KeeperDB: Bringing Zero-Trust Database Access to Privileged Management
Keeper Security brings zero-trust database access to its PAM platform with KeeperDB.
What KeeperDB Actually Does
KeeperDB adds a vault-native database access interface to KeeperPAM, Keeper’s unified privileged access management platform. In practical terms, this means:
- Developers, database administrators, and security teams can connect to MySQL, PostgreSQL, Oracle, and Microsoft SQL Server databases directly from the Keeper Vault, without exposing credentials in plaintext.
- Every database session is governed by centralised policies and fully recorded for audit and compliance purposes.
- Database access lives within the vault where passwords, secrets, and privileged credentials are already stored, eliminating the need for a separate tool with its own credential store.
The Credential Sprawl Problem
KeeperDB addresses a well-documented challenge: database credentials in most organisations are scattered across configuration files, environment variables, CI/CD pipelines, and individual developer machines. This credential sprawl makes it difficult to track down every instance of a compromised credential and complicates audit preparation for organisations subject to SOC 2, HIPAA, PCI DSS, or similar compliance requirements.
KeeperDB’s Approach
KeeperDB consolidates database access under the same zero-knowledge encryption and policy engine that governs passwords, SSH keys, API tokens, and remote desktop sessions in KeeperPAM. Credentials are never exposed to users in plaintext, access is granted based on role-based policies, and every query session is recorded.
Proxy Mode for Existing Workflows
Recognising that many existing workflows rely on separate database management tools, KeeperDB offers proxy mode. This allows users to continue using their preferred tool while leveraging Keeper’s secure backend for credential management.