KeyDrift

KeyDrift is a web app (with optional CLI agent) that continuously discovers, inventories, and rotates “forgotten” secrets across cloud accounts, CI/CD, and SaaS tools. Instead of trying to replace your vault, it sits on top of what you already use (AWS KMS/Secrets Manager, Azure Key Vault, HashiCorp Vault, GitHub Actions, GitLab, Kubernetes) and detects key/secret drift: stale credentials, over-privileged keys, duplicate secrets, and keys that no longer match policy. It generates rotation plans, opens PRs to update configs, and can auto-rotate low-risk secrets with approvals. The MVP focuses on a narrow but painful problem: teams think they have key management handled, yet secrets multiply across pipelines and repos. Expect a security-heavy sales cycle and lots of edge cases, but if you nail integrations and reporting, it becomes a must-have control for audits and incident prevention.