Keeper Secrets Manager

Manage and protect your cloud infrastructure with zero-trust and zero-knowledge security.

Why Thousands of Enterprises Use Keeper

Modern secrets management at scale

Easiest to Deploy

Easiest to Deploy

Easiest to Manage

Easiest to Manage

Most Secure

Most Secure

Competitively Priced

Competitively Priced

Privileged credentials are some of the highest-value targets for cybercriminals

Keeper Secrets Manager is a fully managed cloud-based, zero-knowledge platform for securing infrastructure secrets such as API keys, database passwords, access keys, certificates and any type of confidential data.

Watch Full Demo

Manage access rights and permissions with role-based access controls
Integrate secrets into your infrastructure, containers and build systems
Keeper Secrets Manager event timeline and usage metrics.

Capabilities of Keeper Secrets Manager

Secure your environment and eliminate secrets sprawl by removing hard-coded credentials from your source code, config files and CI/CD systems.

  • Manage access rights and permissions with role-based access controls
  • Integrate secrets into your infrastructure, containers and build systems
  • Consolidate your secrets in a unified platform with auditability
  • Automate the rotation of access keys, passwords and certificates
  • Expand the capabilities of your Keeper EPM platform for enterprise-wide coverage
  • Team members can manage an unlimited number of secrets, applications and environments

Seamlessly Integrates with Your IT Stack

Integrates with all popular CI/CD systems, SDKs for all major programming languages and supports any type of machine to protect your infrastructure.

Integrations with CI/CD systems and SDKS like Docker, Tarraform, Jenkins and Splunk

Why choose Keeper over other secrets management solutions?

  • Fully managed, cloud-based and IT friendly

    Keeper is a cloud secrets manager that is user-friendly. No hosted software, no complex VPC peering requirements and no new infrastructure to configure and manage. Keeper does NOT have access to your environment, your hardware or your instances.

  • Zero-trust and zero-knowledge security

    Keeper provides a superior zero-knowledge encryption model, designed to ensure that only YOU can access your vault. Secrets can only be decrypted on the designated devices which you manage. Learn more about Keeper's encryption model.

  • Protects IT infrastructure - no matter how complex

    With millions of users and thousands of Enterprise customers, Keeper is available on any device, anywhere you are.

Keeper Secrets Manager vs. Traditional Secrets Management Solutions

Feature

Keeper Secrets Manager

Traditional Secrets Management Solutions Other

100% Cloud
Keeper is a fully managed service.
Requires hosted servers by customer or in the cloud.
Always On
The Keeper Vault backend is a managed service with an API that is Always On.
Some solutions require additional steps to unseal the vault before use.
High Availability Built-In
Keeper's backend service is automatically HA with no configuration by the customer.
HA requires multiple vault servers, clustering, storage engine and configuration.
Zero Maintenance
Keeper is a fully-managed service with unlimited scaling capacity.
Hosted infrastructure requires more servers to scale, and licensing may stop usage when limits are reached.
Works Offline
SDK and Client Devices support caching of Vault ciphertext.
Requests are typically routed through an on-premise server.
SSL Built-In
All requests to the Keeper vault service are encrypted with TLS and an additional layer of 256-bit AES to prevent MITM.
SSL certificates have to be self provisioned and involve complex installation procedures.
Zero-Knowledge Encryption Model
Client devices decrypt the Vault secrets locally after retrieval. Keeper has no ability to decrypt stored vault data.
Many solutions use REST APIs that are in plaintext or decrypt data on the server.
Zero-Trust Access Model for Vault Secrets
Device is scoped to specific secrets and least permission.
Many solutions have a break glass capability which overrides any trust models that have been setup.
Cloud-Based Reporting, Alerts and SIEM Integration
Cloud based auditing and reporting engine is built into all platforms, Admin Console, Vault clients.
Telemetry is typically sent to a SIEM where all alerting and detection has to be built manually.
Slack and Microsoft Teams Alerts
Ability to push events to Microsoft Teams, Slack or any other Third-party alerting system.
This feature is not available.
Browser Plugins
Web browser plugins available for all popular browsers - e.g. Chrome, Safari, Firefox, Edge.
Easy-to-use browser extensions are rarely available, and have limited capabilities.
End-User Web Vault
User-friendly Web Vault available from any location.
Vaults are typically only assigned to privileged users, forcing sharing and cross-team communication to use less secure channels.
Native Desktop Application
User-friendly Desktop application available for Mac, Windows and Linux.
Desktop applications are typically not available
iOS App
User-friendly native iOS application available for all users.
No mobile application for accessing vault secrets.
Android App
User-friendly native Android application available for all users.
No mobile application for accessing vault secrets.
Mobile App Autofill
Keeper autofills across all mobile web and native applications.
Autofill for mobile apps and sites is not available.
Cloud-Based Admin Console
Cloud-based Admin Console for provisioning users, devices and reporting.
Admin UI typically requires direct access to on premise components.
Website Autofill
Keeper can autofill secrets into any website.
Cannot autofill secrets across websites.
Native App Autofill

KeeperFill® for Apps provides native app autofill on Mac and PC devices.

Cannot autofill into end users native applications.
MSP Multi-Tenant Version
Keeper MSP version provides multi-tenant and reseller configuration.
Multi-tenant solutions are limited compared to Keeper.
Dark Web Monitoring
BreachWatch is built into the secrets manager vault for dark web monitoring.
No ability to monitor the dark web for breached secrets.
Personal Vaults for Family Members
Keeper provides a free consumer Family Plan license to all business customers.
Does not offer a consumer or end-user vault.

KSM base pricing covers 2,500 API calls per month and is billed annually. Additional API calls are billed monthly.

Key Features

  • Vault Secrets are provisioned to devices and machines through an intuitive UI or CLI
  • Each authorized user gets a private, encrypted vault for storing and managing their passwords, credentials, files and shared secrets
  • Developer SDKs are provided in popular programming languages to access and update secrets with a few lines of code
  • Plugins and integrations are provided in popular CI/CD platforms and build tools
  • Centralized Admin Console provides role-based access controls, provisioning, reporting, auditing and user management
  • Granular event reporting and alert capabilities with SIEM integration

Secrets Manager FAQs

What is secrets as a service?

Secrets as a Service, also known as secrets management, is a software platform that manages secrets separately from the applications they provide access to. Rather than hardcoding secrets or saving them in config files, secrets are stored in and retrieved from a secrets management platform.

What are secrets management tools?

Secret management tools are software platforms that allow companies to store, transmit and manage digital authentication credentials, like passwords, SSH keys, API keys, TLS/SSL certificates, tokens, encryption keys, privileged credentials and other secrets.

Secrets management tools provide centralized visibility, oversight and management of a business's credentials, keys and secrets across the organizational data environment, reducing the risks of secrets misuse or compromise.

Is DevOps secrets management important?

Secrets management is extremely important in DevOps environments, where common CI/CD pipeline tools such as Jenkins, Ansible, Github Actions, and Azure DevOps use secrets to access databases, SSH servers, HTTPS services, and other sensitive systems. These secrets are either stored in a config file for the deployment system or in one of a dozen different storage vaults, all of which provide wildly different capabilities depending on the product. In a scenario where admins aren’t storing credentials in config files or systems, they’re likely being stored in their DevOps environments, and admins may or may not have any auditability or alerting on usage of these secrets.

Trusted and loved by millions of people

Protect Your IT Infrastructure Against Cybercriminals Today.

close
Keeper Secrets Manager

Traditional Secrets Management Solutions

close
English (US) Call Us
Try it Free