Zero-knowledge architecture, SAML SSO, per-copy audit logging and Cyber Essentials certification. Talk to us about custom pricing, SLA and compliance requirements.
We reply within one business day. No sales scripts.
SealedKeys isn't a consumer password manager with an enterprise tier tacked on. It's built for the way developers, DevOps teams and agencies actually work — with dedicated SSH key and API key types, per-copy audit logging, and a CLI for terminal and CI/CD access.
Vault key derived client-side. Server stores only ciphertext. May 2026 pentest — zero exploitable findings. Follow-up pentest covering ML-KEM-768 implementation in progress. Report available under NDA.
Cyber Essentials certified. EU-only data residency on all plans. Full DPA, signed BAA, and custom contract terms for regulated industries.
Purpose-built field layouts for the credentials your teams actually manage — not generic 'secure notes' workarounds.
ML-KEM-768 hybrid encryption protects vault data against harvest-now-decrypt-later attacks. Vaults stolen today remain unreadable even when quantum computers arrive. The first password manager to ship FIPS 203.
Every copy, view, edit and deletion logged with user email, field name, timestamp and IP. Queryable, exportable, and stored on your own EU infrastructure.
Certifications & compliance
“The audit log alone justified the switch — we can now answer the question ‘which credentials did the contractor copy before they left’ in under 30 seconds.”
— Engineering lead, London-based SaaS team