Alternatives to HashiCorp Vault
Compare HashiCorp Vault alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to HashiCorp Vault in 2026. Compare features, ratings, user reviews, pricing, and more from HashiCorp Vault competitors and alternatives in order to make an informed decision for your business.
-
1
Passwork
Passwork
Passwork is an on-premise corporate password manager built for security-conscious organizations. Developed and headquartered in Europe (Barcelona, Spain), Passwork meets GDPR, NIS2, ENS and other European regulatory requirements by design. All passwords and credentials are stored exclusively on your own server. Double-layer AES-256 encryption (server-side and client-side) with zero-knowledge architecture means your data stays within your infrastructure, fully under the control of your system administrators. Passwork is ISO/IEC 27001 certified. Your data never leaves your infrastructure. Trusted by enterprises for secure password sharing, privileged access management, & centralized credential governance. -
2
StrongDM
StrongDM
StrongDM is a People-First Access platform that gives technical staff a direct route to the critical infrastructure they need to be their most productive. End users enjoy fast, intuitive, and auditable access to the resources they need, and administrators leverage simplified workflows to enhance security and compliance postures. - We open up a clear, direct path that gives individualized access to the right people and keeps everyone else out. - Total visibility into everything that’s ever happened in your stack. Security and Compliance teams can easily answer who did what, where, and when. - Admins have precise control over what each user has access to—without these controls ever getting in the way of productivity - IT, InfoSec, and Administrators have precise controls. Unauthorized access is eliminated because users never see resources they don’t have permission to use. -All past, present, and future infrastructure is supported - Responsive 24/7/365 customer support. -
3
Securden Password Vault for Enterprises
Securden, Inc
Securden Password Vault for Enterprises is a scalable, enterprise-grade credential management solution available in both cloud (SaaS) and on-premise deployments. It centralizes the storage of passwords, SSH keys, DevOps secrets, files, and other sensitive data in an AES-256 encrypted vault, helping organizations enforce strong security controls and defend against insider and external threats. The solution enables secure credential storage, granular access controls, automated password rotation, and just-in-time access while providing full visibility through audit logs, session recordings, and real-time alerts. IT teams can launch secure remote connections such as RDP, SSH, and SQL directly from the vault without exposing credentials. Trusted by enterprises worldwide, Securden helps organizations strengthen security posture, streamline credential governance, improve operational efficiency, and meet compliance requirements across industries. -
4
GitGuardian
GitGuardian
GitGuardian is an end-to-end NHI security platform that empowers software-driven organizations to enhance their Non-Human Identity (NHI) security and comply with industry standards. With attackers increasingly targeting NHIs, such as service accounts and applications, GitGuardian integrates Secrets Security and NHI Governance. This dual approach enables the detection of compromised secrets across your dev environments while also managing non human identities and their secrets lifecycle. The platform supports over 450+ types of secrets, offers public monitoring for leaked data, and deploys honeytokens for added defense. Trusted by over 600,000 developers, GitGuardian is the choice of leading organizations like Snowflake, ING, BASF and Bouygues Telecom for robust secrets protection.Starting Price: $0 -
5
Satori
Satori
Satori is a Data Security Platform (DSP) that enables self-service data and analytics. Unlike the traditional manual data access process, with Satori, users have a personal data portal where they can see all available datasets and gain immediate access to them. Satori’s DSP dynamically applies the appropriate security and access policies, and the users get secure data access in seconds instead of weeks. Satori’s comprehensive DSP manages access, permissions, security, and compliance policies - all from a single console. Satori continuously discovers sensitive data across data stores and dynamically tracks data usage while applying relevant security policies. Satori enables data teams to scale effective data usage across the organization while meeting all data security and compliance requirements. -
6
SharePass
SharePass
SharePass is a SaaS Secret Management platform that allows sharing and managing secrets and confidential information using a web application, extension, or mobile app. SharePass works with encrypted links transmitted from the sender to the receiver with various settings and flags. The settings include expiry restriction, availability, IP restrictions and an entire filtering funnel (patent pending). SharePass is platform-independent that can be used with your existing communication tools. When it comes to your privacy, SharePass or any of its employees cannot see the content of your secrets; the secrets can be seen only by the exchanging parties. SharePass meets the latest cybersecurity compliance and regulations. In the era of identity theft, SharePass will protect you and prevent your data from leaking to the dark web by eliminating your digital footprint. SharePass supports SSO with Office365, Google Workspace, MFA, and integration with Yubikeys for maximum security.Starting Price: Free -
7
Titaniam
Titaniam
Titaniam provides enterprises and SaaS vendors with a full suite of data security/privacy controls in a single, enterprise grade solution. This includes highly advanced options such as encryption-in-use that enables encrypted search and analytics without decryption, and also traditional controls such as tokenization, masking, various types of encryption, and anonymization. Titaniam also offers BYOK/HYOK (bring/hold your own key) for data owners to control the security of their data. If attacked, Titaniam minimizes regulatory overhead by providing evidence that sensitive data retained encryption. Titaniam’s interoperable modules can be combined to support hundreds of architectures across multiple clouds, on-prem, and hybrid environments. Titaniam provides the equivalent of 3+ categories of solutions making it the most effective, and economical solution in the market. Titaniam is featured by Gartner, IDC, and TAG Cyber and has won coveted industry awards e.g. SINET16 and at RSAC2022. -
8
Immuta
Immuta
Immuta is the market leader in secure Data Access, providing data teams one universal platform to control access to analytical data sets in the cloud. Only Immuta can automate access to data by discovering, securing, and monitoring data. Data-driven organizations around the world trust Immuta to speed time to data, safely share more data with more users, and mitigate the risk of data leaks and breaches. Founded in 2015, Immuta is headquartered in Boston, MA. Immuta is the fastest way for algorithm-driven enterprises to accelerate the development and control of machine learning and advanced analytics. The company's hyperscale data management platform provides data scientists with rapid, personalized data access to dramatically improve the creation, deployment and auditability of machine learning and AI. -
9
Doppler
Doppler
Stop struggling with scattered API keys, hacking together home-brewed configuration tools, and avoiding access controls. Give your team a single source of truth with Doppler. The best developers automate the pain away. Create references to frequently used secrets in Doppler. Then when they need to change, you only need to update them once. Your team's single source of truth. Organize your variables across projects and environments. The scary days of sharing secrets over Slack, email, git, zip files, are over. After adding a secret, your team and their apps have it instantly. Like git, the Doppler CLI smartly knows which secrets to fetch based on the project directory you are in. Gone are the futile days of trying to keep ENV files in sync! Practice least privilege with granular access controls. Reduce exposure when deploying with read-only service tokens. Contractor needs access to just development? Easy!Starting Price: $6 per seat per month -
10
Teampass
Teampass
TeamPass is a password manager dedicated to managing passwords in a collaborative way by sharing them among team members. Teampass offers a large set of features permitting you to manage your passwords and related data in an organized way with respect to the access rights defined for each user. Teampass is highly customizable to fit your specific needs and constraints. Teampass secures your data and your users at several levels with encryption. It relies on Defuse PHP encryption library which provides a very secure cryptographic protocol. Teampass provides a lot of options and features permitting you to customize it to your needs. Decide how you want to set up your instance of Teampass to achieve your goals in terms of team sharing. Teampass allows you to fine-tune the user's access rights to the existing Items. Depending on your local policies, Teampass helps to ensure that only allowed people have access to expected data.Starting Price: Free -
11
Alliance Key Manager
Townsend Security
Once data is encrypted, your private information depends on enterprise-level key management to keep that data safe. The solution provides high availability, standards-based enterprise encryption key management to a wide range of applications and databases. Alliance Key Manager is a FIPS 140-2 compliant enterprise key manager that helps organizations meet compliance requirements and protect private information. The symmetric encryption key management solution creates, manages, and distributes 128-bit, 192-bit, and 256-bit AES keys for any application or database running on any Enterprise operating system. Encryption keys can be restricted based on several criteria. The most permissive level requires a secure and authenticated TLS session to the key server. Individual encryption keys can be restricted to users, groups, or specific users in groups. Enterprise-wide groups can be defined and keys can be restricted to Enterprise users, groups, or specific users in groups.Starting Price: $4,800 one-time payment -
12
Box KeySafe
Box
Securely manage your own encryption keys. With Box KeySafe, you have complete, independent control over your encryption keys. All key usage is unchangeable and includes a detailed record of key usage, so you can track exactly why your organization’s keys are being accessed — with no impact on user experience. If you ever see suspicious activity, your security team can cut off access to the content at any time. And it's all on top of the enterprise-grade security and compliance you get with the leading Content Cloud. We leverage Key Management Services (KMS) from Amazon Web Services (AWS) and Google Cloud Platform (GCP) to help you manage your encryption keys. Box KeySafe supports AWS KMS Custom Key Store and GCP Cloud HSM KMS to provide the control and protection of a dedicated hardware security module (HSM), without requiring you to manage any hardware.Starting Price: $130 per month -
13
Akeyless Identity Security Platform
Akeyless
Akeyless delivers identity security for an era shaped by automation and AI. The cloud-native platform secures machines, AI agents, and human access across hybrid, multi-cloud, and on-prem environments. It provides a practical path to secretless, identity-based access through secrets management, certificate lifecycle management and PKI, PAM, and unified governance. Akeyless is built on a cryptography foundation that combines encryption, key management, and Distributed Fragments Cryptography to keep sensitive material under customer control and protected from post-quantum threats. With integrations for cloud IAM, Kubernetes, CI/CD, and MCP-based AI agent workflows, teams can adopt and scale AI agents securely without expanding risk. Akeyless Jarvis™ delivers identity intelligence to surface risky access and strengthen oversight. -
14
HashiCorp Consul
HashiCorp
A multi-cloud service networking platform to connect and secure services across any runtime platform and public or private cloud. Real-time health and location information of all services. Progressive delivery and zero trust security with less overhead. Receive peace of mind that all HCP connections are secured out of the box. Gain insight into service health and performance metrics with built-in visualization directly in the Consul UI or by exporting metrics to a third-party solution. Many modern applications have migrated towards decentralized architectures as opposed to traditional monolithic architectures. This is especially true with microservices. Since applications are composed of many inter-dependent services, there's a need to have a topological view of the services and their dependencies. Furthermore, there is a desire to have insight into health and performance metrics for the different services. -
15
Onboardbase
Onboardbase
Onboardbase is the a secret management infrastructure platform that provides single source of shared truth for app secrets and usage. It helps dev teams securely share and work with environment-specific configs at every development stage, synced across infrastructure without compromising security - this means development teams can focus on building great apps rather than managing secrets and data. Secrets are dynamically kept up to date across your environments and infrastructure, with 50+ integrations and growing. Dev teams can monitor and audit how long, where and when your secrets are used and revoke usage anywhere with a click. Powerful always-on codebase scanning features prevent developers from accidentally leaking secrets to production, maintaining a robust security model.Starting Price: Free -
16
Fortanix Data Security Manager
Fortanix
Minimize expensive data breaches and accelerate regulatory compliance with a data-first approach to cybersecurity. The Fortanix DSM SaaS offering is purpose-built for the modern era to simplify and scale data security deployments. It is protected by FIPS 140-2 Level 3 confidential computing hardware and delivers the highest security and performance standards. The DSM accelerator is an optional add-on to achieve the highest performance for latency-sensitive applications. A Single System of Record and Pane of Glass for Crypto Policy, Key Lifecycle Management, and Auditing in a Scalable SaaS Solution That Makes Data Security a Breeze. -
17
Ubiq
Ubiq Security
Encrypt your most sensitive data before it leaves the application, so the storage layer – and adversaries – only ever see ciphertext. Application-native client-side encryption protects data from sophisticated attackers, supply-chain attacks, and insider threats. Most at-rest encryption solutions – transparent disk encryption, full disk encryption, etc. – are ineffective against modern threats because they grant admins, key processes, and attackers (who exploit privileged access) implicit access to plaintext data. Eliminate this gap and bridge the divide between engineering, security, and compliance teams with Ubiq’s developer-first, encryption-as-code platform. Lightweight, prepackaged code and open source encryption libraries that quickly integrate into any application type for native client-side encryption and set-and-forget key management.Starting Price: $0.001 per encrypt -
18
EncryptRIGHT
Prime Factors
EncryptRIGHT simplifies application-level data protection, delivering robust encryption, tokenization, dynamic data masking, and key management functionality, along with role-based data access controls and a data-centric security architecture, to secure sensitive data and enforce data privacy. EncryptRIGHT is architected to deploy quickly with very little integration effort and scale from a single application to thousands of applications and servers on premises or in the cloud. Our unique Data-Centric Security Architecture allows information security teams to comprehensively define an EncryptRIGHT Data Protection Policy (DPP) and to bind the policy to data itself, protecting it regardless of where the data is used, moved or stored. Programmers do not need to have cryptography expertise to protect data at the application layer – they simply configure authorized applications to call EncryptRIGHT and ask for data to be appropriately secured or unsecured in accordance with its policy.Starting Price: $0 -
19
SecretHub
SecretHub
Upgrade security throughout the stack with a unified secrets management platform that every engineer can use – from admin to intern. Putting passwords and API keys in source code creates a security risk. But handling them properly creates complexity that makes it extremely cumbersome to deploy. Git, Slack, and email are designed to share information, not to keep secrets. Copy-pasting values and waiting on that one admin who holds all the keys simply don't scale when you're deploying software multiple times a week. It's impossible to track who accessed what secrets at what time, making compliance audits a nightmare. Eliminate secrets in source code by replacing plaintext values with a reference to the secret. SecretHub then automatically loads secrets into your app the moment it starts. Use the CLI to encrypt and store secrets and then simply tell the code where to look for the secret. Your code is now free of secrets and can be shared with everyone on your team.Starting Price: $99 per month -
20
Protect your file and database data from misuse and help comply with industry and government regulations with this suite of integrated encryption products. IBM Guardium Data Encryption consists of an integrated suite of products built on a common infrastructure. These highly-scalable solutions provide encryption, tokenization, data masking and key management capabilities to help protect and control access to databases, files and containers across the hybrid multicloud—securing assets residing in cloud, virtual, big data and on-premise environments. Securely encrypting file and database data with such functionalities as tokenization, data masking and key rotation can help organizations address compliance with government and industry regulations, including GDPR, CCPA, PCI DSS and HIPAA. Guardium Data Encryption's capabilities—such as data access audit logging, tokenization, data masking and key management—help meet regulations such as HIPAA, CCPA or GDPR.
-
21
iSecurity Field Encryption
Raz-Lee Security
iSecurity Field Encryption protects sensitive data using strong encryption, integrated key management and auditing. Encryption is vital for protecting confidential information and expediting compliance with PCI-DSS, GDPR, HIPAA, SOX, other government regulations and state privacy laws. Ransomware attacks any file it can access including connected devices, mapped network drivers, shared local networks, and cloud storage services that are mapped to the infected computer. Ransomware doesn’t discriminate. It encrypts every data file that it has access to, including the IFS files. Anti-Ransomware quickly detects high volume cyber threats deployed from an external source, isolates the threat, and prevents it from damaging valuable data that is stored on the IBM i while preserving performance. -
22
OpenText Data Privacy & Protection Foundation (Voltage) provides organizations with quantum-ready, format-preserving security that protects sensitive data without disrupting workflows or analytics. It helps companies meet evolving regulatory requirements by securing information at rest, in motion, and in use across hybrid and cloud environments. With NIST-standardized Format-Preserving Encryption and stateless key management, the platform delivers high-performance protection at enterprise scale. Its persistent data security approach ensures that sensitive information remains safeguarded throughout its lifecycle, even as it moves across systems and analytics platforms. Trusted globally across more than 50 countries, the solution is relied on by major financial, healthcare,& retail organizations to secure billions of daily data events. By combining proven cryptography with flexible integrations, OpenText enables organizations to reduce breach risk while maintaining operational agility.
-
23
Enigma Vault
Enigma Vault
Enigma Vault is your PCI level 1 compliant and ISO 27001 certified payment card, data, and file easy button for tokenization and encryption. Encrypting and tokenizing data at the field level is a daunting task. Enigma Vault takes care of all of the heavy liftings for you. Turn your lengthy and costly PCI audit into a simple SAQ. By storing tokens instead of sensitive card data, you greatly mitigate your security risk and PCI scope. Using modern methods and technologies, searching millions of encrypted values takes just milliseconds. Fully managed by us, we built a solution to scale with you and your needs. Enigma Vault encrypts and tokenizes data of all shapes and sizes. Enigma Vault offers true field-level protection; instead of storing sensitive data, you store a token. Enigma Vault provides the following services. Enigma Vault takes the mess out of crypto and PCI compliance. You no longer have to manage and rotate private keys nor deal with complex cryptography. -
24
Azure Key Vault
Microsoft
Enhance data protection and compliance with Key Vault. Secure key management is essential to protect data in the cloud. Use Azure Key Vault to encrypt keys and small secrets like passwords that use keys stored in hardware security modules (HSMs). For more assurance, import or generate keys in HSMs, and Microsoft processes your keys in FIPS validated HSMs (hardware and firmware) - FIPS 140-2 Level 2 for vaults and FIPS 140-2 Level 3 for HSM pools. With Key Vault, Microsoft doesn’t see or extract your keys. Monitor and audit your key use with Azure logging—pipe logs into Azure HDInsight or your security information and event management (SIEM) solution for more analysis and threat detection. -
25
Adaptive
Adaptive
Adaptive is a data security platform designed to prevent sensitive data exposure across all human and non-human entities. It offers a secure control plane to protect and access data, featuring an agentless architecture that requires zero network reconfiguration and can be deployed in the cloud or on-premises. The platform enables organizations to share privileged access to data sources without sharing actual credentials, enhancing security posture. It supports just-in-time access to various data sources, including databases, cloud infrastructure resources, data warehouses, and web services. Adaptive also facilitates non-human data access by connecting third-party tools or ETL pipelines through a central interface without exposing data source credentials. To minimize data exposure, the platform provides data masking and tokenization for non-privileged users without altering access workflows. Comprehensive audibility is achieved through identity-based audit trails across all resources. -
26
Protegrity
Protegrity
Our platform allows businesses to use data—including its application in advanced analytics, machine learning, and AI—to do great things without worrying about putting customers, employees, or intellectual property at risk. The Protegrity Data Protection Platform doesn't just secure data—it simultaneously classifies and discovers data while protecting it. You can't protect what you don't know you have. Our platform first classifies data, allowing users to categorize the type of data that can mostly be in the public domain. With those classifications established, the platform then leverages machine learning algorithms to discover that type of data. Classification and discovery finds the data that needs to be protected. Whether encrypting, tokenizing, or applying privacy methods, the platform secures the data behind the many operational systems that drive the day-to-day functions of business, as well as the analytical systems behind decision-making. -
27
Use keys to protect the secrets, personal data, and sensitive information you store in the cloud. Create and delete keys, set up access policies, and perform rotation via the management console, CLI, or API. Yandex KMS implements symmetric and asymmetric cryptography. Use the REST or RPC API to encrypt and decrypt small amounts of data, such as secrets and local encryption keys, as well as to sign data using e-signature schemes. You manage access to encrypted data, and Yandex KMS ensures the reliability and physical security of keys. Hardware Security Modules (HSMs) are available. Encrypt small amounts of data using the SDK in Java or Go. To encrypt larger amounts of data, the service is integrated with popular encryption libraries, including the AWS Encryption SDK and Google Tink. Integration with Yandex Lockbox makes it possible to encrypt secrets with your own keys. Secrets and data can also be protected using encryption keys in Managed Service for Kubernetes.Starting Price: $0.0230 per month
-
28
Segura
Segura
Segura® (formerly senhasegura) is a cybersecurity company focused on Privileged Access Management (PAM). Its platform helps organizations secure and manage privileged identities, credentials, and secrets across hybrid and cloud environments. Segura supports use cases such as credential vaulting, session monitoring, privilege elevation, and secrets management for DevOps. Designed to simplify complex identity security challenges, Segura provides IT teams with visibility, control, and tools to reduce risk and support compliance. The company operates globally through a network of partners and serves customers across key sectors, including finance, healthcare, government, telecom, and critical infrastructure. -
29
Knox
Pinterest
Knox is a secret management service. Knox is a service for storing and rotation of secrets, keys, and passwords used by other services. Pinterest has a plethora of keys or secrets doing things like signing cookies, encrypting data, protecting our network via TLS, accessing our AWS machines, communicating with our third parties, and many more. If these keys become compromised, rotating (or changing our keys) used to be a difficult process generally involving a deploy and likely a code change. Keys/secrets within Pinterest were stored in git repositories. This means they were copied all over our company's infrastructure and present on many of our employees laptops. There was no way to audit who accessed or who has access to the keys. Knox was built to solve these problems. Ease of use for developers to access/use confidential secrets, keys, and credentials. Confidentiality for secrets, keys, and credentials. Provide mechanisms for key rotation in case of compromise. -
30
Skyflow
Skyflow
Skyflow lets you run workflows, logic and analytics on fully encrypted data. Skyflow leverages multiple encryption and tokenization techniques for optimal security. Manage data residency, access, and policy enforcement, with auditable logs and provenance. Get to compliance in minutes, not weeks. Our trusted infrastructure and simple REST and SQL APIs make it easy. Tokenization for compliance, plus an encrypted data store so you can search, analyze, and use secure data. Run Skyflow in a virtual private cloud you choose. Use it as secure gateway, zero trust data store, and more. Replace a difficult-to-maintain patchwork of point solutions with a single cost-effective data vault. Leverage the power of your sensitive data in any workflow or application without ever decrypting the data. -
31
Salesforce Shield
Salesforce
Salesforce Shield is a comprehensive data security and compliance solution designed to protect sensitive information across the Salesforce platform. It provides advanced tools to monitor user activity, encrypt data, track changes, and detect sensitive information in real time. With Event Monitoring, organizations gain granular visibility into user behavior, API activity, and system performance through detailed event logs. Platform Encryption allows businesses to encrypt sensitive data at rest while maintaining control over encryption keys and compliance requirements. Field Audit Trail extends data history tracking to strengthen integrity and support forensic-level compliance. Data Detect uses intelligent pattern matching to identify and classify sensitive information such as credit card numbers and personal identifiers. Together, these capabilities help organizations mitigate risk, meet regulatory standards, and securely deploy AI-powered solutions like Agentforce.Starting Price: $25 per month -
32
CyberArk Machine Identity Security
CyberArk
CyberArk Machine Identity Security provides comprehensive protection for all machine identities, including secrets, certificates, workload identities, and SSH keys. The platform offers centralized visibility and scalable automation to secure these non-human identities throughout their lifecycle. Designed to help organizations reduce risk and maintain resilience, CyberArk ensures secure machine identity management across on-premises, cloud, and hybrid environments. -
33
Password.link
Password.link
The link can only be opened once. This ensures nobody has opened it before the recipient and nobody can open it again afterward. The encrypted secret is deleted from our database when it has been viewed. There's no way to view it again. Sending secrets in plain text exposes them to threats even after the message has been long forgotten. Using a one-time link ensures that there are no valid credentials lying around in email inboxes or archived instant messages. Half of the encryption key is stored in the link itself and never seen by us or anyone else. Viewing the secret is not possible without the original link. Using our service you can create a one-time link to the credentials and be sure nobody sees them before the recipient. You can also configure notifications to be sent via different channels so you know when the credentials have been viewed, and by who.Starting Price: €8.99 per month -
34
Keywhiz
Keywhiz
Keywhiz is a system for managing and distributing secrets. It can fit well with a service oriented architecture (SOA). Here is an overview in presentation format. Common practices include putting secrets in config files next to code or copying files to servers out-of-band. The former is likely to be leaked and the latter difficult to track. Keywhiz makes managing secrets easier and more secure. Keywhiz servers in a cluster centrally store secrets encrypted in a database. Clients use mutually authenticated TLS (mTLS) to retrieve secrets they have access to. Authenticated users administer Keywhiz via CLI. To enable workflows, Keywhiz has automation APIs over mTLS. Every organization has services or systems that require secrets. Secrets like TLS certificates/keys, GPG keys, API tokens, database credentials. Keywhiz is reliable and used in production, however occasional changes may break API backward compatibility. -
35
AWS Secrets Manager
Amazon
AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text. Secrets Manager offers secret rotation with built-in integration for Amazon RDS, Amazon Redshift, and Amazon DocumentDB. Also, the service is extensible to other types of secrets, including API keys and OAuth tokens. In addition, Secrets Manager enables you to control access to secrets using fine-grained permissions and audit secret rotation centrally for resources in the AWS Cloud, third-party services, and on-premises. AWS Secrets Manager helps you meet your security and compliance requirements by enabling you to rotate secrets safely without the need for code deployments.Starting Price: $0.40 per month -
36
TrueZero Tokenization
Spring Labs
TrueZero’s vaultless data privacy API replaces sensitive PII with tokens allowing you to easily reduce the impact of data breaches, share data more freely and securely, and minimize compliance overhead. Our tokenization solutions are leveraged by leading financial institutions. Wherever PII is stored, and however it is used, TrueZero Tokenization replaces and protects your data. More securely authenticate users, validate their information, and enrich their profiles without ever revealing sensitive data (e.g. SSN) to partners, other internal teams, or third-party services. TrueZero minimizes your in-scope environments, speeding up your time to comply by months and saving you potentially millions in build/partner costs. Data breaches cost $164 per breached record, tokenize PII & protect your business from data loss penalties and loss of brand reputation. Store tokens and run analytics in the same way you would with raw data. -
37
Acra
Cossack Labs
Data leakage prevention in your app made simple. Acra encryption suite provides data protection in distributed applications, web and mobile apps with PostgreSQL, MySQL, KV backends through selective encryption. Encryption of sensitive and personal data is mandated by regulations (GDPR, HIPAA, CCPA, PCI DSS) and industry best practices. However, building cryptography into distributed application is often a tedious task, which has a limited security impact and plenty of architectural trade-offs. Acra is here to change it. Acra is one tool that covers 9 data security controls. Acra is built to mitigate data leakage risks while providing defense in depth across the whole data lifespan within the application. Acra is easy to integrate, doesn't require significant modifications in the existing code, provides reliable data security, reduces MTTD and MTTR. Acra provides an integration library that can encrypt any record with AcraServer’s key.Starting Price: $10000 per year -
38
Entro
Entro Security
Non-Human Identity & Secrets Security Platform. A pioneer in non-human identity management, Entro enables organizations to securely utilize non-human identities and secrets, overseeing their usage and automating their lifecycle from inception to rotation. Secrets-based cyber attacks are devastating and growing as more and more secrets are created by R&D teams and spread across various vaults and repositories with no real secret management, monitoring, or security oversight. Streamline and secure your non-human identity lifecycle management. With Entro, security teams can now oversee and protect Non-human identities with automated lifecycle management and seamless integration, ensuring comprehensive security & compliance through a unified interface. -
39
Delinea Secret Server
Delinea
Protect your privileged accounts with our enterprise-grade Privileged Access Management (PAM) solution. Available both on-premise or in the cloud. Get up and running fast with solutions for privileged account discovery, turnkey installation and out-of-the-box auditing and reporting tools. Manage multiple databases, software applications, hypervisors, network devices, and security tools, even in large-scale, distributed environments. Create endless customizations with direct control to on-premise and cloud PAM. Work with professional services or use your own experts. Secure privileges for service, application, root, and administrator accounts across your enterprise. Store privileged credentials in an encrypted, centralized vault. Identify all service, application, administrator, and root accounts to curb sprawl and gain a full view of your privileged access. Provision and deprovision, ensure password complexity and rotate credentials. -
40
VGS Platform
Very Good Security
The VGS Vault enables users to safely store their tokenized data. This creates a safe haven for your most sensitive data. In the event of a breach, there’s nothing to steal. You can’t hack what’s not there. VGS is the modern approach to data security. Our SaaS solution gives you all the benefits of interacting with sensitive and regulated data without the liability of securing it. Use the interactive example to see how data is transformed by VGS. Choose Redact or Reveal to hide or display data, respectively. Whether you’re building a new product and want best-in-class security from the start or are an established company looking to eliminate compliance as a roadblock to new business, VGS can help. VGS takes on the liability of securing your data, eliminating the risk of data breaches and reducing compliance overhead. For companies that prefer to vault their own data, VGS layers on protection to the systems, preventing unauthorized access and leakage. -
41
TokenEx
TokenEx
Alongside Payment Card Information (PCI), Personally Identifiable Information (PII) also known as personal information and Protected Health Information (PHI) have become a favorite target of hackers. TokenEx can tokenize any type of data, so PII, PHI, PCI, ACH, etc. can be safely vaulted away from business systems and replaced with tokens that are mathematically unrelated to the original data and, thus, useless to data thieves. Tokenization offers virtually unlimited flexibility in how you store, access, and secure your sensitive data sets. -
42
keyhold.io
keyhold.io
Your clients send credentials via Slack. Your contractors have passwords in email threads. Chaos. keyhold.io is a zero-knowledge secret custody platform for teams who manage credentials that aren't theirs. Send secure request links, collect credentials encrypted before they reach our servers, and get full audit trails of every access. Built for MSPs, agencies, and anyone tired of sensitive access scattered across chat threads.Starting Price: £50/month -
43
IBM Guardium Key Lifecycle Manager centralizes, simplifies and automates the encryption key management process to help protect encrypted data and simplify encryption key management. It offers secure, robust key storage, key serving and key lifecycle management for self-encrypting applications and solutions using interoperability protocols including KMIP, IPP and REST. Guardium Key Lifecycle Manager helps customers meet regulations such as PCI DSS, Sarbanes-Oxley and HIPAA by providing access control, key rotation and other automated key lifecycle management processes. Provides centralized, simplified and transparent key management through the secure storage of key material and the serving of keys at the time of use. Offers simple, secure integration with supported protocols including KMIP, IPP and REST. Reduces key management costs by automating the assignment and rotation of keys.
-
44
Baffle
Baffle
Baffle provides universal data protection from any source to any destination to control who can see what data. Enterprises continue to battle cybersecurity threats such as ransomware, as well as breaches and losses of their data assets in public and private clouds. New data management restrictions and considerations on how it must be protected have changed how data is stored, retrieved, and analyzed. Baffle’s aim is to render data breaches and data losses irrelevant by assuming that breaches will happen. We provide a last line of defense by ensuring that unprotected data is never available to an attacker. Our data protection solutions protect data as soon as it is produced and keep it protected even while it is being processed. Baffle's transparent data security mesh for both on-premises and cloud data offers several data protection modes. Protect data on-the-fly as it moves from a source data store to a cloud database or object storage, ensuring safe consumption of sensitive data. -
45
WinZip SafeShare
WinZip
A modernized sharing experience. Share your files with confidence and security in an intuitive environment built with simplicity in mind. This powerful sharing tool allows you to share, compress, and encrypt, all within a simple interface. Easily share files to one or many locations, surrounded by extra layers of security, including military-grade encryption and time bomb capabilities. Enjoy expanded cloud services, including OpenStack and SwiftStack regions and credential files, Alibaba, Wasabi, HP, Oracle, Azure, WebDAV, CenturyLink, IONOS and OVH cloud providers. Combine multiple PDF files into a single PDF file to save, zip, or share. Streamline workflow when sharing via Slack IM. Manage files shared by WinZip or ZipShare. Open and view, share again or remove shared files. Keep track of which Zip files you have shared via WinZip or ZipShare. Email anyone directly from WinZip by adding contacts from all your supported sources into one combined address book.Starting Price: $34.95 one-time payment -
46
OPAQUE
OPAQUE Systems
OPAQUE Systems offers a leading confidential AI platform that enables organizations to securely run AI, machine learning, and analytics workflows on sensitive data without compromising privacy or compliance. Their technology allows enterprises to unleash AI innovation risk-free by leveraging confidential computing and cryptographic verification, ensuring data sovereignty and regulatory adherence. OPAQUE integrates seamlessly into existing AI stacks via APIs, notebooks, and no-code solutions, eliminating the need for costly infrastructure changes. The platform provides verifiable audit trails and attestation for complete transparency and governance. Customers like Ant Financial have benefited by using previously inaccessible data to improve credit risk models. With OPAQUE, companies accelerate AI adoption while maintaining uncompromising security and control. -
47
Privacy1
Privacy1
Privacy1 infrastructure brings transparency, safeguards GDPR | CCPA compliance, builds trust for your business. The solution shields your data centric organizations, lower data leak risks, ensures that no personal data is processed except with the right permission. The service has built in rich features you need to meet data compliance requirements and enforce your organizational data security to the highest level Lawfulness and data transparency: ✓ Consent management; ✓ Data privacy policy management; ✓ Data processing purpose management; ✓ Work flow for handling data subject access requests; ✓ Data processing activities recording | Data mapping; Data security protection: ✓ Data Pseudonymization in services with database; ✓ Data Pseudonymization in pipelines; ✓ Data permission governing; ✓ Data access control work flow (Tech | Legal | Actual data usage); ✓ Data usage separation in micro-services; ✓ Data risk analysis; ✓ Data protection impact assessmenStarting Price: $159 per month -
48
HashiCorp Boundary
HashiCorp
Access any system from anywhere based on user identity. Traditional approaches like SSH bastion hosts or VPNs require distributing and managing credentials, configuring network controls like firewalls, and exposing the private network. Boundary provides a secure way to access hosts and critical systems without having to manage credentials or expose your network, and is entirely open source. Authenticate with any trusted identity provider you are already using. No need to distribute new credentials and manage them. Authorize access based on logical roles and services, instead of physical IP addresses. Manage dynamic infrastructure and integrate service registries so hosts and service catalogs are kept up-to-date. Automate credential injection to securely access services and hosts with HashiCorp Vault. Reduce risk of leaking credentials with dynamic secrets and just-in-time credentials. -
49
qProtect
QuintessenceLabs
qProtect™ delivers powerful data protection for the most sensitive and critical assets, particularly when they are in uncontrolled environments. It offers a much-needed practical solution for the protection of critical mobile data. Capabilities include automatic secure erasure of one-time key material when recording data, and “virtual zeroization”, to protect confidential information wherever it is, now and into the future. Our product portfolio and strong technical partnerships deliver broad security capabilities for the strongest security posture, today and tomorrow. QuintessenceLabs quantum-enabled solutions integrate with today’s encryption technologies. Centralized and vendor-neutral encryption key management solution. Designed to easily address the toughest challenges in key management. Crypto agile is adaptable to quantum-resistant algorithms. The point-to-point protocol that uses specialized hardware to share secret keys over an optical link. -
50
Sotero
Sotero
Sotero is the first cloud-native, zero trust data security platform that consolidates your entire security stack into one easy-to-manage environment. The Sotero data security platform employs an intelligent data security fabric that ensures your sensitive data is never left unprotected. Sotero automatically secures all your data instances and applications, regardless of source, location or lifecycle stage (at rest, in transit, or in use). With Sotero, you can move from a fragmented, complex data security stack to one unified data security fabric that provides 360° management of your entire data security ecosystem. You’re no longer forced to go to point solutions to know who is accessing your data. You get governance, auditability, visibility, and 100% control via a single pane. The Sotero platform protects any data asset wherever it resides – whether the data is a relational database, unstructured, semi-structured, structured, on-premise or in the cloud.
