Enterprise-grade secret management without the enterprise complexity. Born from real-world production needs and refined through rigorous security standards.
Built for developers who care about security. Designed for enterprises that demand compliance.
AES-256-GCM encrypted storage with version control, expiration, and secure sharing
Complete key management from creation to rotation, with usage analytics and anomaly detection
Model Context Protocol support for secure AI tool access with approval workflows
HMAC-signed, tamper-proof audit trails for complete compliance visibility
Role-based access control (RBAC) with fine-grained permissions and multi-tenancy
PBKDF2 key derivation, automatic key rotation, and TLS 1.3 for data in transit
Compliance built-in, not bolted-on. Every feature designed with SOC 2 and ISO 27001 in mind.
Intuitive TypeScript APIs that feel natural to use. Get started in minutes, not hours.
import { SecretService } from '@lanonasis/security-service';
const secretService = new SecretService();
// Store a secret
await secretService.storeSecret(
'DATABASE_URL',
'postgresql://...',
{
tags: ['database', 'production'],
expiresAt: '2024-12-31'
}
);
// Retrieve a secret
const dbUrl = await secretService.getSecret('DATABASE_URL');import { ApiKeyService } from '@lanonasis/security-service';
const apiKeyService = new ApiKeyService();
// Create an API key
const apiKey = await apiKeyService.createApiKey({
name: 'Production API Key',
keyType: 'api_key',
environment: 'production',
rotationFrequency: 90
}, userId);
// Rotate an API key
await apiKeyService.rotateApiKey(keyId, userId);// Register an MCP tool
const tool = await apiKeyService.registerMCPTool({
toolId: 'claude-code-assistant',
toolName: 'Claude Code Assistant',
permissions: {
keys: ['GITHUB_TOKEN', 'AWS_ACCESS_KEY'],
environments: ['development', 'staging'],
maxConcurrentSessions: 3,
maxSessionDuration: 900
},
autoApprove: false,
riskLevel: 'medium'
}, userId);
// Request access to secrets
const requestId = await apiKeyService.createMCPAccessRequest({
toolId: 'claude-code-assistant',
keyNames: ['GITHUB_TOKEN'],
environment: 'development',
justification: 'Code review automation',
estimatedDuration: 600
});Secure, standards-based authentication that never exposes user passwords. Perfect for IDE extensions, CLI tools, and third-party integrations.
// 1. Generate code verifier & challenge
const codeVerifier = generateCodeVerifier();
const codeChallenge = await generateCodeChallenge(codeVerifier);
// 2. Redirect to authorization endpoint
const authUrl = `/oauth/authorize?client_id=cursor-extension&code_challenge=${codeChallenge}`;
// 3. User authenticates in browser
// 4. Receive authorization code
// 5. Exchange code + verifier for tokens
const tokens = await exchangeCode(code, codeVerifier);
// 6. Store tokens securely (SecretStorage)
await storage.store('vortexshield_token', tokens.accessToken);Built-in data masking, anonymization, and PII detection. Privacy by design, compliance by default.
import { PrivacySDK } from '@lanonasis/privacy-sdk';
const privacy = new PrivacySDK();
// Mask sensitive data
const maskedEmail = privacy.maskData('user@example.com', { type: 'email' });
// Result: u***r@example.com
// Detect PII in text
const detected = privacy.detectPII('Contact: john@example.com or 555-1234');
// Returns: [{ type: 'email', value: 'john@example.com', position: 9 }]
// Sanitize entire objects
const sanitized = privacy.sanitizeObject(userData, {
email: { type: 'email' },
phone: { type: 'phone' }
});Switch vendors without changing code. Complete separation between client requests and vendor implementations.
// Client code - vendor agnostic
const result = await abstraction.executeAbstractedCall(
'payment',
'processPayment',
{
amount: 100.00,
currency: 'USD',
customerId: 'cust_123'
},
'stripe' // Optional: prefer specific vendor
);
// Abstraction layer handles:
// 1. Input validation
// 2. Vendor selection
// 3. Format transformation
// 4. Error handling
// 5. Response normalizationFrom fintech to healthcare, VortexShield secures Africa's digital economy
PCI DSS compliant payment processing and transaction security
Multi-tenant secret management and API key lifecycle
Secure international transactions and compliance automation
Encrypted data processing and GDPR-compliant storage
See what security professionals and enterprises are saying about VortexShield
"VortexShield transformed our secret management. The OAuth2 PKCE integration was seamless, and compliance reporting saved us weeks of audit preparation."
Sarah Chen
CTO, FinTech Startup
PaySecure Africa
"The vendor abstraction layer is brilliant. We switched payment processors without changing a single line of code. Game-changer for our architecture."
Michael Okafor
Lead Security Engineer
CrossBorder Commerce
"GDPR compliance was our biggest concern. The Privacy SDK's automatic PII detection and masking made compliance effortless. Highly recommended."
Amina Hassan
Data Protection Officer
HealthTech Solutions
Built-in support for global compliance standards and regulatory frameworks
Powered by @lanonasis/ai-sdk — interactive security assistant
Hi! I'm VortexShield AI
Your security-focused assistant. Ask me anything!
Join forward-thinking companies across Africa that trust VortexShield for their security needs