account. The dashboard got two new pages to browse audit events and manage webhook endpoints. We also caught and fixed a privacy slip: Sentry was collecting more data than we intended. PII collection is now explicitly off.

Highlights

  • Audit log table with filterable event history (key.created, key.revoked, etc.)
  • Webhooks with HMAC-SHA256 signatures, retry logic, and delivery tracking
  • Dashboard pages for browsing audit events and managing webhook endpoints
  • Webhook events fire on key create/revoke actions automatically
  • Sentry PII collection disabled — no personal data sent to error tracking

The homepage got a glow-up

We redesigned the landing page from the ground up. The new look uses a light crimson palette with a two-column hero, and the headline is now a canvas particle animation that cycles through the things people use SirrLock for — 'The secret that disappears', 'The key that self-destructs', that kind of thing. Secrets now reveal themselves on a button click instead of auto-displaying, which turned out to be a pretty important UX call. We also shipped a copy button because apparently people want to paste things without selecting them manually.

Highlights

  • Light crimson redesign with two-column hero layout
  • Particle text canvas animation cycling through use-case phrases
  • Secrets now reveal on click — no more accidental exposure on page load
  • Copy-to-clipboard button on the secret reveal view
  • Mobile-responsive header and particle font scaling for small screens

Invite your team, pick your language, and we respect your cookies

Huge update today. You can now invite teammates to your organization with role-based access — admins, members, the whole deal. Seat limits are enforced per plan so everything stays fair. We also flipped the switch on multi-language support across the entire platform (10 languages, including RTL for Arabic). Oh, and we added a proper GDPR cookie banner because we care about your privacy. Google Analytics only loads if you explicitly say yes.

Highlights

  • Team invitation flow with email, role assignment, and seat limits
  • Accept invitation page with sign-in/sign-up redirect
  • 10-language support with browser detection and manual override
  • Privacy policy and terms of service pages
  • GDPR-compliant cookie consent — analytics only on opt-in

New auth, new billing, new everything

We ripped out Clerk and Stripe and replaced them with BetterAuth and Polar. Why? Because we wanted full control over the auth stack and a billing provider that doesn't charge us to charge you. The migration also brought GitHub OAuth, organization-scoped sessions, and a much cleaner codebase. Plus, the new instance dashboard now shows all your Sirr servers with live heartbeat status — green means it's running, red means you should probably check on it.

Highlights

  • Migrated from Clerk to BetterAuth with GitHub OAuth
  • Switched from Stripe to Polar for billing
  • Instance heartbeat dashboard — see all your Sirr servers at a glance
  • Organization-scoped sessions with automatic workspace creation

Production-ready deployment pipeline

Both the docs and the dashboard now deploy automatically via Docker. Every build gets a version number you can trace back to the exact commit. We also set up GHCR publishing so container images are always fresh. Hit /api/version on any of our services and you'll see exactly what's running.

Highlights

  • Automated Docker builds with multi-stage optimization
  • Traceable version numbers on every deployment
  • GHCR container registry publishing
  • One-command production deploys via Docker Compose

SirrLock is live

Day one. We built the entire SirrLock platform from the ground up — authentication, dashboard, license key management, and billing integration. The dashboard lets you create and manage license keys for your Sirr instances, view your plan, and manage your account. All backed by a Turso database with Drizzle ORM. It's live at sirrlock.com.

Highlights

  • Full SaaS platform with auth, dashboard, and billing
  • License key creation and management
  • Plan-based limits with free tier (5 seats, 10 keys)
  • Production deployment on Docker Compose + Traefik with custom domain