01Overview
EdgeVault solves the 'how do I rotate the same Stripe key across 14 regions in under 60 seconds' problem. It runs a leader-followers control plane with a CRDT-based conflict resolver for concurrent rotations.
All secret material is sealed at rest with envelope encryption keyed by a per-tenant KMS root.
02The Problem
Secret rotation was a 90-minute all-hands operation per quarter. Rotation was avoided. Long-lived credentials sprawled.
03Approach
- CRDT-backed sync layer over WireGuard mesh between regions.
- Per-secret lease policy with automatic rotation hooks for AWS, GCP, and Stripe.
- Append-only Merkle log for tamper-evident audit.
04Outcome
End-to-end rotation under 30 seconds across 14 regions.
Zero long-lived credentials remain in production six months in.