Keeper Secrets Manager is a component of the Keeper Enterprise platform. It provides your DevOps, IT Security and software development teams with a fully cloud-based, Zero-Knowledge platform for managing all of your infrastructure secrets such as API keys, Database passwords, access keys, certificates and any type of confidential data.
Common use cases for Secrets Manager include:
Removing hard-coded credentials from source code
Replacing configuration file secrets
Pulling secrets into CI/CD systems like Jenkins, GitHub Actions and More
Protecting access to privileged passwords, API keys and other managed secrets.
Providing vault access to machines and applications
Keeper Secrets Manager is part of the Keeper Password Security platform. With millions of users worldwide, Keeper Password Manager + Keeper Secrets Manager provides numerous benefits over using Hashicorp Vault, Cyberark and other "legacy" Secrets Management products:
Superior Zero-Knowledge encryption model (learn more)
No hosted software or VMs to configure and manage (100% Cloud-based)
Secure and user-friendly Web Vault and Browser Extensions for secrets management
Powerful native Mobile and Desktop Applications for every device type and OS
Admin Console for managing enforcement policies, users, teams and provisioning
SAML 2.0 and Master Password user login methods
Shared passwords and secrets among Teams and individual users
Simple and fast deployment methods
Developer-friendly SDKs for every programming language and environment
Built for all users - not just DevOps!
Advanced Reporting & Alerts for audit and compliance
Integration with Slack and Microsoft Teams
Dedicated 24/7 support
SOC2, ISO27001 certified
FIPS 140-2 validated
FedRAMP Moderate (In-Process)
In Keeper's model, all your servers, CI/CD pipelines, developer environments and source code pull secrets from a secure API endpoint.
The client device retrieves encrypted ciphertext from the Keeper cloud and the secrets are decrypted locally on the device (not on the server). Each secret is encrypted with a 256-bit AES key, and then encrypted again by another AES-256 Application Key.
In addition to Zero-Knowledge encryption, every request to the server is additionally encrypted with an AES-256 Transmission Key on top of TLS to prevent MITM or replay attacks. This multi-layered cryptography is handled transparently using our client-side SDKs which are easy to integrate into any environment.
Keeper's infrastructure serves requests for millions of users and tens of thousands of Enterprise customers every day.
Keeper Secrets Manager benefits from the existing Keeper platform architecture in addition to an optional offline caching mechanism in all Secrets Manager SDK endpoints. If the Keeper endpoint is unavailable, the Client Device will pull the last requested Secrets from a local encrypted cache.
Keeper's end-user applications on the Web Vault, Desktop App, Browser Extension and Mobile Apps are built for more than just secrets.
The Keeper Admin Console provides advanced user provisioning, role enforcement policies, SSO integration, SIEM reporting, security scoring and dark web monitoring of secrets.
In addition to protecting all of your DevOps secrets, Keeper protects all of your end-users as a world class Enterprise Password Manager. Keeper can be deployed alongside any Single Sign-On solution such as Microsoft Azure, Okta, Ping, Duo or any other SAML 2.0 compatible identity provider.
Keeper's Security Audit provides insights into the password and secret strength across your infrastructure and end-users.
Keeper supports integration into any 3rd party SIEM solution like Splunk, Azure Sentinel or any other Syslog-compatible solution.
Ready to get started with Keeper Secrets Manager? Proceed to the Setup Instructions.