r/KeeperSecurity

Certificate Lifecycle management
▲ 16 r/KeeperSecurity+3 crossposts

Certificate Lifecycle management

hi Guys,
I appreciate the time if you read all of this.
Certificates are one of those things that only get attention when they break something.

An internal service stops working.

A browser starts throwing trust warnings.

A customer-facing cert expires.

Someone asks where the private key is.

Nobody is quite sure who uploaded it, who can access it, or what else depends on it.

That’s the problem CertLocker is trying to solve.

CertLocker is a certificate and access control platform for teams running real infrastructure. The certificate side is built around visibility, control, and lifecycle management rather than just storing PEM

files somewhere and hoping everyone remembers renewal dates.

What CertLocker supports today:

- certificate inventory with search, paging, sorting, and group filters

- upload and management of PEM/CRT certificates

- optional private key storage with protected read paths

- certificate parsing for domains, SANs, issuer, validity dates, and fingerprints

- expiry tracking, including days-until-expiry visibility

- active, expired, and revoked status handling

- certificate download for authorized users

- certificate deletion for authorized users

- certificate tokens for controlled access workflows

- group-scoped certificate visibility

- role-based permissions for viewing, adding, downloading, and deleting certs

- audit logging around certificate actions

- dashboard visibility for renewable/expiring assets

- ACME workflow support for automated certificate operations

- DNS provider management for certificate automation workflows

The bigger idea is that certificates should not be treated as loose files.

They usually sit next to secrets, hosts, SSH access, bastions, service accounts, deployment scripts, and human operators. CertLocker connects those pieces together so a certificate is a managed asset with

ownership, permissions, expiry, audit history, and controlled access.

We're offering free registration and management here trust.certlocker.io
And we do offer an on-prem model. But you can check out the blog as well I'm pretty active and you can see the problems we are solving https://certlocker.io/blog/

u/SuccessFearless2102 — 2 days ago

Keeper NHI

Hello everyone,

A little feedback for those considering implementing Keeper.

We are a company with 90 employees.

We signed up over three months ago, and this NHI issue didn't exist then. Now that we've switched to PAM configuration, this feature has been introduced in the meantime.

It's ridiculous, outrageously expensive, and we'll likely switch from Keeper to a competitor at the end of our contract.

On the plus side:

- Keeper Password is great, no complaints.

- Excellent support!

reddit.com
u/VLTLF — 5 days ago

Keeper PAM - NHI killed it for us

We switched from Cyberark to Keeper PAM last year. It definitely needed some things but the frequent updates kept making it even better.

Then comes the NHI tiers. We’re just a small fish with 15 PAM users. We ended up falling in the tier 1 category and now our cost has more than DOUBLED MID CONTRACT. Now we owe more money that I have to go explain to executives. This just feels like a bait and switch. It has left such a sour taste.

Then the only way to get this info is from keeper commander apparently or reaching out to our rep. And our rep was so bad at explaining what even is considered an NHI to begin with. You list the cost and amount in the admin console but don’t have an easy place to show it. We aren’t even doing anything crazy, literally rotating some credentials and recorded rbi and rdp sessions.

You all dropped the ball on this hard.

reddit.com
u/Technical_Account — 7 days ago

RFC: Feedback on comparison of password managers

I'm preparing to release a detailed comparison of password managers, and before doing so, I'm interested in getting any official feedback or corrections from a Keeper Security representative. Please contact me and I'll provide a private link to the Google sheet.

u/KeeperCraig, u/Keeper_Security

reddit.com
u/nefarious_bumpps — 7 days ago

Keeper Double user and password entry

When I copy/paste from keeper or use the browser extension, it adds the username twice and it adds the password twice. I have to manually erase the second entry from both fields in order to login.

For example, this is what I see when using keeper.

usernameusername passwordpassword

Just started a few days ago.

Confirmed in chrome and firefox.

reddit.com
u/tdhuck — 12 days ago