Pick the engine. Keep the integration.
Nine focused engines that already share one auth model, one config format, and one telemetry pipeline. Use one in isolation or bundle them all into a single Moat process.
Stop building yet another JWT service. Sigil issues and rotates JWTs, API keys, HMAC secrets, refresh tokens, and passwords from one envelope-encrypted store — with lifecycle hooks and pub/sub baked in.
Hand Cipher a plaintext, get back a ciphertext — your app never sees a key. Rotate every key with one command, and trust that plaintext never lands on disk.
Stash encrypts blobs before they reach S3 and derives a fresh key per object. Shred the wrapping key and the data is gone — perfect for forgettable user uploads and sensitive artifacts.
Veil runs fuzzy, prefix, and contains queries over encrypted documents — decrypting, matching, and re-encrypting in memory. The keys stay where they belong: in Cipher.
Forge issues, renews, and revokes short-lived X.509 certificates with a handful of commands. The internal CA you needed yesterday — without a six-month PKI project.
Sentry evaluates versioned policies and signs every allow and deny. The audit trail isn't a log file you have to trust — it's cryptographically verifiable end-to-end.
Courier decrypts, renders, sends, and zeroizes — plaintext exists only long enough to leave the building. PII-bearing emails, alerts, and webhooks without the lingering footprint.
Database passwords, API keys, connection strings — out of .env files and into Keep. Encrypted by Cipher, scoped by Sentry, rotatable on demand.
Chronicle aggregates decision logs, command traces, and key lifecycle events into one queryable stream. Answer auditor questions without grepping seven log files.