What we shipped this week. New features, improvements, and the occasional war story.
Speak any language (almost)
Sirr now supports 10 languages across both the docs and the dashboard. We added cookie-based locale detection, a language switcher, and RTL support for Arabic. The docs site picks up your browser language automatically — or you can override it anytime. We also shipped full documentation for audit logs, webhooks, and scoped API keys with code examples in every SDK.
Highlights
10-language i18n with automatic browser detection
New docs pages: Audit Logs, Webhooks, and API Keys
SDK examples for audit queries, webhook management, and key creation
Updated CLI reference with sirr audit and sirr keys commands
Webhooks, audit trails, and keeping an eye on things
Big day for visibility. The Sirr server now fires webhooks on every secret lifecycle event — created, read, expired, burned. Hook them up to Slack, PagerDuty, or your own automation. We also added a full audit log endpoint so you can trace exactly who accessed what and when. And for teams running multiple Sirr instances, the new instance heartbeat dashboard shows you which servers are online and when they last checked in.
Highlights
Webhook notifications for secret.created, secret.read, secret.expired, secret.burned
Append-only audit log with filterable queries
Online license validation with configurable cache
Instance heartbeat dashboard with status indicators
Secrets got a lot harder to steal
We shipped a major encryption upgrade. Every secret is now encrypted at rest with a server-generated key, and we added support for key rotation so you can cycle your encryption keys without downtime. The auth system also got an overhaul — you can now use scoped API keys with granular permissions instead of sharing the master key everywhere. Your CI pipeline can have read-only access to just the secrets it needs.
Highlights
Encryption-at-rest with server-generated keys
Key rotation support for zero-downtime secret re-encryption
Scoped API keys with read/write/delete/admin permissions
PATCH endpoint to update TTL and read limits on existing secrets
HEAD endpoint for checking secret existence without incrementing reads
Ship it (for real this time)
We spent the day getting the deployment pipeline right. Both the docs site and the dashboard now build as Docker images, ship to GHCR, and deploy automatically. Every build gets a traceable version number baked in — hit /api/version on either site and you'll see exactly which commit is running. Not glamorous work, but now we can ship multiple times a day without thinking about it.
Highlights
Automated Docker builds with multi-stage optimization
GHCR publishing with automatic public visibility
/api/version endpoint on every service for build traceability
One-command deploys to production
Day one — everything from scratch
We built the entire Sirr ecosystem in a single day. The Rust server went from first commit to full encryption, the Node.js SDK shipped, the MCP server for AI integration got wired up, and both the docs site and the SaaS dashboard went live. Also made it work on Docker with multi-arch support because nobody wants to think about whether their server is running on AMD or ARM.
Highlights
Sirr server: ChaCha20Poly1305 encryption, redb storage, full REST API
Node.js SDK with zero dependencies and native fetch
MCP server for Claude Code integration
Complete documentation site with 14 pages
SaaS dashboard with authentication and license management