A Keeper alternative inside your platform
Keeper is a solid standalone vault — one more vendor and bill. Avoryx includes a zero-knowledge credential manager with per-record envelope encryption and an opt-in KMS path for CI, so secrets live in the same platform as your ops.
Why move off Keeper to Avoryx.
Per-record envelope encryption
Each record has its own AES-256 data key wrapped per recipient, so sharing is a single key-wrap — not a re-encryption of the record.
You own recovery
A downloadable recovery key, wrapped separately from your master password — account recovery without a vendor escrow.
One platform, not another vendor
The vault is included with the Enterprise plan, on the same seat as your boards, source, helpdesk and CRM.
Everything Keeper does — and the rest of the business.
Avoryx isn't a point tool. It replaces Keeper and folds it into one platform with one login and one audit trail.
- Zero-knowledge, client-side encryption (server holds only ciphertext)
- Adaptive Argon2id and a two-mode strength meter + HIBP breach check
- Time-bound public share links (≤24h, ≤50 views, all probes logged)
- An opt-in KMS path for CI with peppered, IP-allowlisted tokens
Common questions
For teams that want their credential manager inside their ops platform, Avoryx's Vault is a strong option — zero-knowledge with per-record envelope encryption, a recovery key you own and time-bound share links, included in Enterprise.
See it on your real numbers.
15 minutes, your stack, your per-seat math — and how Keeper folds into one platform.