If you're looking for a LastPass alternative, this is an honest comparison. SealedKeys is not a like-for-like replacement — it's a different product with different strengths. Here's what's actually different.
In short
SealedKeys is a zero-knowledge alternative to LastPass for technical teams: unlike LastPass, the server never holds keys that can decrypt your vault. SAML SSO is included in the standard Pro plan — LastPass gates it behind Enterprise — and pricing starts well below LastPass Teams. It adds dedicated SSH and API-key storage, EU data residency and UK Cyber Essentials certification.
These are the most common reasons teams consider switching. We're not making claims on LastPass's behalf — these are documented or publicly stated facts.
LastPass disclosed that encrypted password vaults were stolen in a 2022 security incident. Customer vault data was accessed by an unauthorised party.
LastPass uses server-side key management for some operations. A zero-knowledge architecture means the server never holds keys that can decrypt your vault.
SAML SSO is available only on LastPass Enterprise, which carries significantly higher per-user pricing. SealedKeys includes SSO in the standard Pro plan.
LastPass is primarily designed for website logins. SSH key storage and dedicated API key management require workarounds.
An honest, factual comparison. SealedKeys is not better in every dimension — we've noted where LastPass has the advantage.
| Feature | SealedKeys | LastPass |
|---|---|---|
| Zero-knowledge architecture | — Server-side encryption keys | |
| SAML 2.0 SSO | Included in Pro | — Enterprise tier only |
| SSH key storage | Dedicated field type | — Not supported |
| API key storage | Dedicated field type | — Workaround via notes |
| EU data residency | — US-based primarily | |
| Open-source encryption | github.com/sealedkeys/crypto | — Closed source |
| Audit log — who copied what | User email, IP & field name on every copy, view, edit or deletion | Enterprise tier only; logged on LastPass servers |
| Breach monitoring & alerts | Email alerts, zero-knowledge | Dark web monitoring |
| Post-quantum encryption (NIST FIPS 203) | ML-KEM-768 hybrid — first PM to ship | — Not implemented |
| Mobile apps | — Web only currently | |
| Browser extension | — Roadmap | |
| Price (team, per user/month) | £3.49 | ~£6.50+ |
Pricing and features may change. Verify directly with each vendor before making a decision.
The question nobody asks until it's too late
When a credential leaks, the first question is always who had access? Chrome logs nothing. LastPass logs events on LastPass's own servers — you don't control that data, and it's only available on Enterprise.
SealedKeys logs every copy, view, edit and deletion against the user's email address, the field they accessed (password vs username vs API key), timestamp and IP address — stored in your own EU-hosted database, visible only to you. Free on every plan.
Who
User email address
What
Which field was copied
When & where
Timestamp + IP address
No — SealedKeys is an earlier-stage product. LastPass has mobile apps, a browser extension and a larger feature set built over many years. SealedKeys is currently web-only and focuses on teams who need SSH key storage, API key management, SSO and audit trails — areas where LastPass has gaps or higher pricing tiers.
Yes. Export your LastPass vault as a CSV and import it into SealedKeys. The importer supports the LastPass export format and will map logins to the appropriate secret types.
Yes. Your vault key is derived in your browser from your master password using PBKDF2-SHA256 with 600,000 iterations. All encryption happens client-side with AES-256-GCM. The server stores only ciphertext — it has no mechanism to decrypt your secrets.
In 2022, LastPass disclosed that encrypted customer vaults were stolen. The company stated that vaults were encrypted, but the incident raised concerns about their encryption architecture. SealedKeys uses a zero-knowledge model where the server cannot access vault encryption keys.
Not currently — SealedKeys is a web application. A browser extension is on the roadmap. If auto-fill is a hard requirement for you, LastPass or Bitwarden may currently be a better fit.
Free to start — no credit card. Import your LastPass export in minutes.