A zero-knowledge password and secrets manager built with UK compliance in mind. Cyber Essentials certified, EU-hosted, and zero-knowledge — the questions your clients and auditors ask, already answered.
The certifications, hosting and architecture UK businesses are asked about.
SealedKeys holds UK Cyber Essentials certification — the NCSC's baseline security standard. Required for many UK government contracts and increasingly expected by enterprise buyers.
Your data is stored on Hetzner infrastructure in the EU and never transferred outside. Relevant for UK GDPR compliance and clients who ask where their data is processed.
Zero-knowledge architecture means SealedKeys doesn't process your secrets — we store only ciphertext. Combined with EU hosting, this simplifies your data processing obligations.
Full log of who accessed, copied, edited or deleted every secret — with timestamp, user and IP. Demonstrate compliance to clients, auditors and Cyber Essentials assessors.
Single sign-on with your existing identity provider. Centralise access control and offboarding without maintaining separate credentials for every tool.
Website logins, API keys, SSH private keys, TOTP seeds, recovery codes and secure notes — all encrypted identically with AES-256-GCM.
Cyber Essentials is mandatory for many MoD and Crown Commercial Service contracts. Use a tool that already meets the standard you're being assessed against.
Manage client credentials separately across isolated vaults. Instantly revoke access when projects end. Demonstrate credential hygiene to clients who ask.
EU data residency and zero-knowledge architecture simplify FCA-adjacent compliance conversations. No plaintext at rest — ever.
Handle client API keys, portal logins and sensitive documents with a full audit trail. Know exactly who accessed what and when.
Yes. SealedKeys holds UK Cyber Essentials certification, meeting the NCSC baseline security controls around boundary firewalls, secure configuration, access control, malware protection and patch management. This is relevant for UK government supply chain requirements and increasingly for enterprise procurement.
SealedKeys is designed with UK GDPR in mind. Data is stored on EU infrastructure (Hetzner, Germany) and is never transferred outside the EU. Zero-knowledge architecture means we don't process your secrets as a data controller — we store only encrypted ciphertext that we cannot read. A Data Processing Agreement is available on request.
Your encrypted vault data is stored on Hetzner servers in Germany (EU). No data is transferred to US-based infrastructure. TLS 1.3 protects data in transit; AES-256-GCM protects data at rest. The server stores only ciphertext — the encryption key is derived on your device and never transmitted.
SealedKeys is Cyber Essentials certified, EU-hosted and zero-knowledge — all relevant for government supply chain work. The zero-knowledge architecture means we cannot be compelled to hand over readable vault contents. However, specific clearance-level requirements (SC, DV) should be confirmed with your contracting authority.
Yes. Email hello@sealedkeys.com and we'll provide a DPA. Given the zero-knowledge architecture, SealedKeys' role as a data processor is minimal — we cannot read the data you entrust to us.
LastPass is not Cyber Essentials certified and had a significant data breach in 2022. 1Password is not Cyber Essentials certified and is US-based by default. SealedKeys is Cyber Essentials certified, EU-hosted by default on all plans, and open-source in its encryption layer — better positioned for UK compliance requirements.
25 items free. Pro at £3.49/user/month. Cyber Essentials certified from day one.