SealedKeys holds UK Cyber Essentials certification. Use a password manager that already meets the standard you're being assessed against — with zero-knowledge encryption, full audit logs and EU data residency.
Cyber Essentials covers five technical controls. Here's how SealedKeys directly supports each one.
Only authorised users can access your systems and data
Role-based access control with team vaults, granular permissions, SSO integration, and instant revocation. Every access is logged.
Devices and software are configured to reduce vulnerabilities
Default-secure: zero-knowledge by design, TLS 1.3 in transit, AES-256-GCM at rest, no default passwords, no shared admin credentials in the vault.
Protect against malware and other attacks
Client-side encryption means stolen database data is useless. Breach detection via HIBP k-anonymity in the Security dashboard. TOTP seed storage for MFA on all accounts.
Software is up to date and vulnerabilities are addressed promptly
SaaS model — SealedKeys manages infrastructure patching. No software to deploy or maintain on your end.
Protect against external threats
Hetzner EU infrastructure with network-level protection, TLS 1.3 termination at Nginx, and no inbound access other than HTTPS.
Evidence-ready from day one.
UK Government Cyber Essentials certification — the NCSC baseline security standard. Evidence of this certification is available for your assessment paperwork.
Data stored on Hetzner infrastructure in Germany. Never transferred to the US or third countries. Evidenced hosting location available on request.
Every secret access, copy, edit and deletion logged with timestamp, user and IP. Produce an access history for any secret during an assessment or incident review.
Encryption key derived client-side — the server never holds a key that can decrypt your secrets. A breach of SealedKeys cannot expose your credentials.
Centralise identity and access management via Okta, Entra ID or Google Workspace. Deprovisioning in your IdP immediately revokes SealedKeys access.
The encryption implementation is published on GitHub. Your IT assessor can verify the zero-knowledge claim independently — no vendor trust required.
Cyber Essentials is a UK government-backed certification scheme that defines baseline security controls for organisations. It is mandatory for suppliers bidding for many UK government contracts involving handling personal data or providing certain technical services. A Cyber Essentials certified password manager helps you demonstrate that your access control and credential management practices meet the standard.
SealedKeys holds Cyber Essentials certification. Cyber Essentials Plus involves an independent technical audit — details of current certification status are available on request by emailing hello@sealedkeys.com.
SealedKeys provides role-based access control, team vaults with granular permissions, SAML 2.0 SSO for centralised identity, immediate access revocation, and a full audit log of every access event. These directly address the Cyber Essentials access control control.
Yes. SealedKeys' Cyber Essentials certificate can be cited as evidence that your password management tool meets the standard. The audit log provides access history evidence. The zero-knowledge architecture and EU hosting can support answers to questions about data storage and encryption.
Yes. SealedKeys supports TOTP-based MFA for all accounts. You can also store TOTP seeds for other accounts within the vault. SAML SSO delegates authentication to your identity provider, which may enforce its own MFA policies.
SealedKeys aligns with UK GDPR (EU data residency, zero-knowledge processing model, DPA available), NCSC guidance on password management (unique strong passwords, breach detection), and ISO 27001 controls around access management and cryptography. It is designed with the requirements of UK government suppliers in mind.
25 items free. Pro at £3.49/user/month. No credit card required.