Alternatives to Knox

Compare Knox alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to Knox in 2026. Compare features, ratings, user reviews, pricing, and more from Knox competitors and alternatives in order to make an informed decision for your business.

  • 1
    Keeper Security

    Keeper Security

    Keeper Security

    Keeper Security is transforming the way people and organizations around the world secure their passwords and passkeys, secrets and confidential information. Keeper’s easy-to-use cybersecurity platform is built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Keeper’s solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by millions of individuals and thousands of organizations globally, Keeper is the leader for best-in-class password and passkey management, secrets management, privileged access, secure remote access and encrypted messaging. Protect what matters at KeeperSecurity.com.
    Leader badge
    Compare vs. Knox View Software
    Visit Website
  • 2
    Securden Password Vault for Enterprises
    Securden Password Vault for Enterprises is a scalable, enterprise-grade credential management solution available in both cloud (SaaS) and on-premise deployments. It centralizes the storage of passwords, SSH keys, DevOps secrets, files, and other sensitive data in an AES-256 encrypted vault, helping organizations enforce strong security controls and defend against insider and external threats. The solution enables secure credential storage, granular access controls, automated password rotation, and just-in-time access while providing full visibility through audit logs, session recordings, and real-time alerts. IT teams can launch secure remote connections such as RDP, SSH, and SQL directly from the vault without exposing credentials. Trusted by enterprises worldwide, Securden helps organizations strengthen security posture, streamline credential governance, improve operational efficiency, and meet compliance requirements across industries.
    Compare vs. Knox View Software
    Visit Website
  • 3
    GitGuardian

    GitGuardian

    GitGuardian

    GitGuardian is an end-to-end NHI security platform that empowers software-driven organizations to enhance their Non-Human Identity (NHI) security and comply with industry standards. With attackers increasingly targeting NHIs, such as service accounts and applications, GitGuardian integrates Secrets Security and NHI Governance. This dual approach enables the detection of compromised secrets across your dev environments while also managing non human identities and their secrets lifecycle. The platform supports over 450+ types of secrets, offers public monitoring for leaked data, and deploys honeytokens for added defense. Trusted by over 600,000 developers, GitGuardian is the choice of leading organizations like Snowflake, ING, BASF and Bouygues Telecom for robust secrets protection.
  • 4
    SharePass

    SharePass

    SharePass

    SharePass is a SaaS Secret Management platform that allows sharing and managing secrets and confidential information using a web application, extension, or mobile app. SharePass works with encrypted links transmitted from the sender to the receiver with various settings and flags. The settings include expiry restriction, availability, IP restrictions and an entire filtering funnel (patent pending). SharePass is platform-independent that can be used with your existing communication tools. When it comes to your privacy, SharePass or any of its employees cannot see the content of your secrets; the secrets can be seen only by the exchanging parties. SharePass meets the latest cybersecurity compliance and regulations. In the era of identity theft, SharePass will protect you and prevent your data from leaking to the dark web by eliminating your digital footprint. SharePass supports SSO with Office365, Google Workspace, MFA, and integration with Yubikeys for maximum security.
  • 5
    Doppler

    Doppler

    Doppler

    Stop struggling with scattered API keys, hacking together home-brewed configuration tools, and avoiding access controls. Give your team a single source of truth with Doppler. The best developers automate the pain away. Create references to frequently used secrets in Doppler. Then when they need to change, you only need to update them once. Your team's single source of truth. Organize your variables across projects and environments. The scary days of sharing secrets over Slack, email, git, zip files, are over. After adding a secret, your team and their apps have it instantly. Like git, the Doppler CLI smartly knows which secrets to fetch based on the project directory you are in. Gone are the futile days of trying to keep ENV files in sync! Practice least privilege with granular access controls. Reduce exposure when deploying with read-only service tokens. Contractor needs access to just development? Easy!
    Starting Price: $6 per seat per month
  • 6
    AWS Secrets Manager
    AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text. Secrets Manager offers secret rotation with built-in integration for Amazon RDS, Amazon Redshift, and Amazon DocumentDB. Also, the service is extensible to other types of secrets, including API keys and OAuth tokens. In addition, Secrets Manager enables you to control access to secrets using fine-grained permissions and audit secret rotation centrally for resources in the AWS Cloud, third-party services, and on-premises. AWS Secrets Manager helps you meet your security and compliance requirements by enabling you to rotate secrets safely without the need for code deployments.
    Starting Price: $0.40 per month
  • 7
    Keywhiz

    Keywhiz

    Keywhiz

    Keywhiz is a system for managing and distributing secrets. It can fit well with a service oriented architecture (SOA). Here is an overview in presentation format. Common practices include putting secrets in config files next to code or copying files to servers out-of-band. The former is likely to be leaked and the latter difficult to track. Keywhiz makes managing secrets easier and more secure. Keywhiz servers in a cluster centrally store secrets encrypted in a database. Clients use mutually authenticated TLS (mTLS) to retrieve secrets they have access to. Authenticated users administer Keywhiz via CLI. To enable workflows, Keywhiz has automation APIs over mTLS. Every organization has services or systems that require secrets. Secrets like TLS certificates/keys, GPG keys, API tokens, database credentials. Keywhiz is reliable and used in production, however occasional changes may break API backward compatibility.
  • 8
    AccuKnox

    AccuKnox

    AccuKnox

    AccuKnox provides a zero trust Cloud Native Application Security (CNAPP) platform. AccuKnox is built in partnership with SRI (Stanford Research Institute) and is anchored on seminal inventions in the areas of container security, anomaly detection, and data provenance. AccuKnox can be deployed in public and private cloud environments. AccuKnox runtime Security helps you discover the application Behavior of the workloads running in a public cloud, private cloud, or on-prem in VM/BareMetal or local Kubernetes orchestrated cluster or unorchestrated pure-containerized cluster. If any ransomware attacker tries to compromise the security of the pod and gets access to the vault pod, they can do a command injection and encrypt the secrets stored in the volume mount points. Then the organizations have to pay millions of dollars to get back their secrets decrypted.
    Starting Price: $999 per month
  • 9
    Confidant

    Confidant

    Confidant

    Confidant is a open source secret management service that provides user-friendly storage and access to secrets in a secure way, from the developers at Lyft. Confidant solves the authentication chicken and egg problem by using AWS KMS and IAM to allow IAM roles to generate secure authentication tokens that can be verified by Confidant. Confidant also manages KMS grants for your IAM roles, which allows the IAM roles to generate tokens that can be used for service-to-service authentication, or to pass encrypted messages between services. Confidant stores secrets in an append-only way in DynamoDB, generating a unique KMS data key for every revision of every secret, using Fernet symmetric authenticated cryptography. Confidant provides an AngularJS web interface that allows end-users to easily manage secrets, the mappings of secrets to services and the history of changes.
  • 10
    Yandex Lockbox
    Create secrets in the management console or using the API. Your secrets are safely stored in one place, easily integrated with your cloud services, and accessible via external systems over the gRPC or REST API. Encrypt your secrets using Yandex Key Management Service keys. Secrets are only stored in encrypted form. You can choose pre-configured service roles to ensure granular access to your secrets. Set up access permissions to read or manage your secret or its metadata. Create a secret, select a Key Management Service (KMS) key, and securely store your login-password pairs and other sensitive information. A secret may contain any of your confidential information, e.g. a login-password pair, server certificate keys, or cloud service account keys. Each secret stored by the service can have multiple versions of stored data. The service stores this data securely in encrypted form. All secrets are replicated in three availability zones.
    Starting Price: $0.0277 per 10000 operations
  • 11
    Segura

    Segura

    Segura

    Segura® (formerly senhasegura) is a cybersecurity company focused on Privileged Access Management (PAM). Its platform helps organizations secure and manage privileged identities, credentials, and secrets across hybrid and cloud environments. Segura supports use cases such as credential vaulting, session monitoring, privilege elevation, and secrets management for DevOps. Designed to simplify complex identity security challenges, Segura provides IT teams with visibility, control, and tools to reduce risk and support compliance. The company operates globally through a network of partners and serves customers across key sectors, including finance, healthcare, government, telecom, and critical infrastructure.
  • 12
    CyberArk Conjur
    A seamless open source interface to securely authenticate, control and audit non-human access across tools, applications, containers and cloud environments via robust secrets management. Secrets grant access to applications, tools, critical infrastructure and other sensitive data. Conjur secures this access by tightly controlling secrets with granular Role-Based Access Control (RBAC). When an application requests access to a resource, Conjur authenticates the application, performs an authorization check against the security policy and then securely distributes the secret. Security policy as code is the foundation of Conjur. Security rules are written in .yml files, checked into source control, and loaded onto the Conjur server. Security policy is treated like any other source control asset, adding transparency and collaboration to the organization’s security requirements.
  • 13
    HashiCorp Vault
    Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API. Secure applications and systems with machine identity and automate credential issuance, rotation, and more. Enable attestation of application and workload identity, using Vault as the trusted authority. Many organizations have credentials hard coded in source code, littered throughout configuration files and configuration management tools, and stored in plaintext in version control, wikis, and shared volumes. Safeguarding and ensuring that a credentials isn’t leaked, or in the likelihood it is, that the organization can quickly revoke access and remediate, is a complex problem to solve.
  • 14
    Entro

    Entro

    Entro Security

    Non-Human Identity & Secrets Security Platform. A pioneer in non-human identity management, Entro enables organizations to securely utilize non-human identities and secrets, overseeing their usage and automating their lifecycle from inception to rotation. Secrets-based cyber attacks are devastating and growing as more and more secrets are created by R&D teams and spread across various vaults and repositories with no real secret management, monitoring, or security oversight. Streamline and secure your non-human identity lifecycle management. With Entro, security teams can now oversee and protect Non-human identities with automated lifecycle management and seamless integration, ensuring comprehensive security & compliance through a unified interface.
  • 15
    PrivX

    PrivX

    SSH Communications Security

    PrivX is a scalable, cost-efficient, and highly automated privileged access management (PAM) solution for hybrid and multi-cloud environments, quantum-safe connections and any combination of password vaulting, rotation, and passwordless authentication. PrivX makes PAM easy, productive, and secure while decreasing complexity and costs. PrivX reduces the risk of passwords, keys, and other leave-behind credentials by eliminating them right after access authentication. Instead, it uses short-lived, ephemeral certificates. Your privileged users and superusers get just-in-time, role-based Zero Trust access without the need to handle, vault, manage or rotate any secrets. PrivX also supports hybrid environments with a secrets vault and password rotation when necessary. It even allows you to make quantum-safe SSH connections.
  • 16
    Hemmelig.app

    Hemmelig.app

    Hemmelig.app

    Hemmelig lets you share secrets securely with encrypted messages that automatically self-destruct after being read. Paste a password, confidential message, or private data. Ensure your sensitive data remains encrypted, secure, and confidential. The secret link, by default, is a one-time use only, after which it will vanish. Hemmelig, [he`m:(ə)li], means secret in Norwegian.
    Starting Price: Free
  • 17
    Yandex Key Management Service
    Use keys to protect the secrets, personal data, and sensitive information you store in the cloud. Create and delete keys, set up access policies, and perform rotation via the management console, CLI, or API. Yandex KMS implements symmetric and asymmetric cryptography. Use the REST or RPC API to encrypt and decrypt small amounts of data, such as secrets and local encryption keys, as well as to sign data using e-signature schemes. You manage access to encrypted data, and Yandex KMS ensures the reliability and physical security of keys. Hardware Security Modules (HSMs) are available. Encrypt small amounts of data using the SDK in Java or Go. To encrypt larger amounts of data, the service is integrated with popular encryption libraries, including the AWS Encryption SDK and Google Tink. Integration with Yandex Lockbox makes it possible to encrypt secrets with your own keys. Secrets and data can also be protected using encryption keys in Managed Service for Kubernetes.
    Starting Price: $0.0230 per month
  • 18
    SecretHub

    SecretHub

    SecretHub

    Upgrade security throughout the stack with a unified secrets management platform that every engineer can use – from admin to intern. Putting passwords and API keys in source code creates a security risk. But handling them properly creates complexity that makes it extremely cumbersome to deploy. Git, Slack, and email are designed to share information, not to keep secrets. Copy-pasting values and waiting on that one admin who holds all the keys simply don't scale when you're deploying software multiple times a week. It's impossible to track who accessed what secrets at what time, making compliance audits a nightmare. Eliminate secrets in source code by replacing plaintext values with a reference to the secret. SecretHub then automatically loads secrets into your app the moment it starts. Use the CLI to encrypt and store secrets and then simply tell the code where to look for the secret. Your code is now free of secrets and can be shared with everyone on your team.
    Starting Price: $99 per month
  • 19
    Onboardbase

    Onboardbase

    Onboardbase

    Onboardbase is the a secret management infrastructure platform that provides single source of shared truth for app secrets and usage. It helps dev teams securely share and work with environment-specific configs at every development stage, synced across infrastructure without compromising security - this means development teams can focus on building great apps rather than managing secrets and data. Secrets are dynamically kept up to date across your environments and infrastructure, with 50+ integrations and growing. Dev teams can monitor and audit how long, where and when your secrets are used and revoke usage anywhere with a click. Powerful always-on codebase scanning features prevent developers from accidentally leaking secrets to production, maintaining a robust security model.
    Starting Price: Free
  • 20
    Password.link

    Password.link

    Password.link

    The link can only be opened once. This ensures nobody has opened it before the recipient and nobody can open it again afterward. The encrypted secret is deleted from our database when it has been viewed. There's no way to view it again. Sending secrets in plain text exposes them to threats even after the message has been long forgotten. Using a one-time link ensures that there are no valid credentials lying around in email inboxes or archived instant messages. Half of the encryption key is stored in the link itself and never seen by us or anyone else. Viewing the secret is not possible without the original link. Using our service you can create a one-time link to the credentials and be sure nobody sees them before the recipient. You can also configure notifications to be sent via different channels so you know when the credentials have been viewed, and by who.
    Starting Price: €8.99 per month
  • 21
    Infisical

    Infisical

    Infisical

    Compare secrets across environments and see what's different or missing. Set personal values for secrets – either during local development or for sensitive secrets. Easily inherit other secrets to establish a single source of truth. Automatically identify and prevent secret leaks to git using Infisical's continuous monitoring and pre-commit checks – support over 140 secret types.
    Starting Price: $6 per month
  • 22
    Corsha

    Corsha

    Corsha

    APIs power all of your applications and services. Secrets are shared. They are rarely rotated, sometimes never at all. API keys and tokens, even PKI, are getting leaked at an alarming rate. You need clear visibility into and simple control over the machines that are accessing your APIs. Organizations lack visibility into the machines that are leveraging API secrets, and as automation shifts risk from human to machine, the identities of these machines and the secrets they use is more important than ever. Corsha stops API attacks that use stolen or compromised API credentials and helps enterprises protect data and applications that leverage machine to machine (or service to service) API communication.
  • 23
    keyhold.io

    keyhold.io

    keyhold.io

    Your clients send credentials via Slack. Your contractors have passwords in email threads. Chaos. keyhold.io is a zero-knowledge secret custody platform for teams who manage credentials that aren't theirs. Send secure request links, collect credentials encrypted before they reach our servers, and get full audit trails of every access. Built for MSPs, agencies, and anyone tired of sensitive access scattered across chat threads.
    Starting Price: £50/month
  • 24
    WALLIX Bastion
    Easy to use and deploy, the WALLIX Bastion PAM solution delivers robust security and oversight over privileged access to critical IT infrastructure. Reduce the attack surface, secure remote access, and meet regulatory compliance requirements with simplified Privileged Access Management. WALLIX Bastion delivers leading session management, secrets management, and access management features to secure IT and OT environments, enable Zero Trust and Just-In-Time policies, and to protect internal and external access to sensitive data, servers, and networks in industries ranging from healthcare to finance to industry and manufacturing. Adapt to the digital transformation with secure DevOps thanks to AAPM (Application-to-Application Password Management). WALLIX Bastion is available both on-premise and in cloud environments for complete flexibility, scalability, and the lowest market total cost of ownership. WALLIX Bastion PAM natively integrates with a full suite of security solutions
  • 25
    Delinea Secret Server
    Protect your privileged accounts with our enterprise-grade Privileged Access Management (PAM) solution. Available both on-premise or in the cloud. Get up and running fast with solutions for privileged account discovery, turnkey installation and out-of-the-box auditing and reporting tools. Manage multiple databases, software applications, hypervisors, network devices, and security tools, even in large-scale, distributed environments. Create endless customizations with direct control to on-premise and cloud PAM. Work with professional services or use your own experts. Secure privileges for service, application, root, and administrator accounts across your enterprise. Store privileged credentials in an encrypted, centralized vault. Identify all service, application, administrator, and root accounts to curb sprawl and gain a full view of your privileged access. Provision and deprovision, ensure password complexity and rotate credentials.
  • 26
    Evo Security

    Evo Security

    Evo Security

    Eliminate credential sharing, establish powerful administrative permissions, mass deploy login security for your customers, and meet insurance and compliance requirements with Evo Security. EPIC is the next evolutionary step for MSPs, MSSPs, NOCs, and SOCs seeking to reduce credential sharing risk and secure logins for endpoints, network devices, and web applications all-in-one. The big secret about managed services is that MSP administrators are forced to share customer passwords and MFA codes internally. Password Managers and other Password Rotation tools offer sharing convenience with some iterative improvements, however ultimately propagate the same problem. With cybercriminals targeting MSPs more than ever, and regulation mandates demanding a better way, this involuntary poor practice has run its course. Easily accommodate managed or co-managed Customer scenarios when technicians and administrators need access to the Evo platform using the Evo Privileged Access Manager.
  • 27
    Idira

    Idira

    Idira by Palo Alto Networks

    Idira is Palo Alto Networks’ next-generation identity security platform built for the AI enterprise, designed to secure every human, machine, and agentic identity through one unified control plane. It modernizes privileged access management by extending privilege controls beyond administrators to every identity that can access sensitive systems, data, applications, cloud services, workloads, endpoints, secrets, certificates, SSH keys, and AI agents. It discovers identity risk, applies privilege dynamically, and governs the full lifecycle from first access to final session. Idira replaces static, always-on access with dynamic privilege, just-in-time access, zero standing privilege, continuous verification, policy-driven controls, and real-time enforcement based on identity, device, and context. For human identities, it unifies privileged access, workforce access, endpoint privilege management, and identity governance, helping organizations reduce privilege sprawl.
  • 28
    Bravura Safe

    Bravura Safe

    Bravura Security

    Bravura Safe is a zero-knowledge secret and passwords manager that centrally, consistently, and securely manages decentralized passwords, and secrets so your employees don't have to. It complements core password management solutions that organizations already use. Bravura Safe leverages two decades of Bravura Security’s enterprise cybersecurity solutions. Employees can securely send time-bound passwords for new accounts, encryption keys for files, or entire files without them being leaked or intercepted, and with only one password to their Bravura Safe to remember. The recent rising threat of organizational insiders being paid to help in cyberattacks combined with notoriously bad secret and password hygiene at an individual level is a cause for cybersecurity leaders to be concerned. While IT teams have focused on implementing strong SSO, password management, identity and even privileged access management solutions, the work-from-home world has caused shadow IT to explode.
  • 29
    InPrivy

    InPrivy

    InPrivy

    Easily share sensitive information with co-workers, clients, friends, and family. Use InPrivy to share passwords and other sensitive information in a secure way. Prevent your confidential data to remain fully visible in email conversations or chats. Sharing private notes, passwords, API keys, credit card information or any other kind of sensitive data should be done in a safe way. When sending them via email or messengers, your data remains visible and accessible for a long time. Start sharing the secure way, and use InPrivy. No ads, no excessive user tracking, and made in Germany. We ensure robust protection of your sensitive information. Use anywhere on the web, without installing any apps. You are the only one who knows the link to the secret information you created. Give it to the person who should see it. The links are encrypted with SSL and can only be used once by default. The secret information is also kept safe using strong AES-256 encryption.
    Starting Price: €30 per year
  • 30
    SlashID

    SlashID

    SlashID

    Identity is the most common vector for lateral movement and data breaches. SlashID helps you build a secure, compliant, and scalable identity infrastructure. Manage the creation, rotation and deletion of identities and secrets in a single place. Complete inventory of all your identities and secrets, multi-cloud. Detect initial access, privilege escalation, and lateral movement across your IdPs and cloud environments. Add authentication, authorization, conditional access, and tokenization to your services. Detect leaked key materials in real-time and prevent data breaches by rotating them. Automatically block, suspend, rotate or enforce MFA on a detection to reduce the impact of an attack. Add MFA and conditional access to your applications. Add authentication, authorization, credential tokenization, and conditional access to your APIs and workloads.
  • 31
    Keyshade

    Keyshade

    Keyshade

    Keyshade is a secret and configuration manager designed for developers teams and infra. It helps you avoid hardcoding secrets, eliminate sharing your .env manually, and keep environment variables in sync across local setups, CI/CD pipelines, and production. Whether you're solo or working with a team, Keyshade fits into your workflow with minimal setup and maximum security.
    Starting Price: $7.99/month
  • 32
    Britive

    Britive

    Britive

    Permanent elevated privileges leave you open to increased data loss & account damage due to insider threats & hackers 24/7. Temporarily granting & expiring Just In Time Privileges with Britive instead minimizes the potential blast radius of your privileged human and machine identities. Maintain zero standing privileges (ZSP) across your cloud services, without the hassle of building a DIY cloud PAM solution. Hardcoded API keys and credentials, typically with elevated privileges, are sitting targets for exploits, and there are 20x more machine IDs using them than there are human users. Granting & revoking Just-in-Time (JIT) secrets with Britive can significantly reduce your credential exposure. Eliminate static secrets & maintain zero standing privileges (ZSP) for machine IDs. Most cloud accounts become over-privileged over time. Contractors & employees often maintain access after they leave.
  • 33
    SikkerKey

    SikkerKey

    SikkerKey

    SikkerKey allows you to manage application secrets across every machine in your stack using secure, machine-authenticated requests instead of bearer tokens. Instead of distributing replayable scoped tokens, SikkerKey verifies machine identity with asymmetric cryptographic proof, giving teams a stronger security primitive without the usual complexity. Run a single bootstrap command, approve the machine in the dashboard, and it’s ready to securely request the secrets it needs.
    Starting Price: $25/month
  • 34
    Pulumi

    Pulumi

    Pulumi

    Modern Infrastructure as Code. Create, deploy, and manage infrastructure on any cloud using familiar programming languages and tools. Many clouds, one workflow. Use the same language, tools, and workflow, on any cloud. Collaborate. Harmonize your engineering practices between developers and operators. Easy continuous delivery. Deploy from the CLI, or integrate with your favorite CI/CD system, and review all changes before they are made. Tame complexity. Gain visibility across all of your environments. Audit and secure. Know who changed what, when, and why. Enforce deployment policies with your identity provider of choice. Secrets management. Keep secrets safe with easy, built-in encrypted configuration. Familiar programming languages. Define infrastructure in JavaScript, TypeScript, Python, Go, or any .NET language, including C#, F#, and VB. Your favorite tools. Use familiar IDEs, test frameworks, and tools. Share and reuse. Codify best practices and policies.
  • 35
    TruffleHog

    TruffleHog

    Truffle Security

    TruffleHog runs behind the scenes to scan your environment for secrets like private keys and credentials, so you can protect your data before a breach occurs. Secrets can be found anywhere, so TruffleHog scans more than just code repositories, including SaaS and internally hosted software. With support for custom integrations and new integrations added all the time, you can secure your secrets across your entire environment. TruffleHog is developed by a team entirely comprised of career security experts. Security is our passion and primary concern, and all features are developed with best practices in mind. TruffleHog enables you to track and manage secrets within our intuitive management interface, including links to exactly where secrets have been found. Authenticate with secure OAuth workflows for users and never worry about username and password breaches.
  • 36
    Azure Key Vault
    Enhance data protection and compliance with Key Vault. Secure key management is essential to protect data in the cloud. Use Azure Key Vault to encrypt keys and small secrets like passwords that use keys stored in hardware security modules (HSMs). For more assurance, import or generate keys in HSMs, and Microsoft processes your keys in FIPS validated HSMs (hardware and firmware) - FIPS 140-2 Level 2 for vaults and FIPS 140-2 Level 3 for HSM pools. With Key Vault, Microsoft doesn’t see or extract your keys. Monitor and audit your key use with Azure logging—pipe logs into Azure HDInsight or your security information and event management (SIEM) solution for more analysis and threat detection.
  • 37
    Delinea DevOps Secret Vault
    Enable app-to-app communications and app-to-database access without hardcoding credentials. Secure access to tools for software and infrastructure deployment, testing, orchestration, and configuration. Centrally manage, control, and audit secrets for automated processes that operate without human oversight. Deploy rapidly with cloud-native SaaS architecture and elastic scalability that static, IP-based PAM solutions can’t provide. The standard definition of PAM isn’t sufficient for the growing risk of cyberattacks. We believe PAM must address the exploding number of identities and today’s IT complexities.
  • 38
    Entropy Keycrypt

    Entropy Keycrypt

    Quantum Entropy

    Protect your essential digital assets with Entropy, offering a seamless and secure transition to your trusted circle in unforeseen circumstances. User-Friendly Security Entropy enables you to securely partition important information into discrete shares, each of which reveals nothing about your secret without the others. Distribute these to a select group of trusted individuals, who can then store them offline for added security. Long-Term Resilience With its robust security features, including 256-bit encryption, Entropy is well-suited for durable, decentralized offline storage, safeguarding your data from both online and specific offline threats.
    Starting Price: $24.99
  • 39
    PaymentKnox
    nsKnox is a fintech-security company, enabling corporations and banks to prevent fraud and ensure compliance in B2B Payments. Founded and led by Alon Cohen, Founder & former CEO of CyberArk (NASDAQ: CYBR), nsKnox solutions help organizations avoid significant financial losses, heavy fines, and reputational damage. Cybercriminals today are using ever-more sophisticated techniques, such as vendor impersonation, business email compromise (BEC), and social engineering, to divert outgoing corporate payments to their own fraudulent accounts. As their success rates grow so does the financial damage incurred by targeted organizations. PaymentKnox™ for Accounts Payable introduces a technology-driven approach that enables organizations to minimize the risk of human error and prevent unauthorized payments.
  • 40
    Apache Knox

    Apache Knox

    Apache Software Foundation

    The Knox API Gateway is designed as a reverse proxy with consideration for pluggability in the areas of policy enforcement, through providers and the backend services for which it proxies requests. Policy enforcement ranges from authentication/federation, authorization, audit, dispatch, hostmapping and content rewrite rules. Policy is enforced through a chain of providers that are defined within the topology deployment descriptor for each Apache Hadoop cluster gated by Knox. The cluster definition is also defined within the topology deployment descriptor and provides the Knox Gateway with the layout of the cluster for purposes of routing and translation between user facing URLs and cluster internals. Each Apache Hadoop cluster that is protected by Knox has its set of REST APIs represented by a single cluster specific application context path. This allows the Knox Gateway to both protect multiple clusters and present the REST API consumer with a single endpoint.
  • 41
    WidsMob PhotoVault
    Private Photo Vault allows you to import photos into the app and hide them behind a password folder. Each and every photo you hide with PhotoVault is automatically AES-256 encrypted upon hiding. WidsMob PhotoVault keeps your photos/images locked up and protected with password protection. You can hide your pictures safely and easily in PhotoVault with password protection. Put your secret photos into the PhotoVault and hide them there without anyone knowing. You can easily view all your secret pictures on PhotoVault easily without any limitation. You can use PhotoVault to view secret pictures smoothly like a professional photo viewer. Full-screen viewing mode of PhotoVault makes you have a better viewing experience. You can view private photos in slideshow mode by setting the play duration and more. Simple edit functions to let you easily zoom or rotate your private photos without extra tools.
    Starting Price: $19.99 per year
  • 42
    Password Scale
    Solve the team frustrations when managing passwords, get access to the shared password pool only by entering in a Slack group. Keep the team passwords encrypted and saved in a secure storage, mitigate the risk of compromising passwords stored in multiples and potentially insecure places. We document the encryption design, publishing the entire source code, making possible code reviews and check the implemented zero-knowledge protocol. To retrieve the link with the editor to create the secret, this link expires in 15 minutes. To make unreachable the secret, to complete deletion is necessary to do it manually from the s3 password storage. To setup the password storage, it is only necessary to execute it once. To retrieve a one-time-use link with the secret content, this link expires in 15 minutes. Go to our GitHub project for instructions on how to set up your own password server, also you can try the command on your Slack team using our test server.
  • 43
    Akeyless Identity Security Platform
    Akeyless delivers identity security for an era shaped by automation and AI. The cloud-native platform secures machines, AI agents, and human access across hybrid, multi-cloud, and on-prem environments. It provides a practical path to secretless, identity-based access through secrets management, certificate lifecycle management and PKI, PAM, and unified governance. Akeyless is built on a cryptography foundation that combines encryption, key management, and Distributed Fragments Cryptography to keep sensitive material under customer control and protected from post-quantum threats. With integrations for cloud IAM, Kubernetes, CI/CD, and MCP-based AI agent workflows, teams can adopt and scale AI agents securely without expanding risk. Akeyless Jarvis™ delivers identity intelligence to surface risky access and strengthen oversight.
  • 44
    Unified.to

    Unified.to

    Unified.to

    Ship the integrations your customers and prospects need now and watch your revenue soar, without compromising your core product. Deliver secure, deep and powerful integrations for all kinds of use cases with advanced observability and security features. We never store your customers' data, plus, you can even securely store your customers' OAUTH2 access tokens in your AWS Secrets Manager account. Keep your customers' credentials secure with OAUTH2 authentication while giving your customers full control to revoke access tokens anytime. Take charge of branding and security by using your OAUTH2 client IDS and secrets, giving your application full autonomy over authorization pages and access tokens. Skip the headache of juggling different APIs and complex data transformations. Simplify your integration process with one API and one data model.
    Starting Price: $250 per month
  • 45
    Drone

    Drone

    Harness

    Configuration as a code. Pipelines are configured with a simple, easy‑to‑read file that you commit to your git repository. Each pipeline step is executed inside an isolated Docker container that is automatically downloaded at runtime. Any source code manager. Drone integrates seamlessly with multiple source code management systems, including GitHub, GitHubEnterprise, Bitbucket, and GitLab. Any platform. Drone.io natively supports multiple operating systems and architectures, including Linux x64, ARM, ARM64 and Windows x64. Any language. Drone works with any language, database or service that runs inside a Docker container. Choose from thousands of public Docker images or provide your own. Create and share plugins. Drone uses containers to drop pre‑configured steps into your pipeline. Choose from hundreds of existing plugins, or create your own. Drone makes advanced customization easy. Implement custom access controls, approval workflows, secret management, yaml syntax extensions& more.
  • 46
    Strongbox

    Strongbox

    Strongbox

    Strongbox provides best in class secure password management helping you keep your data secret. Protecting you from digital attacks by using recognized best practices, military grade cryptography, and industry standard formats. Strongbox not only secures your data but provides a beautiful native experience on iPhones, iPad’s and Macs. The ultimate KeePass iOS password manager. Strongbox is a native App on both iOS and MacOS platforms. This means it looks and feels just like an App should. Designed with Apple’s human interface guidelines in mind and using standard UI paradigms, controls, colours and integrations, Strongbox just feels native. AutoFill integration means you never have to leave Safari or your other Apps to fill in a password, just tap the Strongbox suggestion above your keyboard, authenticate and you’re done. Use Face ID to automatically unlock your database, being secure has never been so convenient.
    Starting Price: $2.49 per month
  • 47
    Cyqur

    Cyqur

    Binarii Labs

    You control where your passwords and seed phrases are secured via the Cyqur browser extension. Cyqur encrypts, fragments, and distributes your data wherever you want for unprecedented security. Although, it’s always you who owns and controls your data. By adding the proof of record from the blockchain, the security process is complete. Encrypted pieces are stored across multiple cloud providers so data is incomplete and useless if hacked. Multi-cloud data sovereignty, automated seed word protection, blockchain-based proof of record, customizable MFA, a referral program for credits, and direct personal customer support. Store up to 50 text based secrets (e.g., notes, PINs, secret phrases, banking credentials, MFA backup codes). Secrets are uniquely fragmented, encrypted, and stored across three separate cloud locations for enhanced security. Enhanced log-on authentication with customizable MFA options.
    Starting Price: €15 one-time payment
  • 48
    Samsung Knox Suite
    Knox Suite is an all-in-one enterprise mobility solution designed to secure, deploy, manage, and analyze work devices across their entire lifecycle. Built on the Samsung Knox platform, it enables organizations to safeguard device fleets and corporate data by detecting vulnerabilities, enforcing security patches, verifying device integrity remotely, and locking or wiping devices when needed. Deployment is streamlined with automated enrollment options, such as QR-code setup or bulk provisioning by certified resellers, and devices seamlessly integrate into the Knox ecosystem with a unified single-sign-on admin experience. Device and app management is handled centrally: IT teams can define granular policies by location, time, network status, or device state; control OS versions and updates; distribute, configure, or remove apps; and lock down lost or stolen devices.
  • 49
    gitleaks

    gitleaks

    gitleaks

    Gitleaks is a SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks is an easy-to-use, all-in-one solution for detecting secrets, past or present, in your code. Gitleaks can be installed using Homebrew, Docker, or Go. Gitleaks is also available in binary form for many popular platforms and OS types on the releases page. In addition, Gitleaks can be implemented as a pre-commit hook directly in your repo.
  • 50
    NuCypher

    NuCypher

    NuCypher

    Manage secrets such as IAM tokens, database and SSH credentials, and signing/encryption keys across dynamic environments. Conditionally grant and revoke access to sensitive data to arbitrary numbers of recipients. Process encrypted data while preserving the confidentiality of the inputs and results. NuCypher's PRE network provides cryptographic access controls for distributed apps and protocols. NuCypher's NuFHE library enables secure, private computation on encrypted data by outsourced nodes. Fully Homomorphic Encryption (FHE) is a form of encryption that allows arbitrary, secure computation on encrypted data (meaning encrypted data can be processed without needing to decrypt it first). Operations on the encrypted data are applied as if being performed on the plaintext data.