# Architecture

## Overview <a href="#overview" id="overview"></a>

KeeperPAM is a Zero-Knowledge platform, ensuring that encryption and decryption of secrets, connections, and tunnels occur locally on the end user's device through the Keeper Vault application. Access to resources in the vault is restricted to users with explicitly assigned permissions, enabling them to establish sessions or tunnels securely.

Keeper's zero-trust connection technology further enhances security by providing restricted and monitored access to target systems without direct connectivity, while never exposing underlying credentials or secrets.

### Animated Flow <a href="#overview" id="overview"></a>

The video demonstration below outlines the overall data flow and security architecture of KeeperPAM.

{% embed url="<https://vimeo.com/1046903326?share=copy&fl=sv&fe=ci>" %}

If the above Vimeo link is not showing, download the mp4 video file below.

{% file src="/files/H9pW5q8g2qm1djylXRtB" %}

### Chapters

This security content will cover the key areas of KeeperPAM:

* [Architecture Diagram](/keeperpam/privileged-access-manager/getting-started/architecture/system-architecture.md)
* [Vault Security](/keeperpam/privileged-access-manager/getting-started/architecture/vault-security.md)
* [Router Security](/keeperpam/privileged-access-manager/getting-started/architecture/router-security.md)
* [Gateway Security](/keeperpam/privileged-access-manager/getting-started/architecture/gateway-security.md)
* [Connection and Tunnel Security](/keeperpam/privileged-access-manager/getting-started/architecture/connection-and-tunnel-security.md)<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/keeperpam/privileged-access-manager/getting-started/architecture.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.