SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Us it security ops room zero trust glass server rack workstation
#
Data Protection
#
Hybrid Cloud
#
PAM

Keeper unveils KeeperDB to tighten database access

Thu, 19th Mar 2026
Author image
By Sean Mitchell, Publisher

Keeper Security has added a database access feature to its privileged access management product, positioning it as a way for organisations to manage database sessions from the same vault used for other privileged credentials and workflows.

The feature, called KeeperDB, sits inside the Keeper Vault as part of KeeperPAM. It provides a database access interface designed around a zero-trust approach with policy controls for access governance.

Database access remains a persistent security concern because administrators and developers often rely on multiple desktop clients, shared credentials and network tunnelling. These practices can reduce oversight, complicate audit trails, and increase the risk of credentials being stored on endpoints or exposed through unmanaged processes.

KeeperDB aims to address this by keeping database connections and session activity within the vault. Access runs under central policies, and the system records activity to support audit and compliance requirements.

Vault-based access

The design centres on launching a database session from a database record stored in the Keeper Vault. Users can connect through either a graphical interface or a command-line interface, depending on their needs.

Initial support includes MySQL, PostgreSQL, Oracle and Microsoft SQL Server-common relational database platforms used across on-premise environments and cloud deployments.

Keeper is positioning the product as a way to reduce credential exposure. Credentials are not revealed to users and are not stored on endpoints. This aligns with broader security approaches that treat credentials and session access as high-risk assets, particularly for engineers and administrators with elevated privileges.

The company also emphasises controls over how users interact with data, including settings such as read-only access and policy-based restrictions on data transfer. These controls are intended to reduce unauthorised copying or extraction of sensitive information from production databases.

Session recording is another focus. KeeperDB supports full visual session recording of database activity with central management in the vault, a capability often used for monitoring, investigation and compliance, particularly in regulated sectors.

Proxy option

Some organisations standardise on specific database clients and may not want to move users to a new interface. Keeper plans to address this with KeeperDB Proxy, which it describes as a way to connect through existing database clients while retaining central policies, credential protection and session visibility.

Keeper says it will share more details on availability alongside upcoming releases of Keeper Gateway and the Keeper Vault. It also plans to officially launch KeeperDB at the RSA Conference 2026.

KeeperPAM sits within a broader category of security products that control access to privileged systems, accounts and workflows. These tools typically apply least-privilege controls, enforce access policies, broker remote sessions, and provide audit logs and recordings.

Database access has become a more visible part of the privileged access debate because production databases often hold large volumes of sensitive information and connect to a wide range of applications. Security teams also face pressure to provide clear evidence of who accessed which systems and what actions they took.

Keeper argues that bringing database sessions into the vault reduces reliance on separate tools and fragmented processes. It also positions the approach as a way to strengthen governance for teams that work with databases daily across development, operations and security.

Keeper Security operates in the identity security and privileged access management market. Its portfolio also includes password management, passkeys, secrets management and remote access controls. The company describes its platform as using zero-knowledge principles, meaning it says it cannot see customer secrets stored in the vault.

Keeper also points to industry recognition for its work in privileged access management, including being recognised in Gartner's Magic Quadrant for Privileged Access Management.

Keeper executives describe KeeperDB as a response to long-standing gaps in how organisations govern database access.

"Database access has historically been one of the most used yet least-governed areas of enterprise security," said Darren Guccione, CEO and Co-founder, Keeper Security. "KeeperDB brings database management into the vault - allowing organizations to apply the same zero-trust controls, visibility and auditing they rely on for privileged access - without introducing new tools, credentials or attack paths."

"Most database access today happens through disparate tools that sit outside security controls," said Craig Lurey, CTO and Co-founder of Keeper Security. "We built KeeperDB so teams can work the way they're used to, but inside a zero-trust environment. It's a simpler, safer way to manage database access that enhances productivity."

Related stories
Anthropic launches Claude Opus 4.7 with stronger coding
CIQ launches Linux compliance platform ahead of deadlines
Your.Cloud acquires Pure Cloud Solutions in UK push
Emerson & OPSWAT strike global reseller deal for OT patching
OVHcloud adds Quandela Belenos quantum computer to platform

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
CERN joins OpenSearch foundation as associate member
OpenAI launches Trusted Access for Cyber with major names