AES-256Zero-knowledge encryption
at rest & in transit
PAMPrivileged access mgmt
with session recording
99.99%Cloud SaaS uptime SLA
guaranteed
0Data leaves your
infrastructure on-prem
Pricing
Two plans. No user limits on either.
On-premises gives you full infrastructure control at a flat monthly rate. Cloud SaaS scales with your team at the per-agent level — start small, grow freely.
On-Premises
€349
per month, flat rate · unlimited users
Updates & new features included
Self-hosted on your infrastructure
Authentication
Local Active DirectoryBasic user auth (no IDP)
Everything included
Teams & shared vaults
Zero-knowledge AES-256 encryption
PAM user management
Multiple vaults & granular permissions
Immutable audit trail
Browser extension (Chrome, Firefox, Edge)
REST API & CLI
GDPR compliant
SIEM export
Updates included
Contact us to get startedRecommended
Cloud SaaS
€14.99
per month, instance fee
+ €1.99per user / month
Automatic updates & managed backups
99.99% uptime SLA guaranteed
Authentication
Microsoft Entra IDSAML 2.0 / OIDCBasic user auth (no IDP)
Everything included
Teams & shared vaults
Zero-knowledge AES-256 encryption
PAM user management
Multiple vaults & granular permissions
Immutable audit trail
Browser extension (Chrome, Firefox, Edge)
REST API & CLI
GDPR compliant
SIEM export
Updates included
Get started →Capabilities
Built for security teams that mean it
From zero-knowledge vaults to just-in-time PAM access — every feature ships on both plans, cloud and on-prem alike.
Security Core
Zero-Knowledge Encryption
AES-256 encryption at rest and in transit. Every credential is encrypted client-side using PBKDF2 / Argon2id key derivation before it ever leaves your device. The server never holds plaintext — ever.
AES-256-GCMPBKDF2 / Argon2idClient-side onlyIn-transit TLS 1.3
Privileged Access
PAM & Just-in-Time Access
Privileged Access Management with approval workflows, time-limited access windows, and session recording. Every elevated access event leaves a timestamped trail.
1Request›2Approve›3Access›4Record
Collaboration
Teams & Shared Vaults
Create vaults per team, department, or project. Granular per-user and per-vault permissions — read, write, manage, or share.
Compliance
Immutable Audit Trail
Every credential read, edit, share, and deletion is logged with timestamp, user identity, and IP. GDPR-ready export. Tamper-proof.
Access
Browser Extension & REST API
Chrome, Firefox, Edge auto-fill extension. REST API and CLI for injecting secrets into CI/CD pipelines, Kubernetes, and infrastructure-as-code.
$vault secret get --id db-prod --format env
Authentication
Flexible Identity Providers
No external IDP required. On-prem connects to your local AD. Cloud uses Entra ID (SAML 2.0 / OIDC). Basic auth available on both.
Entra IDLocal ADBasic auth
Getting started
Up and running in three steps
01
Choose your deployment
Pick cloud SaaS for a managed instance ready in minutes, or on-premises for full self-hosting on your own infrastructure. Same feature set either way.
02
Connect your identity provider
Hook into Microsoft Entra ID, local Active Directory, or enable basic user auth — no external IDP required. All options available on both plans.
03
Invite your team & go live
Create vaults, define PAM policies, set granular permissions per team and vault, then roll out to your organisation. Migration support included.
Secure your corporate credentials today
Cloud SaaS ready in minutes. On-premises with full migration support included. Talk to us if you need an air-gap deployment or custom compliance requirements.