Overview of Keeper Secrets Manager for IT Admins, DevOps & Developers

What is Keeper Secrets Manager?

Keeper Secrets Manager is a component of the Keeper Enterprise platform. It provides your DevOps, IT Security and software development teams with a fully cloud-based, Zero-Knowledge platform for managing all of your infrastructure secrets such as API keys, Database passwords, access keys, certificates and any type of confidential data.

Common use cases for Secrets Manager include:

  • Removing hard-coded credentials from source code

  • Replacing configuration file secrets

  • Pulling secrets into CI/CD systems like Jenkins, GitHub Actions and More

  • Protecting access to privileged passwords, API keys and other managed secrets.

  • Providing vault access to machines and applications

Keeper Platform Benefits

Keeper Secrets Manager is part of the Keeper Password Security platform. With millions of users worldwide, Keeper Password Manager + Keeper Secrets Manager provides numerous benefits over using Hashicorp Vault, Cyberark and other "legacy" Secrets Management products:

  • Superior Zero-Knowledge encryption model (learn more)

  • No hosted software or VMs to configure and manage (100% Cloud-based)

  • Secure and user-friendly Web Vault and Browser Extensions for secrets management

  • Powerful native Mobile and Desktop Applications for every device type and OS

  • Admin Console for managing enforcement policies, users, teams and provisioning

  • SAML 2.0 and Master Password user login methods

  • Shared passwords and secrets among Teams and individual users

  • Simple and fast deployment methods

  • Developer-friendly SDKs for every programming language and environment

  • Built for all users - not just DevOps!

  • Advanced Reporting & Alerts for audit and compliance

  • Integration with Slack and Microsoft Teams

  • Dedicated 24/7 support

  • SOC2, ISO27001 certified

  • FIPS 140-2 validated

  • FedRAMP Moderate (In-Process)

System Architecture

In Keeper's model, all your servers, CI/CD pipelines, developer environments and source code pull secrets from a secure API endpoint.

The client device retrieves encrypted ciphertext from the Keeper cloud and the secrets are decrypted locally on the device (not on the server). Each secret is encrypted with a 256-bit AES key, and then encrypted again by another AES-256 Application Key.

In addition to Zero-Knowledge encryption, every request to the server is additionally encrypted with an AES-256 Transmission Key on top of TLS to prevent MITM or replay attacks. This multi-layered cryptography is handled transparently using our client-side SDKs which are easy to integrate into any environment.

Detailed Keeper Platform System Architecture

High Availability and Local Cache

Keeper's infrastructure serves requests for millions of users and tens of thousands of Enterprise customers every day.

Keeper Secrets Manager benefits from the existing Keeper platform architecture in addition to an optional offline caching mechanism in all Secrets Manager SDK endpoints. If the Keeper endpoint is unavailable, the Client Device will pull the last requested Secrets from a local encrypted cache.

Integration with Keeper Password Manager

Keeper's end-user applications on the Web Vault, Desktop App, Browser Extension and Mobile Apps are built for more than just secrets.

Keeper Vault

The Keeper Admin Console provides advanced user provisioning, role enforcement policies, SSO integration, SIEM reporting, security scoring and dark web monitoring of secrets.

Advanced Reporting & Alerts

In addition to protecting all of your DevOps secrets, Keeper protects all of your end-users as a world class Enterprise Password Manager. Keeper can be deployed alongside any Single Sign-On solution such as Microsoft Azure, Okta, Ping, Duo or any other SAML 2.0 compatible identity provider.

Keeper Provisioning through SSO

Keeper's Security Audit provides insights into the password and secret strength across your infrastructure and end-users.

Security Audit Score

Keeper supports integration into any 3rd party SIEM solution like Splunk, Azure Sentinel or any other Syslog-compatible solution.

SIEM integration

Get Started

Ready to get started with Keeper Secrets Manager? Proceed to the Setup Instructions.