EveryDev.ai
Subscribe
Home
Tools

3,046+ AI tools

  • New
  • Trending
  • Featured
  • Compare
  • Arena
Categories
  • Agents2063
  • Coding1441
  • Infrastructure665
  • Marketing524
  • Projects470
  • Research437
  • Design408
  • Analytics371
  • MCP268
  • Security265
  • Testing255
  • Data249
  • Integration183
  • Prompts183
  • Communication172
  • Learning166
  • Extensions163
  • Voice146
  • Commerce132
  • DevOps115
  • Web84
  • Finance24
AI Tools by Topic
  • AI Coding Assistants
  • Agent Frameworks
  • MCP Servers
  • AI Prompt Tools
  • Vibe Coding Tools
  • AI Design Tools
  • AI Database Tools
  • AI Website Builders
  • AI Testing Tools
  • LLM Evaluations
Follow Us
  • X / Twitter
  • LinkedIn
  • Reddit
  • Discord
  • Threads
  • Bluesky
  • Mastodon
  • YouTube
  • GitHub
  • Instagram
Get Started
  • About
  • Editorial Standards
  • Corrections & Disclosures
  • Community Guidelines
  • Advertise
  • Contact Us
  • Newsletter
  • Submit a Tool
  • Start a Discussion
  • Write A Blog
  • Share A Build
  • Terms of Service
  • Privacy Policy
Explore with AI
  • ChatGPT
  • Gemini
  • Claude
  • Grok
  • Perplexity
Agent Experience
  • llms.txt
Theme
With AI, Everyone is a Dev. EveryDev.ai © 2026
    1. Home
    2. Tools
    3. SikkerKey
    SikkerKey icon

    SikkerKey

    Access Control

    EU-native secrets manager and vault that authenticates machines via Ed25519 signed requests instead of bearer tokens, with support for AI agents, access policies, and multi-cloud workloads.

    Visit Website

    At a Glance

    Pricing
    Free tier available

    For solo developers who need secure secrets storage and management.

    Startup: $25/mo
    Enterprise: $125/mo

    Engagement

    Available On

    Web
    API
    CLI
    SDK

    Resources

    WebsiteDocsGitHubllms.txt

    Topics

    Access ControlApplication SecurityMCP Servers

    Alternatives

    DopplerInfisicalSailPoint
    Developer
    SikkerKeyDenmarkEst. 2026

    Listed Jul 2026

    About SikkerKey

    SikkerKey is a secrets manager and vault built and hosted in the European Union by a Danish team. It stores credentials — database URLs, API keys, signing keys — and authenticates every machine that reads them using Ed25519 signed requests rather than bearer tokens, so there is no transferable credential sitting on a workload's filesystem to leak. The product grew out of SikkerAPI, a threat-intelligence service that ran a global honeypot network using the same signed-request machine authentication model.

    What It Is

    SikkerKey is a SaaS secrets management platform in the same category as Doppler, AWS Secrets Manager, Akeyless, and Infisical. Its core job is to store encrypted credentials and deliver them securely to the applications and infrastructure that need them. What distinguishes it from most competitors is the authentication primitive: instead of issuing a bearer token that a workload presents on each API call, SikkerKey registers each machine's Ed25519 public key and requires every request to carry a fresh signature computed from the private key that never leaves the host. The signature commits to the method, path, body, timestamp, and a one-time nonce, making captured requests non-replayable. Timestamps expire after five minutes and every nonce is single-use.

    Encryption and Secret Storage Architecture

    Secrets are protected with three-layer envelope encryption. Each secret is encrypted with its own AES-256-GCM data key; that data key is encrypted with a per-project master key; the master key is encrypted with a root key held on separate, isolated infrastructure — not in a third-party KMS and not on the systems that store the data. Each version of a secret has its own data key, so rollback to a prior version decrypts independently without sharing keys with newer versions.

    Key storage features include:

    • Single-value, structured (multi-field), managed, TTL-bounded, and canary secret types
    • Version history and rollback
    • Manual and automatic rotation (whole-secret or per-field) for PostgreSQL, MySQL, Redis, and MongoDB
    • Canary secrets that lock the entire project in the same database transaction as the first read, optionally extending the lockdown to every other project the same machine can access
    • Trash and restore

    Machine Identity and Access Policies

    SikkerKey models four distinct identity classes: long-lived machines (servers, services), ephemeral machines (CI runners, autoscaled pods), temporary machines (contractors, incidents, migrations), and AI agents. Each class has its own enrollment path and capability surface.

    Access policies stack multiple constraints onto a single policy object that can be bound to any secret:

    • Time-of-day windows and business-hours locks
    • IP allowlists and country (ISO-3166) allowlists
    • Rate caps and TTL-bounded read counts
    • Co-sign (multi-party approval)
    • Rotate-after-read (canary trigger)

    Ephemeral machine enrollment tokens can enforce hostname regex matching, source CIDR ranges, and name templates, and auto-expire machines after a configurable lifetime.

    AI Agent Integration

    SikkerKey treats AI agents as a structurally separate identity class stored in a distinct database table with its own scope catalog. The routes that return decrypted secret values look up the machine table and do not accept an agent identity as a caller — the separation is enforced at the data layer, not by a policy check. An agent granted every management scope (rotate secrets, configure policies, audit reads, manage machines) still cannot fetch a stored secret value. The product ships a plaintext-blind MCP server compatible with Claude Code, Codex, and Cursor.

    Platform and Integration Coverage

    SikkerKey is cloud-agnostic by design. The same bootstrap script runs on EC2, GKE, AKS, Hetzner, Vercel, Fly.io, on-prem racks, and developer laptops without requiring IAM federation, OIDC bridges, or cloud-specific trust anchors.

    Native SDKs are available for Node.js, Python, Go, Kotlin/JVM, .NET, and PHP. Container and orchestration integrations cover Docker, Podman, Kubernetes, Helm, Nomad, and OpenShift. CI/CD integrations include GitHub Actions, GitLab CI, Bitbucket, Jenkins, CircleCI, Buildkite, TeamCity, Travis CI, and Drone. PaaS integrations include Vercel, Netlify, Railway, Render, and Fly.io. A single-binary CLI and a signed HTTPS API cover everything else.

    EU Jurisdiction and Origin

    The vault, dashboard, API, audit log, and rotation worker run on SikkerKey's infrastructure inside the European Union, under EU law, operated from Denmark. The product is positioned as the European alternative for teams whose compliance or data-residency requirements preclude storing sensitive credentials on platforms governed outside the EU. SikkerKey is SaaS-only; running the vault in a customer's own data center is explicitly not supported.

    SikkerKey - 1

    Community Discussions

    Be the first to start a conversation about SikkerKey

    Share your experience with SikkerKey, ask questions, or help others learn from your insights.

    Pricing

    FREE

    Developer

    For solo developers who need secure secrets storage and management.

    • 10 machines included
    • Unlimited projects and secrets
    • Organization & Members
    • Email alerts
    • 1 month audit retention

    Startup

    Popular

    For small teams that need secure secrets storage and management, plus team management capabilities.

    $25
    per month
    • 25 machines included
    • Unlimited projects and secrets
    • Organization & Members
    • Email alerts
    • 12 months audit retention
    • 1,000/day webhook deliveries
    • SSO (SAML 2.0)
    • CLI & sync agent
    • MCP server
    • SDKs (Go, Python, Node, C#, Kotlin/JVM)
    • Passkeys (WebAuthn)
    • Two-factor authentication
    • OAuth sign-in
    • Direct in-dashboard support

    Enterprise

    For large teams that need secure secrets storage and management, team management capabilities, and longer audit log retention for compliance.

    $125
    per month
    • 150 machines included
    • Unlimited projects and secrets
    • Organization & Members
    • Email alerts
    • 24 months audit retention
    • 5,000/day webhook deliveries
    • SSO (SAML 2.0)
    • CLI & sync agent
    • MCP server
    • SDKs (Go, Python, Node, C#, Kotlin/JVM)
    • Passkeys (WebAuthn)
    • Two-factor authentication
    • OAuth sign-in
    • Direct in-dashboard support
    View official pricing

    Capabilities

    Key Features

    • Ed25519 signed request machine authentication
    • Three-layer envelope encryption (AES-256-GCM)
    • Canary secrets with project lockdown on first read
    • Structured multi-field secrets with per-field grants
    • Secret version history and rollback
    • Manual and automatic secret rotation (PostgreSQL, MySQL, Redis, MongoDB)
    • Access policies with time windows, IP allowlists, rate caps, co-sign, and TTL
    • Long-lived, ephemeral, and temporary machine identity classes
    • AI agent identity class structurally read-blind on secret values
    • Plaintext-blind MCP server for Claude Code, Codex, and Cursor
    • Single-binary CLI and sync agent
    • Native SDKs for Node.js, Python, Go, Kotlin/JVM, .NET, and PHP
    • Audit log with CSV export and severity-tagged alerts
    • HMAC-signed webhooks with SSRF protection
    • SSO (SAML 2.0)
    • Passkeys (WebAuthn) and two-factor authentication
    • EU-hosted infrastructure under EU jurisdiction
    • Cloud-agnostic bootstrap (no IAM federation required)
    • Trash and restore for secrets
    • CI template builder for ephemeral machine enrollment

    Integrations

    Node.js
    Python
    Go
    Kotlin / JVM
    .NET
    PHP
    Docker
    Podman
    Kubernetes
    Helm
    Nomad
    OpenShift
    Raspberry Pi
    GitHub Actions
    GitLab CI
    Bitbucket
    Jenkins
    CircleCI
    Buildkite
    TeamCity
    Travis CI
    Drone
    Argo
    Vercel
    Netlify
    Railway
    Render
    Fly.io
    DigitalOcean
    Claude Code
    Codex
    Cursor
    PostgreSQL
    MySQL
    Redis
    MongoDB
    Supabase
    API Available
    View Docs

    Ratings & Reviews

    No ratings yet

    Be the first to rate SikkerKey and help others make informed decisions.

    Developer

    SikkerKey Team

    SikkerKey builds a secrets manager and vault for applications and infrastructure, headquartered in Denmark and hosted entirely within the European Union. The product grew out of SikkerAPI, a threat-intelligence service that operated a global honeypot network using the same Ed25519 signed-request machine authentication model now at SikkerKey's core. The team focuses on cloud-agnostic, EU-jurisdiction secrets management with structural security guarantees — including an AI agent identity class that is architecturally read-blind on stored secret values. SikkerKey positions itself as the European alternative to US-governed secrets managers like Doppler, AWS Secrets Manager, and Infisical.

    Founded 2026
    Denmark
    Read more about SikkerKey Team
    WebsiteGitHubLinkedInX / Twitter
    1 tool in directory

    Similar Tools

    Doppler icon

    Doppler

    Doppler is a secrets management platform that securely stores, manages, and syncs API keys, database URLs, and other sensitive credentials across teams, pipelines, and AI agents.

    Infisical icon

    Infisical

    An open-source, all-in-one platform to securely manage application secrets, certificates, SSH keys, and configurations across teams and infrastructure.

    SailPoint icon

    SailPoint

    SailPoint is an enterprise identity security platform that governs and secures access for human, machine, and AI identities across complex organizations.

    Browse all tools

    Related Topics

    Access Control

    AI-enhanced tools for managing authentication and authorization.

    24 tools

    Application Security

    AI tools for securing software applications and identifying vulnerabilities.

    96 tools

    MCP Servers

    Model Context Protocol servers that extend AI capabilities.

    129 tools
    Browse all topics
    Back to all toolsSuggest an edit
    ratings
    discussions