Secrets Hub
Centralized management, visibility and rotation of secrets in AWS Secrets Manager (ASM), Azure Key Vault (AKV), and Google Secret Manager (GSM) — with discovery for HashiCorp Vault.
Do you know where your secret vaults are?
Take this short self-assessment to uncover hidden vault sprawl, understand your risk, and see if you’re ready for a Secrets Scan.
Secure cloud apps
Let developers continue using their existing workflows to access secrets in the built-in (native) secrets stores while giving security teams visibility and all the advantages of CyberArk’s centralized secrets management.
Get started today meeting the needs of security, developers and cloud operations teams building and deploying apps using the cloud providers built-in vaults.
Centrally manage and rotate
Give security visibility, control and rotation of secrets, while enforcing unified policies.
Unchanged developer experience
Let developers continue using the cloud provider’s native secrets stores – just like they do today.
Full discovery
Discover and provide insights on unmanaged and managed vaulted secrets.
CyberArk Named an Overall Leader in the 2025 KuppingerCole Analysts Leadership Compass for Enterprise Secrets Management
Centrally manage and discover secrets in cloud-native vaults without changing the developer’s experience.
Gain all the advantages of centralized secrets management without impacting developer workflows.
Centralized Management and Rotation
Establish centralized control and enforce unified rotation and other policies over secrets using existing security processes and infrastructure.
Unchanged Developer and Ops Experience
Enables developers to continue using AWS Secrets Manager, Azure Key Vault, and Google Secret Manager to access secrets, while security teams gain centralized visibility. With Secrets Hub, security can also discover HashiCorp Vault usage created and managed outside of central governance.
Discovery and
Visibility
Gain insights into secrets across AWS, Azure, and GCP native vaults — and discover HashiCorp Vault instances that may be managed by developers or teams outside central security oversight.
Expandable
and Comprehensive
As an integrated part of CyberArk’s Identity Security Platform – enabling secrets for all application types, human and machine identities to be centrally secured and managed.
Simplicity of SaaS
Simplifies operations and deployment, minimizes need for specialist skills while providing high levels of scalability and availability.
Eliminate vault sprawl across AWS, Azure, and GCP environments — and gain visibility into HashiCorp Vault usage that operates outside of central governance.
“(with) identity security and especially PAM, CyberArk is the key service DZ BANK uses to protect our IT infrastructure. Since integrating CyberArk into our environment, privilege management and security have definitely improved. Fundamentally, it always comes back to having control over privileges and being able to manage secrets.”
Kurt Sand, GM,
Machine Identity Security at CyberArk
Improve application security by meeting developers where they are
Key Considerations for Securing Different Types of Non-human Identities
Explore simplifying centrally securing secrets across cloud, hybrid environments and more.
Explore
related
resources
Request a demo
Discovery and Visibility: See secrets across AWS, Azure, and GCP — and discover HashiCorp Vault instances outside central security oversight.
Centralized Management and Rotation: Manage and rotate secrets consistently across AWS, Azure, and GCP native vaults.
Unchanged Developer Experience: Preserve developer workflows with AWS, Azure, GCP, and HashiCorp Vault while adding centralized visibility.
Reduce vault sprawl: Simplify operations and increase visibility by centrally managing secrets across all major cloud provider native secrets stores and HashiCorp Vault.
