Working across multiple clients means managing credentials for each one — securely, separately, and in a way that holds up to client scrutiny. SealedKeys is built for exactly that.
In short
SealedKeys is a zero-knowledge password manager for working with contractors and freelancers, letting you share specific secrets with read-only or member roles and cleanly off-board access when projects end. Every action is logged, and secrets are encrypted client-side with AES-256-GCM.
Contractors hold credentials for production systems across multiple clients simultaneously. A single password manager shared between client work creates real risk — if one client's environment is compromised, your entire credential store is a target.
At the same time, government and enterprise clients increasingly ask contractors to demonstrate how they handle secrets. “I use 1Password” isn't an answer when the client wants an audit trail and Cyber Essentials compliance.
SealedKeys gives you isolated vaults per client, a complete audit log, zero-knowledge encryption, and UK-hosted infrastructure — all in a tool you can point to when the question comes up.
Every feature designed around the multi-client, compliance-conscious contractor.
Keep each client's credentials in isolated vaults. No risk of cross-contamination — and instant revocation when a contract ends.
Zero-knowledge architecture means your secrets are encrypted before leaving your device. No third-party has access — compatible with sensitive government environments.
Every time a secret is viewed, copied or changed, it's logged. Demonstrate compliance to clients with a complete access history.
Sign in via the client's Okta, Entra ID or Google Workspace. Zero-knowledge preserved — your vault key never touches the SSO provider.
End of contract? Export an encrypted backup the client can hold. Or revoke access and they retain nothing. Your choice.
Required for many UK government contracts. SealedKeys is Cyber Essentials certified — use a tool that meets the standard you're being assessed against.
Solo or small team — the same zero-knowledge vault, no per-seat enterprise pricing.
Free
£0
25 items · 1 user
Pro
£3.49/mo
Unlimited items · per user
Yes. SealedKeys supports multiple organisations (vaults) per account. You can maintain separate, fully isolated vaults for each client — credentials in one vault are never visible from another. When a contract ends, simply remove access or delete the vault.
SealedKeys is Cyber Essentials certified, meeting the UK government's NCSC baseline security standard. The zero-knowledge architecture, encrypted storage and audit trail align with Cyber Essentials controls around access control and malware protection.
Yes. SealedKeys supports SAML 2.0 single sign-on, compatible with Okta, Microsoft Entra ID and Google Workspace. If your client has provisioned you an SSO account, you can authenticate via their identity provider. The zero-knowledge architecture is fully preserved — your vault key is still derived client-side.
You have two options: export an encrypted backup that the client can hold independently, or delete the vault and all credentials are gone from SealedKeys immediately. Nothing persists on the server because the server stores only ciphertext — and without your master password, it is unreadable.
SealedKeys' zero-knowledge architecture means no third party — including SealedKeys — can access your secrets. Combined with EU data residency, Cyber Essentials certification and an open-source encryption layer, it is compatible with sensitive government and defence environments. Confirm specific clearance requirements with your contracting authority.
The Free plan covers 25 vault items at no cost — suitable for a small number of clients. Pro is £3.49/user/month and includes unlimited vault items, unlimited organisations, SAML SSO and priority support. No contracts, cancel any time.
Free to start — no credit card. Takes 2 minutes to set up.