DevOps teams manage more credential types than anyone else — SSH keys, cloud tokens, CI/CD secrets, database passwords, TOTP seeds. SealedKeys is built for that reality, not adapted from a consumer password manager.
SealedKeys supports all of these — not just website logins.
Server access, bastion hosts, deployment keys, GitHub deploy keys
AWS access keys, GCP service account keys, Azure service principals
Pipeline tokens, registry credentials, signing keys, webhook secrets
Production DB passwords, read replicas, migration users
Monitoring, alerting, logging, CDN, DNS providers
Shared 2FA for AWS root, domain registrar, DNS console, hosting panels
Not a consumer password manager bolted onto enterprise features.
Dedicated field layouts for SSH private keys and API tokens. Not shoehorned into a password field — the right data shape for each secret type.
Every access event logged. Useful for SOC 2, ISO 27001 and internal security reviews — evidence of who accessed production credentials and when.
Integrate with Okta, Azure AD or Google Workspace. Engineers sign in with existing corporate credentials — no separate password to manage.
Credentials encrypted in the browser with AES-256-GCM. The server stores only ciphertext. A breach of SealedKeys does not mean a breach of your infrastructure.
Senior engineers manage credentials; junior engineers get read-only access to what they need. Contractors get scoped read-only access and instant revocation.
The encryption implementation is published on GitHub. Your security team can verify the cryptographic implementation without taking our word for it.
No — they solve different problems. HashiCorp Vault is for programmatic, application-level secrets injection. SealedKeys is for the humans on your team who need to access, share and manage credentials securely. They complement each other: Vault for apps, SealedKeys for people.
Yes. Use the API key type to store the access key ID and secret access key together, with notes for the associated IAM user, environment and permissions. Tag by environment (production, staging) for quick filtering.
Yes. SealedKeys supports TOTP-based multi-factor authentication for all accounts. We recommend all team members enable MFA, especially for access to production credentials.
GitHub Actions secrets are tied to repositories and accessible to anyone with repo access. SealedKeys gives your team a separate vault with finer-grained access control, an audit trail across all secrets (not just repo-scoped ones), and a UI for managing the full lifecycle of credentials.
Yes. Store the TOTP seed as a secret in the shared team vault. Authorised team members can view the seed and use it in their authenticator app. All access is logged.
25 items free. No credit card. SSH keys, API tokens and more — encrypted in your browser.