• Projects 3
  • Rating 5.0
  • Rating 1 130

Budget: 6000 UAH Deadline: 5 days

Good day! We will create a turnkey separate microservice secret storage in Python (FastAPI): a master key in an environment variable, failure on startup if the length is absent/invalid, encryption of each secret before writing to the database (not stored in plain text), decryption only in memory upon request via API. An audit log in a separate file/table with a strict taboo on the actual secret values — only the fact of the action, status, and who requested it. Plus, a rotation scheduler that updates tokens in external systems on a schedule.

Stack: Python 3, FastAPI, encryption via cryptography (AES-GCM), Postgres or SQLite based on your volume, deployment as a Docker container on your server. We constantly work with backends and automation.

One clarification regarding rotation: which specific external systems need to push new tokens (your API, cloud provider, specific services) — this will determine the set of rotation adapters. And which DBMS are you already using?

Price is 6000 UAH, approximately 5 days for the working core with tests. I am taking it at the starting rate — gathering initial reviews on the platform, so it's advantageous. I am ready to show a live demo of our code in the chat so you can evaluate the approach to security in the solution.

Petro Pankov, BotCraft Group

  • Projects 118
  • Rating 5.0
  • Rating 10 390

Budget: 4500 UAH Deadline: 3 days

Hello.

I am a NodeJS developer. I can create such a microservice for you. Write to me, and we will discuss.

  • Projects -
  • Rating -
  • Rating 344

Budget: 1800 UAH Deadline: 6 days

The master key through ENV and failure at startup due to invalid length is the baseline, but the real pain lies elsewhere: decrypting the secret into memory with each request plus rotation in an external system creates two weak points that are usually remembered only in production. The first is overlap: when you rotate the token with an external provider and re-encrypt the new version in the database, the old secret must remain valid for a short window; otherwise, the service that hasn't had time to read the current token catches a 401 right in the middle of traffic. Therefore, I store not just one string, but versions of the secret marked as active/retiring, and I provide the current one through the API, while keeping the previous one alive until confirmed rolling.

The second is the audit trail without leakage. It's not enough to simply not write the value: it's easy to indirectly expose the secret through a rotation error message, where the provider returned part of the token, or through a diff in the log. I log the event as a fact (who, what, when, result, version), and the value and its ciphertext do not touch the log layer at all, while provider errors are sanitized before recording. At startup, I run the Master Key through a length check for a specific algorithm (AES-256-GCM requires exactly 32 bytes), and I log with the explicit text instead of a bare stack trace.

I have years of experience working with production infrastructure in Python, API layers, and secret encryption - I have my own SaaS with a backend where all this runs live, and I can show it in correspondence according to your stack.

A couple of questions to calculate accurately, not just guessing. What storage do you plan for secrets - regular Postgres/MySQL, or are you already looking towards a Vault-like backend so I can lay down the abstraction right away? And for rotation - do you want the service to go to external providers and update keys on a schedule, or does the external system rotate, and we only accept and re-encrypt the new version? This significantly affects the amount of work on connectors.

Let's discuss the details in correspondence - I will outline the stages, control points, and precise timeline calculations.

  • Projects 164
  • Rating 5.0
  • Rating 4 553

Budget: 999 UAH Deadline: 1 day

Maxime, the task is well understood: a centralized secret storage, rotation without downtime, and strict leak control. I can design a microservice so that no secret is stored openly, and the Master Key is verified at startup. I will add auditing without recording secret values, separate events for create/read/rotate, and secure token issuance via API. I have experience with Laravel and building integration services — let's discuss the architecture.

  • Projects 5
  • Rating 4.9
  • Rating 756

Budget: 2000 UAH Deadline: 7 days

Hello, I worked on a Vault-like secret management service with token rotation for 12 microservices, reducing the response time to a compromise to less than 5 minutes ⚡

Tell me, what encryption algorithm do you plan for the Master Key — AES-256-GCM or something else? And do you need support for secret versioning for seamless rotation without downtime?

I suggest we get in touch; I will consult you for free on the technical side and we can create a development plan + I will tell you about my team!

  • Projects 59
  • Rating 5.0
  • Rating 7 753

Budget: 11111 UAH Deadline: 1 day

Hello! I am an experienced developer, capable of creating bots of any complexity, ranking in the TOP-4 in the "Bot Development" category. I also develop websites and API documentation in Python, where I rank in the TOP-2.

Regarding your project, I have some clarifying questions that will affect the assessment of your task and help understand what you want. Please write to me to clarify all the details!

You can review my skills in my resume 👉 Freelancehunt
My works are also published in my portfolio 👉 Freelancehunt

💻 I am also the SEO of a team consisting of a FrontEnd developer and a BackEnd developer! So if necessary, our team of three can organize a turnkey development for you!

I look forward to your response, thank you.

  • Projects 146
  • Rating 5.0
  • Rating 6 187

Budget: 5000 UAH Deadline: 5 days

Good day
I have already implemented a similar KMS system for storing private keys for cryptocurrency wallets for a payment service. I can implement it in Python, but I need a number of clarifications.
- preferences for the database for storing keys
- will the service run on the same server as the main one, or on a separate one
- what format of interaction between it and the main service - REST, gRPC, socket, etc.

  • Projects 3
  • Rating 5.0
  • Rating 543

Budget: 26000 UAH Deadline: 9 days

Good day!
I see the architecture like this: a master key from env with validation at startup (failure with a clear error when absent/invalid length), encryption of secrets before writing to the database (using cryptography/Fernet or AES-GCM directly), decryption only in memory when requested via API. The audit log — a separate table/file recording actions (creation, reading, rotation success/fail), without any mention of secret values even in error messages. Rotation on a schedule — via Celery Beat.
My background — Python/Django/DRF, Docker constantly. I am specifically using Celery (I am already leading a similar project with this stack), approaching encryption and security audit with caution — I primarily test fail cases (invalid key, attempt to read without permissions), not just the happy path.
Please clarify: "in external systems" for rotation — are these specific APIs (which providers/services exactly), or does rotation occur only within your infrastructure? This affects the volume of the integration part.

  • Projects 32
  • Rating 5.0
  • Rating 8 010

Budget: 20000 UAH Deadline: 10 days

The task is to remove static secrets from configurations and allow services to obtain current tokens via API with automatic rotation.

Architecturally: FastAPI service, PostgreSQL for storage, encryption via Fernet (AES-128-CBC + HMAC) with a Master Key from env — upon startup, I validate the key length, otherwise fail-fast with a clear message. Rotation through APScheduler: the service updates the key in the external system (for example, via its API), atomically overwrites the encrypted value in the database. A critical point is the idempotence of rotation: if the update in the external system succeeds but the database write fails, a rollback or retry with state fixation is needed; otherwise, the key diverges. An audit trail in a separate table with action/service_id/timestamp — without secret values even in encrypted form, this is checked at the ORM model level.

Which external systems should be prioritized for rotation first — third-party SaaS (Stripe, Twilio, etc.) or internal services with their own token issuance API?

  • Projects 19
  • Rating 5.0
  • Rating 19 982

Budget: 1000 UAH Deadline: 5 days

Good day.

I have extensive experience. Shall we discuss the details?

  • Projects 5
  • Rating 5.0
  • Rating 997

Budget: 3000 UAH Deadline: 2 days

Hello. My name is Vladimir, I am a Python developer and the founder of the engineering agency Vaysed. I have thoroughly studied your task of developing a microservice for the secure storage and automatic rotation of confidential data. I understand that you need to completely eliminate the use of static keys in service configurations by implementing a strict cryptographic model with symmetric encryption based on a master key and a system of transparent audit logging without leaking the actual values. To accomplish this task, I propose designing a fault-tolerant architecture based on the FastAPI framework. We will implement the cryptographic core using the AES-GCM algorithm from the cryptography library, which will provide reliable authenticated encryption in memory before writing to the PostgreSQL database. The validation of the master key will occur strictly at the application initialization stage, with an immediate startup block in case of an incorrect key length. We will deploy the token rotation mechanism on a schedule using the Celery scheduler, and we will configure the audit of all user and service actions through specialized middleware, strictly preventing decrypted secrets from entering the logging streams. I have relevant experience in creating secure distributed architectures. In the PAYBACK CARTEL project, I developed a complex CRM system with cryptocurrency payment integration, where the cryptographic security of data and the fail-safe operation of server processes were critical factors. And in the creation of the Lumos project, I successfully implemented a reliable asynchronous monitoring mechanism in Python. You can view my portfolio at the following link: Freelancehunt I would be happy to discuss the rotation algorithms in external systems and the standards for token transmission via API in private messages.

  • Projects -
  • Rating -
  • Rating 417

Budget: 10000 UAH Deadline: 4 days

Good day! I understood the technical specifications: the rejection of "eternal" keys in .env/config — a single secure secrets service with encryption, scheduled rotation, and issuing current tokens to microservices via API "on the fly."
I will close the security model:
- secrets in the database only in encrypted form;
- Master Key only from environment variables at startup; no/invalid length → fail-fast with a clear error in the logs;
- encrypt on write, decrypt in memory when issuing via API;
- audit trail (file or table): creation, reading by the service, successful/unsuccessful rotation;
- absolutely no secret values in the audit (neither plain nor ciphertext).
How I will do it: isolated microservice (Python FastAPI or Node — according to your stack) + PostgreSQL, AES-GCM (or agreed AEAD) from Master Key, API get/put/rotate, rotation scheduler, Docker, minimal access rights between services. In production, I manage microservices and infrastructure (Docker/VPS), so the approach "secrets not in repo and not in eternal .env" is a working standard for me.
Deliverables: service + docker-compose + API schema + client integration example + audit and fail-fast description for Master Key.
Please clarify for assessment:

  • Projects 10
  • Rating 5.0
  • Rating 1 784

Budget: 2000 UAH Deadline: 1 day

Hello.
I will develop a centralized Secret Management Service that will use microservices architecture for secure storage and automatic rotation of confidential data. The system will ensure reliable encryption of secrets in the database using a Master Key passed through environment variables, and will implement strict audit logging of all operations without storing the secrets themselves. I have significant experience in implementing similar critical systems, so I can effectively apply ready-made architectural solutions and optimized scripts for the quick realization of the project. I suggest discussing all implementation details, final budget, and timelines in private messages.

  • Projects 55
  • Rating 5.0
  • Rating 4 974

Budget: 15000 UAH Deadline: 7 days

Good day!

I am a Senior Python developer with extensive experience in backend systems, microservices architecture, REST APIs, and systems related to the secure storage of confidential data.

Your task is completely clear. I can implement a centralized secret management service that will meet the described security and scalability requirements.

The project will include:

* a centralized secure secret storage;
* encryption of all secrets before writing to the database using a Master Key passed through environment variables;

  • Projects 125
  • Rating 5.0
  • Rating 4 053

Budget: 8000 UAH Deadline: 7 days

Ready to develop a microservice for managing secrets and rotating API keys, taking into account all security and logging requirements. Experience with encryption and API integrations. Let's discuss the details.

  • Projects -
  • Rating -
  • Rating 260

Budget: 7000 UAH Deadline: 11 days

Hello! I read the description of your project. It interests me, and I have experience with similar tasks. I am ready to start working and complete it with high quality.
Questions about the project:
1. Is there already a chosen external storage or database for secrets?
2. Which integrations need to be supported first?

Proposals concealed

The list does not show proposals concealed by the client or freelancer with a Plus profile, as well as proposals violating rules