Secrets Management & Vault brand directory

HashiCorp Vault is an enterprise-grade, identity-based secrets management and encryption platform that centralizes the storage, access control, auditing, and lifecycle management of secrets (API keys, passwords, certificates, encryption keys) across dynamic, multi-cloud infrastructure. It provides dynamic secrets generation, encryption as a service, PKI certificate management, and secret sprawl detection (via Vault Radar), with extensive integrations across cloud providers, identity systems, Kubernetes, and CI/CD tooling.

Infisical is an open-source, all-in-one security platform for developers that centralizes and secures secrets (API keys, database credentials, environment variables), TLS/PKI certificates, SSH keys, and privileged access across modern infrastructure. It provides dynamic secrets, automated secret rotation, just-in-time PAM, AI agent credential management, and native integrations with all major CI/CD, cloud, and IaC tools—available as a managed SaaS or fully self-hosted deployment.

Akeyless provides a unified, SaaS-native Identity Security Platform that secures credentials, certificates, encryption keys, and access for machines, AI agents, and humans. Its core innovation is the Vaultless® architecture powered by patented Distributed Fragments Cryptography (DFC), eliminating the need for on-premises vault clusters while delivering zero-knowledge security. The platform encompasses secrets management (static, dynamic, rotated), certificate lifecycle management, modern PAM with just-in-time access, multi-vault governance across cloud providers, multi-cloud KMS, and AI agent identity security including agentic runtime authority. It integrates natively across CI/CD, Kubernetes, DevOps toolchains, and cloud IAM systems.

Doppler is a developer-first, cloud-native secrets management platform (SecretOps) that centralizes the storage, syncing, rotation, and governance of application secrets across environments, CI/CD pipelines, cloud infrastructure, and AI agent workflows—replacing insecure .env files and complex vault solutions with an intuitive, integration-rich managed platform.

CyberArk Conjur is a secrets management platform spanning open-source (Conjur OSS), self-hosted enterprise, and SaaS tiers. It secures non-human identities and machine credentials through policy-based RBAC, encrypted vaulting, dynamic secret injection, and automated rotation, with deep integrations across the DevOps and cloud toolchain.

Keeper Security offers a unified identity security platform anchored by KeeperPAM, which integrates enterprise password management, Keeper Secrets Manager (for DevOps and machine-to-machine credential security), privileged session management, endpoint privilege management, and remote connection management. Keeper Secrets Manager is a fully cloud-managed, zero-knowledge secrets vault purpose-built for DevOps teams to store, access, and automatically rotate infrastructure secrets—API keys, database credentials, SSH keys, and certificates—without hard-coded credentials, and integrates natively with all major CI/CD, IaC, and container platforms.

1Password is an enterprise password manager and secrets automation platform that secures credentials, secrets, and access for humans, developers, and AI agents. It combines an end-to-end encrypted credential vault (AES-256, zero-knowledge, Secret Key) with a developer secrets layer (CLI, SDKs, Connect Server, shell plugins, VS Code extension, CI/CD integrations) and an extended access management suite (SaaS discovery and governance, device trust, SCIM provisioning, SSO, SIEM streaming). Recent expansion includes passkeys management, agentic AI credential security, and SaaS spend management via the Trelica acquisition.

Bitwarden Secrets Manager is an open-source, end-to-end encrypted secrets vault for developer and DevOps teams that centralizes storage, access control, and deployment of infrastructure secrets—including API keys, database credentials, SSH keys, and TLS certificates—via a CLI, SDK, and native integrations with CI/CD and infrastructure-as-code tooling.

Delinea is an enterprise identity security platform specializing in privileged access management (PAM) and secrets management. Its product suite—anchored by Secret Server (enterprise vault), DevOps Secrets Vault (CI/CD secrets), Privilege Manager (endpoint control), and the cloud-native Delinea Platform with Iris AI—addresses credential vaulting, automated rotation, session monitoring, just-in-time access, and identity governance across on-premises, cloud, and hybrid environments. The 2026 StrongDM acquisition extends the portfolio with developer-first, runtime JIT authorization for modern infrastructure and AI agents.

Fortanix Data Security Manager (DSM) is an enterprise unified security platform combining secrets management, KMS, HSM-as-a-Service, tokenization, and database encryption in one product, secured by confidential computing (Intel SGX). Additional platform modules include Confidential Computing Manager (for enclave workload orchestration), Confidential AI (for securing AI model inference), Armet AI (AI data and model security), and Key Insight (cryptographic posture assessment). The platform targets security architects, data teams, and DevSecOps in regulated industries seeking hardware-grade trust without dedicated HSM appliance sprawl.

BeyondTrust Password Safe is an enterprise privileged access and secrets management platform that unifies privileged password management, DevOps secrets management (Secrets Safe), SSH key management, and privileged session recording in a single solution. Delivered as an on-premises appliance, cloud-hosted (AWS, Azure, GCP), or SaaS, it automates credential discovery, onboarding, rotation, and access control for human and machine identities. Secrets Safe provides a REST API-first, CLI-enabled interface with native Kubernetes Sidecar and External Secrets Operator support for securing CI/CD pipeline credentials. The broader BeyondTrust Pathfinder Platform extends PAM to endpoint least-privilege enforcement, secure remote access, remote support, and AI-powered identity threat detection under a unified console.