Keeper Security brings zero-trust database access to its PAM platform with KeeperDB

Database credentials remain one of the most common attack vectors in enterprise breaches, yet most organisations still manage them through shared spreadsheets, hardcoded connection strings, or standalone credential vaults with no session oversight. Keeper Security, the Chicago-based cybersecurity company best known for its password management platform, is attempting to close that gap with KeeperDB, a new capability that embeds database access controls directly into its privileged access management (PAM) platform.

The product was announced at RSA Conference 2026 in San Francisco, where Keeper also collected 18 industry awards across categories including password management, privileged access management, and zero-trust security.

What KeeperDB actually does

KeeperDB adds a vault-native database access interface to KeeperPAM, Keeper’s unified privileged access management platform. In practical terms, this means developers, database administrators, and security teams can connect to MySQL, PostgreSQL, Oracle, and Microsoft SQL Server databases directly from the Keeper Vault, without exposing credentials in plaintext or relying on separate database management tools.

Every database session is governed by centralised policies, with full session recording for audit and compliance purposes. The idea is straightforward: if organisations already store their passwords, secrets, and privileged credentials in Keeper, database access should live there too, rather than requiring a separate tool with its own credential store.

“KeeperDB represents a natural evolution of our zero-trust architecture,” said Darren Guccione, CEO and co-founder of Keeper Security. “By embedding database access directly into the vault, we eliminate the credential sprawl that creates risk in most enterprise environments.”

The credential sprawl problem

The challenge KeeperDB addresses is well documented. Database credentials in most organisations are scattered across configuration files, environment variables, CI/CD pipelines, and individual developer machines. When an employee leaves or a credential is compromised, tracking down every instance of that credential becomes an exercise in archaeology.

Traditional database access tools compound the problem. Each tool maintains its own connection profiles and saved credentials, creating multiple copies of sensitive information outside any centralised governance framework. For organisations subject to SOC 2, HIPAA, PCI DSS, or similar compliance requirements, this fragmentation makes audit preparation significantly more time-consuming.

KeeperDB’s approach consolidates database access under the same zero-knowledge encryption and policy engine that already governs passwords, SSH keys, API tokens, and remote desktop sessions in KeeperPAM. Credentials are never exposed to users in plaintext, access is granted based on role-based policies, and every query session is recorded.

Proxy mode for existing workflows

Recognising that many teams have established workflows with existing database clients, Keeper is also introducing KeeperDB Proxy. This companion feature allows developers to continue using their preferred tools (pgAdmin, MySQL Workbench, DBeaver, and similar clients) while routing connections through Keeper’s infrastructure. The proxy maintains centralised policy enforcement, credential protection, and session visibility without requiring teams to abandon their existing tooling.

This is a pragmatic concession. Asking database administrators to switch from tools they have used for years is a reliable way to generate friction and reduce adoption. By offering both a native vault interface and a proxy mode, Keeper is betting that organisations will adopt whichever path creates the least disruption.

A broader PAM strategy

KeeperDB is the latest addition to a platform that has expanded considerably beyond its password management origins. KeeperPAM now includes password and passkey management, secrets management for DevOps and CI/CD pipelines, privileged session management with recording, remote browser isolation, secure remote desktop and SSH access via Keeper Connection Manager, and now database access.

The company’s strategy is to consolidate multiple point solutions into a single platform with a single credential store and a single policy engine. For managed service providers (MSPs), Keeper announced a revamped 2026 partner programme in February with tiered discounts and expanded enablement resources, suggesting that the mid-market and channel are key growth targets alongside direct enterprise sales.

The F1 connection

Keeper’s RSAC presence coincided with the company’s broader visibility push. Now in its third season as the official cybersecurity partner of the Atlassian Williams F1 Team, Keeper launched a global advertising campaign in March 2026 featuring driver Alex Albon. The campaign, filmed during pre-season testing in Bahrain, draws parallels between the real-time data protection required in Formula 1 operations and the identity-first security model that Keeper promotes for enterprise environments.

Williams uses KeeperPAM to protect passwords, infrastructure secrets, and privileged accounts both at its Grove headquarters and trackside, where race strategy, telemetry, and engineering systems depend on tightly controlled access to sensitive data.

What this signals

The broader trend KeeperDB reflects is the continued consolidation of identity and access management tools. Organisations that once maintained separate solutions for password management, secrets management, privileged access, remote connectivity, and database access are increasingly looking for unified platforms that reduce complexity and the number of credential stores to protect.

Keeper is not the only vendor pursuing this strategy. CyberArk, BeyondTrust, and Delinea have all expanded their PAM platforms in recent years. What distinguishes Keeper’s approach is its zero-knowledge architecture (meaning Keeper’s own servers cannot access customer data) and its consumer-grade user experience, which the company argues drives higher adoption rates than traditional enterprise PAM tools.

KeeperDB is available now for KeeperPAM customers, with support for MySQL, PostgreSQL, Oracle, and Microsoft SQL Server. KeeperDB Proxy is expected to follow in a subsequent release.