Alternatives to TruffleHog
Compare TruffleHog alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to TruffleHog in 2026. Compare features, ratings, user reviews, pricing, and more from TruffleHog competitors and alternatives in order to make an informed decision for your business.
-
1
Keeper Security
Keeper Security
Keeper Security is transforming the way people and organizations around the world secure their passwords and passkeys, secrets and confidential information. Keeper’s easy-to-use cybersecurity platform is built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Keeper’s solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by millions of individuals and thousands of organizations globally, Keeper is the leader for best-in-class password and passkey management, secrets management, privileged access, secure remote access and encrypted messaging. Protect what matters at KeeperSecurity.com. -
2
GitGuardian
GitGuardian
GitGuardian is an end-to-end NHI security platform that empowers software-driven organizations to enhance their Non-Human Identity (NHI) security and comply with industry standards. With attackers increasingly targeting NHIs, such as service accounts and applications, GitGuardian integrates Secrets Security and NHI Governance. This dual approach enables the detection of compromised secrets across your dev environments while also managing non human identities and their secrets lifecycle. The platform supports over 450+ types of secrets, offers public monitoring for leaked data, and deploys honeytokens for added defense. Trusted by over 600,000 developers, GitGuardian is the choice of leading organizations like Snowflake, ING, BASF and Bouygues Telecom for robust secrets protection.Starting Price: $0 -
3
SharePass
SharePass
SharePass is a SaaS Secret Management platform that allows sharing and managing secrets and confidential information using a web application, extension, or mobile app. SharePass works with encrypted links transmitted from the sender to the receiver with various settings and flags. The settings include expiry restriction, availability, IP restrictions and an entire filtering funnel (patent pending). SharePass is platform-independent that can be used with your existing communication tools. When it comes to your privacy, SharePass or any of its employees cannot see the content of your secrets; the secrets can be seen only by the exchanging parties. SharePass meets the latest cybersecurity compliance and regulations. In the era of identity theft, SharePass will protect you and prevent your data from leaking to the dark web by eliminating your digital footprint. SharePass supports SSO with Office365, Google Workspace, MFA, and integration with Yubikeys for maximum security.Starting Price: Free -
4
Doppler
Doppler
Stop struggling with scattered API keys, hacking together home-brewed configuration tools, and avoiding access controls. Give your team a single source of truth with Doppler. The best developers automate the pain away. Create references to frequently used secrets in Doppler. Then when they need to change, you only need to update them once. Your team's single source of truth. Organize your variables across projects and environments. The scary days of sharing secrets over Slack, email, git, zip files, are over. After adding a secret, your team and their apps have it instantly. Like git, the Doppler CLI smartly knows which secrets to fetch based on the project directory you are in. Gone are the futile days of trying to keep ENV files in sync! Practice least privilege with granular access controls. Reduce exposure when deploying with read-only service tokens. Contractor needs access to just development? Easy!Starting Price: $6 per seat per month -
5
Cycode
Cycode
A platform for security, governance, and pipeline integrity for all your development tools & infrastructure. Harden your source control management systems (SCM), find secrets, leaks and prevent code tampering. Scan your CI/CD settings and Infrastructure-as-Code (IaC) for security misconfiguration. Identify drift between production systems IaC configurations and prevent source code tampering. Stop developers from inadvertently exposing proprietary code in public repositories, fingerprint code assets and proactively identify exposure on public sites. Inventory assets, enforce security policies, and easily demonstrate compliance across all your DevOps tools and infrastructure, both in the cloud and on-premises. Scan IaC for security misconfigurations and ensure compliance between defined IaC configurations and production infrastructure. Scan every commit or pull/merge request for hard-coded secrets and prevent them from reaching the master branch across all SCMs and programming languages. -
6
Truffle
Truffle
Truffle is the screening engine built for hiring teams who refuse to settle for résumé roulette. Our 1-minute Intake Wizard turns job requirements and culture cues into tailored interview questions, then invites every candidate to respond on their time. Behind the scenes, Truffle’s “Hiring Brain” transcribes answers, analyses skills and sentiment, checks for alignment with your values, and delivers an executive-ready shortlist with searchable transcripts. Recruiters see exactly why someone is a match, managers collaborate in one click, and candidates enjoy a friction-free experience on any device. What makes us different? 1. Interview-first, bias-aware AI – surfaces talent résumés miss. 2. Real-time pipeline dashboard – live status, nudges, and analytics. 3. Native & Zapier integrations – Greenhouse, Lever, Workable, Ashby, Slack, Gmail, Indeed, and 5,000 + apps. 4. Free trial sandbox – test drive 10 interviews without a credit card.Starting Price: $99/month -
7
Mushroom Networks Truffle
Mushroom Networks
Truffle is a Broadband Bonding router appliance that combines and intelligently manages several (2 to up to 16) Internet transports (such as MPLS, DIA, DSL, cable, fiber, satellite, 4G LTE or 5G) from any of service provider. Truffle monitors, detects, and adapts to the fluctuations in your ISP performance as well as your changing traffic profile. This means Truffle will solve the network problems automatically and will avoid interruptions to your Internet services and applications. Truffle provides the ultimate way to add additional bandwidth to your network when you need it. Simply plug in additional broadband lines to increase your network capacity cost-effectively. Relying on a single service provider will limit network SLAs to that single service provider. You can get the best of all worlds by aggregating service providers to build your own, best-in-class bandwidth, leveraging cable modem’s bandwidth, DSL’s dedicated last-mile transport, and low latency of MPLS. -
8
Truffle
Truffle
Truffle is a Twitter/X social listening app that analyses posts with AI, helping you find hidden patterns and insights. Enter up to 3 profiles at the same time, what you're looking for, and AI tracks them for you. Always double-check, AI can make mistakes. -
9
AWS Secrets Manager
Amazon
AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text. Secrets Manager offers secret rotation with built-in integration for Amazon RDS, Amazon Redshift, and Amazon DocumentDB. Also, the service is extensible to other types of secrets, including API keys and OAuth tokens. In addition, Secrets Manager enables you to control access to secrets using fine-grained permissions and audit secret rotation centrally for resources in the AWS Cloud, third-party services, and on-premises. AWS Secrets Manager helps you meet your security and compliance requirements by enabling you to rotate secrets safely without the need for code deployments.Starting Price: $0.40 per month -
10
Onboardbase
Onboardbase
Onboardbase is the a secret management infrastructure platform that provides single source of shared truth for app secrets and usage. It helps dev teams securely share and work with environment-specific configs at every development stage, synced across infrastructure without compromising security - this means development teams can focus on building great apps rather than managing secrets and data. Secrets are dynamically kept up to date across your environments and infrastructure, with 50+ integrations and growing. Dev teams can monitor and audit how long, where and when your secrets are used and revoke usage anywhere with a click. Powerful always-on codebase scanning features prevent developers from accidentally leaking secrets to production, maintaining a robust security model.Starting Price: Free -
11
HashiCorp Vault
HashiCorp
Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API. Secure applications and systems with machine identity and automate credential issuance, rotation, and more. Enable attestation of application and workload identity, using Vault as the trusted authority. Many organizations have credentials hard coded in source code, littered throughout configuration files and configuration management tools, and stored in plaintext in version control, wikis, and shared volumes. Safeguarding and ensuring that a credentials isn’t leaked, or in the likelihood it is, that the organization can quickly revoke access and remediate, is a complex problem to solve. -
12
Knox
Pinterest
Knox is a secret management service. Knox is a service for storing and rotation of secrets, keys, and passwords used by other services. Pinterest has a plethora of keys or secrets doing things like signing cookies, encrypting data, protecting our network via TLS, accessing our AWS machines, communicating with our third parties, and many more. If these keys become compromised, rotating (or changing our keys) used to be a difficult process generally involving a deploy and likely a code change. Keys/secrets within Pinterest were stored in git repositories. This means they were copied all over our company's infrastructure and present on many of our employees laptops. There was no way to audit who accessed or who has access to the keys. Knox was built to solve these problems. Ease of use for developers to access/use confidential secrets, keys, and credentials. Confidentiality for secrets, keys, and credentials. Provide mechanisms for key rotation in case of compromise. -
13
SlashID
SlashID
Identity is the most common vector for lateral movement and data breaches. SlashID helps you build a secure, compliant, and scalable identity infrastructure. Manage the creation, rotation and deletion of identities and secrets in a single place. Complete inventory of all your identities and secrets, multi-cloud. Detect initial access, privilege escalation, and lateral movement across your IdPs and cloud environments. Add authentication, authorization, conditional access, and tokenization to your services. Detect leaked key materials in real-time and prevent data breaches by rotating them. Automatically block, suspend, rotate or enforce MFA on a detection to reduce the impact of an attack. Add MFA and conditional access to your applications. Add authentication, authorization, credential tokenization, and conditional access to your APIs and workloads. -
14
Bravura Safe
Bravura Security
Bravura Safe is a zero-knowledge secret and passwords manager that centrally, consistently, and securely manages decentralized passwords, and secrets so your employees don't have to. It complements core password management solutions that organizations already use. Bravura Safe leverages two decades of Bravura Security’s enterprise cybersecurity solutions. Employees can securely send time-bound passwords for new accounts, encryption keys for files, or entire files without them being leaked or intercepted, and with only one password to their Bravura Safe to remember. The recent rising threat of organizational insiders being paid to help in cyberattacks combined with notoriously bad secret and password hygiene at an individual level is a cause for cybersecurity leaders to be concerned. While IT teams have focused on implementing strong SSO, password management, identity and even privileged access management solutions, the work-from-home world has caused shadow IT to explode. -
15
Yandex Lockbox
Yandex
Create secrets in the management console or using the API. Your secrets are safely stored in one place, easily integrated with your cloud services, and accessible via external systems over the gRPC or REST API. Encrypt your secrets using Yandex Key Management Service keys. Secrets are only stored in encrypted form. You can choose pre-configured service roles to ensure granular access to your secrets. Set up access permissions to read or manage your secret or its metadata. Create a secret, select a Key Management Service (KMS) key, and securely store your login-password pairs and other sensitive information. A secret may contain any of your confidential information, e.g. a login-password pair, server certificate keys, or cloud service account keys. Each secret stored by the service can have multiple versions of stored data. The service stores this data securely in encrypted form. All secrets are replicated in three availability zones.Starting Price: $0.0277 per 10000 operations -
16
GitHub Advanced Security
GitHub
With AI-powered remediation, static analysis, secret scanning, and software composition analysis, GitHub Advanced Security helps developers and security teams work together to eliminate security debt and keep new vulnerabilities out of code. Code scanning with Copilot Autofix detects vulnerabilities, provides contextual explanations, and suggests fixes in the pull request and for historical alerts. Solve your backlog of application security debt. Security campaigns target and generate autofixes for up to 1,000 alerts at a time, rapidly reducing the risk of application vulnerabilities and zero-day attacks. Secret scanning with push protection guards over 200 token types and patterns from more than 150 service providers, even elusive secrets like passwords and PII. Powered by security experts and a global community of more than 100 million developers, GitHub Advanced Security provides the insights and automation you need to ship more secure software on schedule.Starting Price: $49 per month per user -
17
ByteHide
ByteHide
ByteHide is an all-in-one, developer-first application security platform designed to protect code, secrets, data, and runtime environments, while minimizing your dependencies and risk. It integrates seamlessly with your development workflows and communication tools, delivering key security insights and alerts without disrupting productivity. Operating under a zero-knowledge model, ByteHide uses client-side encryption so only you hold the keys, and it never stores your source code. With minimal, typically read-only permissions, you remain fully in control of what repositories and data sources are analyzed. ByteHide’s core tools include Shield for next-generation code obfuscation and anti-tampering, Secrets for AI-powered secret detection and decentralized management, Monitor for real-time runtime threat detection, and Radar for unified SAST/SCA scanning. These tools run in secure, isolated environments and automatically mask sensitive personal data.Starting Price: €39.99 per month -
18
Theom
Theom
Theom is a cloud data security product that discovers and protects all data in cloud stores, APIs, and message queues. Like a bodyguard who closely follows and protects a high-value asset, Theom ensures controls follow the data regardless of how it is stored or accessed. Theom identifies PII, PHI, financial information, and trade secrets using agentless scanning and NLP classifiers, which support custom taxonomies. Theom discovers dark data, data that are never accessed, and shadow data, data whose security posture is different from the primary copy. Theom pinpoints confidential data, e.g., developer keys, in APIs and message queues. Theom estimates the financial value of data to help prioritize risks. Theom maps the relationships between data, access identities, and security attributes to uncover the risks to data. Theom shows how high-value data is accessed by identities (users and roles). Security attributes including user location, atypical access patterns, etc. -
19
SecretHub
SecretHub
Upgrade security throughout the stack with a unified secrets management platform that every engineer can use – from admin to intern. Putting passwords and API keys in source code creates a security risk. But handling them properly creates complexity that makes it extremely cumbersome to deploy. Git, Slack, and email are designed to share information, not to keep secrets. Copy-pasting values and waiting on that one admin who holds all the keys simply don't scale when you're deploying software multiple times a week. It's impossible to track who accessed what secrets at what time, making compliance audits a nightmare. Eliminate secrets in source code by replacing plaintext values with a reference to the secret. SecretHub then automatically loads secrets into your app the moment it starts. Use the CLI to encrypt and store secrets and then simply tell the code where to look for the secret. Your code is now free of secrets and can be shared with everyone on your team.Starting Price: $99 per month -
20
Infisical
Infisical
Compare secrets across environments and see what's different or missing. Set personal values for secrets – either during local development or for sensitive secrets. Easily inherit other secrets to establish a single source of truth. Automatically identify and prevent secret leaks to git using Infisical's continuous monitoring and pre-commit checks – support over 140 secret types.Starting Price: $6 per month -
21
Unified.to
Unified.to
Ship the integrations your customers and prospects need now and watch your revenue soar, without compromising your core product. Deliver secure, deep and powerful integrations for all kinds of use cases with advanced observability and security features. We never store your customers' data, plus, you can even securely store your customers' OAUTH2 access tokens in your AWS Secrets Manager account. Keep your customers' credentials secure with OAUTH2 authentication while giving your customers full control to revoke access tokens anytime. Take charge of branding and security by using your OAUTH2 client IDS and secrets, giving your application full autonomy over authorization pages and access tokens. Skip the headache of juggling different APIs and complex data transformations. Simplify your integration process with one API and one data model.Starting Price: $250 per month -
22
Entro
Entro Security
Non-Human Identity & Secrets Security Platform. A pioneer in non-human identity management, Entro enables organizations to securely utilize non-human identities and secrets, overseeing their usage and automating their lifecycle from inception to rotation. Secrets-based cyber attacks are devastating and growing as more and more secrets are created by R&D teams and spread across various vaults and repositories with no real secret management, monitoring, or security oversight. Streamline and secure your non-human identity lifecycle management. With Entro, security teams can now oversee and protect Non-human identities with automated lifecycle management and seamless integration, ensuring comprehensive security & compliance through a unified interface. -
23
GitHub Advanced Security for Azure DevOps is an application security testing service that is native to the developer workflow. It empowers Developer, Security, and Operations (DevSecOps) teams to prioritize innovation and enhance developer security without sacrificing productivity. Detect and prevent secret leaks from your application development processes with secret scanning. Take advantage of a partner program of more than 100 service providers and scanning for more than 200 token types. Adopt secret scanning quickly and easily without the need for additional tooling via the Azure DevOps UI. Protect your software supply chain by identifying any vulnerable open source components you may be using with dependency scanning. Get straightforward guidance on how to update component references so you can fix issues in minutes.Starting Price: $2 per GiB
-
24
PrivX
SSH Communications Security
PrivX is a scalable, cost-efficient, and highly automated privileged access management (PAM) solution for hybrid and multi-cloud environments, quantum-safe connections and any combination of password vaulting, rotation, and passwordless authentication. PrivX makes PAM easy, productive, and secure while decreasing complexity and costs. PrivX reduces the risk of passwords, keys, and other leave-behind credentials by eliminating them right after access authentication. Instead, it uses short-lived, ephemeral certificates. Your privileged users and superusers get just-in-time, role-based Zero Trust access without the need to handle, vault, manage or rotate any secrets. PrivX also supports hybrid environments with a secrets vault and password rotation when necessary. It even allows you to make quantum-safe SSH connections. -
25
ExchangeDefender
BlockSafe Technologies
Crypto exchanges have hot wallets and cold wallets. The wallets store user secret keys as well as the exchange’s secret keys. Most of the keys are stored offline in vaults (cold wallet). A portion of the keys are stored on servers connected to the internet (hot wallet) to facilitate transactions. These servers are susceptible to a data breach just like any other hacker attack. Exchange Defender comprises two products to protect the internal systems of the crypto exchange. These are – CryptoDefender™ (described earlier) and ProtectID®. ™protects the exchange’s computers and mobile devices from keylogging, screen capture and clickjack attacks. ProtectID® secures access to the internal systems via two factor out-of-band authentication. -
26
Keywhiz
Keywhiz
Keywhiz is a system for managing and distributing secrets. It can fit well with a service oriented architecture (SOA). Here is an overview in presentation format. Common practices include putting secrets in config files next to code or copying files to servers out-of-band. The former is likely to be leaked and the latter difficult to track. Keywhiz makes managing secrets easier and more secure. Keywhiz servers in a cluster centrally store secrets encrypted in a database. Clients use mutually authenticated TLS (mTLS) to retrieve secrets they have access to. Authenticated users administer Keywhiz via CLI. To enable workflows, Keywhiz has automation APIs over mTLS. Every organization has services or systems that require secrets. Secrets like TLS certificates/keys, GPG keys, API tokens, database credentials. Keywhiz is reliable and used in production, however occasional changes may break API backward compatibility. -
27
Hemmelig.app
Hemmelig.app
Hemmelig lets you share secrets securely with encrypted messages that automatically self-destruct after being read. Paste a password, confidential message, or private data. Ensure your sensitive data remains encrypted, secure, and confidential. The secret link, by default, is a one-time use only, after which it will vanish. Hemmelig, [he`m:(ə)li], means secret in Norwegian.Starting Price: Free -
28
Avalanche
Avalanche
Build on Avalanche. Build without limits. Avalanche is an open, programmable platform for decentralized finance applications. Launch Ethereum dapps that confirm transactions instantly and process thousands of transactions per second, far beyond any decentralized blockchain platform today. Deploy blockchains that fit your own application needs. Build your own virtual machine and dictate exactly how the blockchain should operate. Stake, or lock up, your AVAX to help process transactions and further secure the platform–providing security guarantees well-above the 51% standard. You probably have the hardware required to join the platform. Avalanche is Solidity-compatible. All of your favorite tools like Remix, Truffle, and Tenderly work out of the box. Deploying smart contracts on Avalanche cost just a tenth of what they cost on Ethereum. High gas fees, front-running, and other adverse effects of slow smart contract blockchains are now a thing of the past. -
29
Moonriver
Moonbeam Network
Moonriver is a companion network to Moonbeam and provides a permanently incentivized canary network. New code ships to Moonriver first, where it can be tested and verified under real economic conditions. Once proven, the same code ships to Moonbeam on Polkadot. Quickly deploy your new or existing Solidity DApps to the Moonriver parachain — with little or no modifications — and gain easy access to the Kusama network. By mirroring Ethereum’s Web3 RPC, accounts, keys, subscriptions, logs, and more, Moonriver minimizes the changes required to run existing Solidity smart contracts on the network. Ethereum projects can simply replicate their DApp and deploy it to Moonbeam using Hardhat, Truffle, Remix, and other popular deployment tools. Quickly deploy your new or existing Solidity DApps to the Moonriver parachain — with little or no modifications — and gain easy access to the Kusama network. -
30
Echidna
Crytic
Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smart contracts. It uses sophisticated grammar-based fuzzing campaigns based on a contract ABI to falsify user-defined predicates or Solidity assertions. We designed Echidna with modularity in mind, so it can be easily extended to include new mutations or test specific contracts in specific cases. Generates inputs tailored to your actual code. Optional corpus collection, mutation and coverage guidance to find deeper bugs. Powered by Slither to extract useful information before the fuzzing campaign. Source code integration to identify which lines are covered after the fuzzing campaign. Interactive terminal UI, text-only or JSON output. Automatic test case minimization for quick triage. Seamless integration into the development workflow. Maximum gas usage reporting of the fuzzing campaign. Support for a complex contract initialization with Etheno and Truffle.Starting Price: Free -
31
Etheno
Crytic
Etheno is an Ethereum-testing, JSON RPC multiplexer, analysis tool wrapper, and test integration tool. It eliminates the complexity of setting up analysis tools like Echidna on large, multi-contract projects. If you are a smart contract developer, you should use Etheno to test your contracts. If you are an Ethereum client developer, you should use Etheno to perform differential testing on your implementation. Etheno runs a JSON RPC server that can multiplex calls to one or more clients. API for filtering and modifying JSON RPC calls. Enables differential testing by sending JSON RPC sequences to multiple Ethereum clients. Deploy to and interact with multiple networks at the same time. Integration with test frameworks like Ganache and Truffle. Run a local test network with a single command. Use our prebuilt Docker container to quickly install and try Etheno. Etheno can be used in many different ways and therefore, has numerous command-line argument combinations.Starting Price: Free -
32
Confidant
Confidant
Confidant is a open source secret management service that provides user-friendly storage and access to secrets in a secure way, from the developers at Lyft. Confidant solves the authentication chicken and egg problem by using AWS KMS and IAM to allow IAM roles to generate secure authentication tokens that can be verified by Confidant. Confidant also manages KMS grants for your IAM roles, which allows the IAM roles to generate tokens that can be used for service-to-service authentication, or to pass encrypted messages between services. Confidant stores secrets in an append-only way in DynamoDB, generating a unique KMS data key for every revision of every secret, using Fernet symmetric authenticated cryptography. Confidant provides an AngularJS web interface that allows end-users to easily manage secrets, the mappings of secrets to services and the history of changes. -
33
Locker Password Manager
CyStack
Locker is a password manager that goes beyond the mere concept of password management. Locker helps users secure sensitive data such as passwords, secret notes, payment cards, crypto backups and identities. Locker stores your sensitive data, logs you into your favorite sites, scans for data breaches, and more. Locker offers other additional security-related features, such as private emails, built-in authenticator,... Every feature in Locker is built on the foundation of privacy and transparency to ensure the highest security for users. We believe everyone deserves a secure and seamless internet experience, and Locker strives to provide just that. Whether tech-savvy or not, you can keep yourself safe online with Locker.Starting Price: $1.29 per user/month -
34
Truffle POS
Truffle
Beyond Point of Sale, Truffle specializes in scaling restaurants to multi-location digital powerhouses. With features that enable restaurants to go digital beyond their Point of Sale. 60% of consumers look to place orders online. With the meteoric rise of online ordering, restaurants now can generate new revenue streams. Streamline your online abilities and watch your profits grow! Reduce mistakes and get food to your guests faster. Improve order accuracy, communication and delight your guests. Real-time inventory tracking, 86 Items on the fly, and never run out of stock during your peak times. Centralize all third party and online orders in one easy to use interface. and eliminate the clutter of multiple tablets. Automate your table reservations, by allowing guests to pre-book a table online. Delight your guests by delivering an exceptional guest experience.Starting Price: $69.99 per month -
35
Cyqur
Binarii Labs
You control where your passwords and seed phrases are secured via the Cyqur browser extension. Cyqur encrypts, fragments, and distributes your data wherever you want for unprecedented security. Although, it’s always you who owns and controls your data. By adding the proof of record from the blockchain, the security process is complete. Encrypted pieces are stored across multiple cloud providers so data is incomplete and useless if hacked. Multi-cloud data sovereignty, automated seed word protection, blockchain-based proof of record, customizable MFA, a referral program for credits, and direct personal customer support. Store up to 50 text based secrets (e.g., notes, PINs, secret phrases, banking credentials, MFA backup codes). Secrets are uniquely fragmented, encrypted, and stored across three separate cloud locations for enhanced security. Enhanced log-on authentication with customizable MFA options.Starting Price: €15 one-time payment -
36
CyberArk Conjur
CyberArk
A seamless open source interface to securely authenticate, control and audit non-human access across tools, applications, containers and cloud environments via robust secrets management. Secrets grant access to applications, tools, critical infrastructure and other sensitive data. Conjur secures this access by tightly controlling secrets with granular Role-Based Access Control (RBAC). When an application requests access to a resource, Conjur authenticates the application, performs an authorization check against the security policy and then securely distributes the secret. Security policy as code is the foundation of Conjur. Security rules are written in .yml files, checked into source control, and loaded onto the Conjur server. Security policy is treated like any other source control asset, adding transparency and collaboration to the organization’s security requirements. -
37
qProtect
QuintessenceLabs
qProtect™ delivers powerful data protection for the most sensitive and critical assets, particularly when they are in uncontrolled environments. It offers a much-needed practical solution for the protection of critical mobile data. Capabilities include automatic secure erasure of one-time key material when recording data, and “virtual zeroization”, to protect confidential information wherever it is, now and into the future. Our product portfolio and strong technical partnerships deliver broad security capabilities for the strongest security posture, today and tomorrow. QuintessenceLabs quantum-enabled solutions integrate with today’s encryption technologies. Centralized and vendor-neutral encryption key management solution. Designed to easily address the toughest challenges in key management. Crypto agile is adaptable to quantum-resistant algorithms. The point-to-point protocol that uses specialized hardware to share secret keys over an optical link. -
38
Segura
Segura
Segura® (formerly senhasegura) is a cybersecurity company focused on Privileged Access Management (PAM). Its platform helps organizations secure and manage privileged identities, credentials, and secrets across hybrid and cloud environments. Segura supports use cases such as credential vaulting, session monitoring, privilege elevation, and secrets management for DevOps. Designed to simplify complex identity security challenges, Segura provides IT teams with visibility, control, and tools to reduce risk and support compliance. The company operates globally through a network of partners and serves customers across key sectors, including finance, healthcare, government, telecom, and critical infrastructure. -
39
Password Scale
Talpor
Solve the team frustrations when managing passwords, get access to the shared password pool only by entering in a Slack group. Keep the team passwords encrypted and saved in a secure storage, mitigate the risk of compromising passwords stored in multiples and potentially insecure places. We document the encryption design, publishing the entire source code, making possible code reviews and check the implemented zero-knowledge protocol. To retrieve the link with the editor to create the secret, this link expires in 15 minutes. To make unreachable the secret, to complete deletion is necessary to do it manually from the s3 password storage. To setup the password storage, it is only necessary to execute it once. To retrieve a one-time-use link with the secret content, this link expires in 15 minutes. Go to our GitHub project for instructions on how to set up your own password server, also you can try the command on your Slack team using our test server. -
40
Astrix
Astrix Security
Astrix ensures your core systems are securely connected to third-party cloud services by extending access management and threat prevention to API keys, OAuth tokens, service accounts, and more. Our agentless, easy-to-deploy solution enables you to discover and remediate risky app-to-app connections that expose you to supply chain attacks, data breaches, and compliance violations. Get a consolidated view of all the connections to your critical systems: internal and external apps, access keys, secrets, and workflows. Uncover over-privileged, unnecessary, and untrusted connections. Get an alert when an app behaves suspiciously. -
41
Bearer
Bearer
Automate GDPR compliance by implementing Privacy by Design into your product development processes. Bearer helps you proactively find and fix data security risks and vulnerabilities across your application environment so you can prevent data breaches before they happen. Bearer helps security and development teams implement and monitor their data security policy at scale so they can prevent data breaches. Scan your applications and your infrastructure continuously to map sensitive data flows. Identify, prioritize and assess security risks and vulnerabilities that can lead to a data breach. Monitor your data security policy and empower your developers to fix issues on their own. Bearer’s detection engine supports 120+ data types, including personal, health and financial data, and adapts to your data taxonomy. -
42
Teleskope
Teleskope
Teleskope is a modern data protection platform designed to automate data security, privacy, and compliance at enterprise scale. It continuously discovers and catalogs data across cloud, SaaS, structured, and unstructured sources, classifying over 150 entity types such as PII, PHI, PCI, and secrets with high precision and high throughput. Once sensitive data is identified, Teleskope enables automated remediation, such as redaction, masking, encryption, deletion, and access correction, while integrating into developer workflows via its API-first model and supporting deployment as SaaS, managed, or self-hosted. The platform also builds prevention capabilities, embedding into SDLC pipelines to stop sensitive data from entering production systems, support safe AI adoption (without using unchecked sensitive data), handle data subject rights requests (DSARs), and map findings to regulatory standards (GDPR, CPRA, PCI-DSS, ISO, NIST, CIS). -
43
WidsMob PhotoVault
WidsMob
Private Photo Vault allows you to import photos into the app and hide them behind a password folder. Each and every photo you hide with PhotoVault is automatically AES-256 encrypted upon hiding. WidsMob PhotoVault keeps your photos/images locked up and protected with password protection. You can hide your pictures safely and easily in PhotoVault with password protection. Put your secret photos into the PhotoVault and hide them there without anyone knowing. You can easily view all your secret pictures on PhotoVault easily without any limitation. You can use PhotoVault to view secret pictures smoothly like a professional photo viewer. Full-screen viewing mode of PhotoVault makes you have a better viewing experience. You can view private photos in slideshow mode by setting the play duration and more. Simple edit functions to let you easily zoom or rotate your private photos without extra tools.Starting Price: $19.99 per year -
44
Corsha
Corsha
APIs power all of your applications and services. Secrets are shared. They are rarely rotated, sometimes never at all. API keys and tokens, even PKI, are getting leaked at an alarming rate. You need clear visibility into and simple control over the machines that are accessing your APIs. Organizations lack visibility into the machines that are leveraging API secrets, and as automation shifts risk from human to machine, the identities of these machines and the secrets they use is more important than ever. Corsha stops API attacks that use stolen or compromised API credentials and helps enterprises protect data and applications that leverage machine to machine (or service to service) API communication. -
45
Secret Network
Secret Network
Secret Network is the first blockchain with data privacy by default, allowing you to build and use applications that are both permissionless and privacy-preserving. This unique functionality protects users, secures applications, and unlocks hundreds of never-before-possible use cases for Web3. Whether you’re a developer, an artist, an entrepreneur, or a dreamer, you can become a Secret Agent and contribute to Secret Network. Check out the many contributors, collaborators, applications, and backers that make up the Secret Network ecosystem. With blockchain technology, we have the potential to create a more empowering and inclusive internet, what is often referred to as Web3. But current blockchains are public by default, exposing all data to everyone and putting users at risk. In order to enable meaningful use cases and achieve global adoption, users and organizations need control over how their data is used and shared, a concept we call programmable privacy. -
46
NGRAVE
NGRAVE
Fully offline hardware wallet, your private keys are never exposed to any online device. Built in partnership with world leaders in nano-technology & hardware security. The most advanced wallet generation process in the world. NGRAVE provides a mobile app to directly sync all the generated accounts from the ZERO. That way, the user can easily consult his real-time balances or ask to receive a transaction. Communication between the ZERO and the app occurs through QR-codes. This way, the app never has access to the secret keys on the ZERO. Hence, the secret keys are never exposed to any online attack vector. Not even when signing transactions. Create a computationally unique, unbreakable, & unpredictable secret key with a strong True Random Number Generation (TRNG) process. NGRAVE takes into account & radically improves every single step of the user journey. The coldest wallet generation & management. -
47
keyhold.io
keyhold.io
Your clients send credentials via Slack. Your contractors have passwords in email threads. Chaos. keyhold.io is a zero-knowledge secret custody platform for teams who manage credentials that aren't theirs. Send secure request links, collect credentials encrypted before they reach our servers, and get full audit trails of every access. Built for MSPs, agencies, and anyone tired of sensitive access scattered across chat threads.Starting Price: £50/month -
48
Password.link
Password.link
The link can only be opened once. This ensures nobody has opened it before the recipient and nobody can open it again afterward. The encrypted secret is deleted from our database when it has been viewed. There's no way to view it again. Sending secrets in plain text exposes them to threats even after the message has been long forgotten. Using a one-time link ensures that there are no valid credentials lying around in email inboxes or archived instant messages. Half of the encryption key is stored in the link itself and never seen by us or anyone else. Viewing the secret is not possible without the original link. Using our service you can create a one-time link to the credentials and be sure nobody sees them before the recipient. You can also configure notifications to be sent via different channels so you know when the credentials have been viewed, and by who.Starting Price: €8.99 per month -
49
SearchInform FileAuditor
SearchInform
SearchInform FileAuditor is a DCAP solution (data-centric audit and protection) for automated audit of information storages, search for access violations and tracking changes made to critical data. The system protects confidential documents from careless and deliberate malicious actions of employees and puts things in order in file storages. The system performs: •Classification of vulnerable data Finds files in a document flow that contain critical information, and adds a special mark to each file, indicating the type of info it contains: personal data, trade secret, credit card numbers, etc. •Access rights audit Controls access rights to information (full access, editing, reading, writing, reading and changing, etc.). Finds confidential files stored in violation of established security rules . •Monitoring and blocking user actions Audits user operations with the file system. •Critical documents archiving Makes shadow copies of critical files. -
50
Use keys to protect the secrets, personal data, and sensitive information you store in the cloud. Create and delete keys, set up access policies, and perform rotation via the management console, CLI, or API. Yandex KMS implements symmetric and asymmetric cryptography. Use the REST or RPC API to encrypt and decrypt small amounts of data, such as secrets and local encryption keys, as well as to sign data using e-signature schemes. You manage access to encrypted data, and Yandex KMS ensures the reliability and physical security of keys. Hardware Security Modules (HSMs) are available. Encrypt small amounts of data using the SDK in Java or Go. To encrypt larger amounts of data, the service is integrated with popular encryption libraries, including the AWS Encryption SDK and Google Tink. Integration with Yandex Lockbox makes it possible to encrypt secrets with your own keys. Secrets and data can also be protected using encryption keys in Managed Service for Kubernetes.Starting Price: $0.0230 per month
