The Challenge
What Keeper Was Facing
Keeper needed a secrets management solution that could serve as a single source of truth across a hybrid infrastructure spanning AWS, Azure, and on-premise systems, while also integrating with three different CI/CD platforms used by different engineering teams. Secrets were scattered across environment variables, config files, vault instances, and cloud-native secret stores — with no centralised audit trail, no rotation policy enforcement, and significant duplication that made rotation a high-risk manual process across dozens of systems.
The Solution
What We Built
We built a centralised secrets management integration layer with native sync adapters for AWS Secrets Manager, Azure Key Vault, and HashiCorp Vault — presenting a unified API that applications could query regardless of the underlying store. CI/CD integrations were built for Jenkins, GitHub Actions, and GitLab CI, injecting secrets at build time from the central store without exposing values in pipeline logs. An automated rotation engine handled credential rotation across all connected systems simultaneously, with rollback capability if any downstream system failed to accept the new credential.
Results