Grantor lets developers seal and unseal application secrets using the NearEDGE Select Lock solution, providing a focused utility for protecting credentials and other sensitive data. It wraps secrets into a JWE and stores them in a designated secret Vault so that sensitive values remain encrypted and visible only where they should be. Developers and operations teams will want Grantor when they need a standards-based way to keep secrets confidential inside an application's lifecycle without exposing plaintext values during storage or transit.

Key Features

⭐ Grantor seals and unseals application secrets via the NearEDGE Select Lock integration.

⭐ Stores sealed secrets as JWE objects in a designated secret Vault for encrypted at-rest storage.

⭐ Keeps secrets encrypted and scoped so plaintext values are not exposed during storage or transit.

⭐ Uses the JWE standard to ensure compatibility with existing encryption and key management workflows.

Advantages

✅ Strong protection by sealing secrets before storage, reducing plaintext exposure.

✅ Centralized storage in a secret Vault keeps encrypted values together and easier to manage.

✅ Grantor uses the JWE standard, promoting compatibility with existing encryption formats.

✅ Focused utility that helps maintain confidentiality of application secrets through sealing and unsealing.

Disadvantages

❎ Requires the NearEDGE Select Lock solution to perform sealing and unsealing.

❎ Secrets are stored as JWE objects, so the environment must support that format for retrieval and use.