Review: Keeper Secrets Manager￼
Keeper Secrets Manager combines simple deployment and management with several layers of powerful encryption and a swathe of configuration options.
Review By: Joel Witts
Technical Testing: Laura Iannini
Keeper Secrets Manager combines simple deployment and management with several layers of powerful encryption and a swathe of configuration options. Users should be aware that not every feature is included in the base product, but the 14-day trial will allow you to explore exactly which features your organization needs.
- Wide variety of integrations
- Easy deployment and rollout process for any number of users
- Easy to use and comprehensive technical feature set
- Login process needs to be repeated frequently (using Chrome Extension, switching from admin console to fault)
- Some features are only available additional paid add-ons, increasing cost & management overhead
Keeper Secrets Manager (KSM) is a secure, cloud-based platform to help users manage and protect confidential information such as company passwords, API keys and databases. KSM secures corporate secrets in a secure, encrypted vault. This helps admins to enforce the “Principle of Least Privilege”; ensuring that secrets are only available to those who need them, when they need them.
Keeper Secrets Manager uses several layers of AES256 encryption and data is only ever encrypted or decrypted on the user’s device, so only authorized users can ever view confidential data. The platform is fully compliant with NIST, PCI DSS, SOC 2, ISO 27001, HIPAA, DPA, FINRA and GDPR.
Keeper Secrets Manager also includes the core Keeper Password Manager solution.
User Management & Access Control
Users can easily be enrolled onto Keeper Secrets Manager manually, or bulk imported with a number of integrations including:
- Any SAML 2.0 compatible identity provider
- Active directory or LDAP-based services
- Other identity platforms that take advantage of SCIM
- Email auto-provisioning
Once enrolled, admins have role-based control over which actions specific users or teams are able to take. Admins can also control access to shared resources, like folders and access to specific credentials.
Users can also be quickly and easily deprovisioned when needed; admins can lock user accounts, force password expiration, or remove users altogether.
Keeper enables users to import any existing shared credentials using the Keeper Import Tool. “Secrets” are kept in a secure vault, and can include credentials, payment cards, contact information, bank account details, encrypted files, personal data such as driver’s licenses and birth certificates, and databases.
Custom secrets can also be imported if your organization needs to share custom record types or internal application data. When adding records, there are also several types of fields which can also be added as desired.
A browser extension allows users to log into websites directly from the vault without having to manually copy and paste credentials, with an option to automatically authenticate users without a manual action. Secure key sharing is enabled with Elliptic Curve Cryptography.
There is also an option to use Keeper Secrets Manager to store 2FA codes when required, by importing the QR code you would normally send to an authentication app into Keeper.
KSM provides comprehensive auditing to keep actions accountable and ensure compliance. Each record contains full visibility as to when it was last modified, who modified it, and what changes were made.
Within the admin console, there is a fully searchable log of all activity made on the platform, such as logins and modifications. These can be filtered based on user, event types and more, and exported in JSON, CSV, or Syslog formats.
For external logging, you can integrate KSM into several SIEM solutions:
Admins can also view a Security Audit, from the admin console, which displays users who are using weak or reused passwords in their vault.
Advanced reporting and alerts are available as an add-on module.
The platform has dedicated Command-Line Interface (CLI) available. CLI is ideal for admins that prefer to keep third-party applications in line with their backend or development environment. This requires Python /pip to install, but Keeper provides straightforward deployment guides.
Use of CLI is not mandatory, which makes the platform accessible to end users and admins.
In addition, the platform supports a wide range of 2FA methods and integrations.
Ease Of Use
In our review of the service, we found Keeper to be easy to manage, user friendly, and well presented. The UI is sleek and modern, while keeping all relevant info easily accessible.
Documentations comprehensive and easy to access from the admin console, and support is available 24/7 to organizations that need to access it. The platform is also available offline.
A 14-day trial of the platform is available. Detailed pricing can be found here:
Plans and pricing can be viewed here: https://www.keepersecurity.com/pricing
Overall, Keeper Secrets Manager Is a comprehensive, easy to use and highly secure corporate secrets manager. Building on the core platform of Keeper’s Password Management solution, the ability to share credentials and corporates securely, while keeping all data encrypted, is a powerful tool. KSM enables granular admin controls over user accounts, which is easy to manage and sleek, rather than overwhelming.
Keeper Secrets manager is ideal for organizations that rely on shared information such as API keys who need to reduce the number of places where this critical information is stored for both consistency, security, and compliance.