KeeperPAM and Secrets Manager

KeeperPAM is a modern, cloud-based Privileged Access Manager

Overview

KeeperPAM is a next-gen privileged access management solution that secures and manages access to critical resources, including servers, web apps, databases and workloads.

KeeperPAM consolidates enterprise password management, secrets management, connection management, zero-trust network access, remote browser isolation and an cloud-based access control plane in one unified product.

To learn more about KeeperPAM or sign up for a trial:


KeeperPAM vs. KCM

KeeperPAM is a cloud-native privileged access solution that requires only a lightweight gateway installation, while Keeper Connection Manager (KCM) is a fully self-hosted solution.

KeeperPAM works through outbound-only connections with zero-knowledge encryption, eliminating the need for inbound firewall rules or direct line-of-sight to resources. In contrast, KCM is fully hosted by the customer with control over the authentication, database, web server, reverse proxy and session recordings.

In summary, KeeperPAM is designed for organizations embracing cloud transformation and zero-trust security, while KCM serves specialized use cases requiring full infrastructure control, such as classified environments or those with specific compliance requirements like PIV/CAC authentication.

Features

Several new and exciting capabilities of KeeperPAM are now available in Preview:

  • Zero-trust connections launched from the Vault

  • Tunnels established from the Desktop App for ZTNA

  • Sharing connections without exposing credentials

  • Sharing tunnels on a time-limited basis

  • Built-in SSH Agent for use with and without tunneling

  • Launching remote browser isolation sessions

  • Session recording and playback

  • File transfer with drag-and-drop

  • Splitting credentials between PAM Resources and PAM Users

  • Discovery of resources

  • All new Keeper Gateway setup wizard

  • Docker-based deployment of the Keeper Gateway

  • Role-based enforcement policies covering PAM use cases

  • Event reporting of all PAM activity with SIEM integration


Key Differentiators

  • Unified with the Keeper Vault: Keeper PAM features integrates directly with the Keeper Vault, offering a centralized, secure platform for managing credentials, connections, and privileged access.

  • Zero-Knowledge Security: Built on a zero-knowledge architecture, KeeperPAM ensures that only the end user can access their data, with no visibility or access for Keeper itself.

  • Agentless Deployment: With a simplified setup process, KeeperPAM requires only the deployment of a single gateway in each target environment, using agentless protocols to manage infrastructure.

  • Credential-less Sharing: Users can securely share access to connections without exposing passwords, enhancing both security and usability

Getting Started

Before jumping into the KeeperPAM advanced capabilities, we require that you first set up your Keeper Enterprise or Keeper MSP license and set up your basic environment.

Contact the Keeper Team

If you are an existing customer, your customer success team can activate KeeperPAM in your account.

For technical questions during the Preview period, you can also email pam@keepersecurity.com which routes to our engineers.

About this Documentation

This documentation is broken out into 3 sections:

Additional documentation on the Keeper platform can be found here:

Next Steps

Last updated