Zero-Trust Database Access Joins Privileged Access Management

Database credentials continue to be a primary target in security incidents, yet many companies still rely on insecure methods like shared spreadsheets or hardcoded connection strings. To address this critical vulnerability, Keeper Security has launched KeeperDB, a new feature that integrates database access controls directly into its privileged access management (PAM) platform. This move aims to consolidate a major security gap under a unified zero-trust framework.

The announcement was made at the RSA Conference 2026, where Keeper also received multiple industry awards spanning password management, PAM, and zero-trust security. KeeperDB functions as a vault-native interface within KeeperPAM, allowing authorized personnel to connect directly to major databases like MySQL, PostgreSQL, Oracle, and Microsoft SQL Server from the secure Keeper Vault. This eliminates the need to expose plaintext credentials or use separate database management tools. Every connection is controlled by centralized policies and includes full session recording for audit trails, aligning database access with the existing management of passwords and secrets.

“This is a logical extension of our zero-trust architecture,” stated Darren Guccione, CEO and co-founder of Keeper Security. “Integrating database access into the vault stops the credential sprawl that introduces so much risk across enterprises.” That sprawl is a pervasive issue, with database login details often scattered through config files, developer machines, and various pipelines. When credentials need to be rotated or an incident occurs, finding every instance becomes a major challenge. Traditional database tools worsen the problem by creating isolated credential caches outside any governed system, complicating compliance with standards like SOC 2, HIPAA, and PCI DSS.

KeeperDB consolidates this access under the same zero-knowledge encryption and policy engine used for other privileged credentials. Users never see plaintext passwords, access is granted via role-based policies, and every query session is logged. For teams with established routines, Keeper is also introducing KeeperDB Proxy. This feature lets developers continue using familiar clients such as pgAdmin or DBeaver while routing connections through Keeper’s infrastructure, maintaining policy enforcement and session visibility without disrupting workflows.

This dual approach reflects a pragmatic understanding that mandating tool changes hinders adoption. KeeperDB is part of Keeper’s expanding platform strategy, which now encompasses secrets management, privileged session management, remote browser isolation, and secure remote access via Keeper Connection Manager. The goal is to replace multiple point solutions with a single platform featuring one credential store and one policy engine. For growth, Keeper is targeting the mid-market and channel partners, having recently overhauled its 2026 partner programme with enhanced resources and tiered discounts.

Keeper’s visibility extends beyond the conference, reinforced by its role as the official cybersecurity partner for the Atlassian Williams F1 Team. A global ad campaign launched in March 2026 features driver Alex Albon, drawing a parallel between the real-time data protection vital in Formula 1 and the identity-first security model Keeper advocates. Williams itself uses KeeperPAM to secure passwords, infrastructure secrets, and privileged accounts at its headquarters and trackside during races.

This launch signals a wider industry shift toward identity and access management consolidation. Organizations are increasingly seeking unified platforms to manage passwords, secrets, privileged access, and now databases, reducing both complexity and attack surface. While other PAM vendors like CyberArk, BeyondTrust, and Delinea are on similar paths, Keeper differentiates itself with its zero-knowledge architecture and focus on user experience designed to boost adoption. KeeperDB is available immediately for existing KeeperPAM customers, with the Proxy mode slated for a future release.