Modern Secrets Management: Elevate Access Security Across the Enterprise
In today’s evolving threat landscape, secrets are everywhere—and they’re under constant threat. From API tokens and encryption keys to certificates, passwords, and database credentials, secrets drive the authentication of nearly every digital interaction.
As organizations accelerate their cloud adoption, embrace DevOps, and operate across hybrid environments, managing these secrets securely and efficiently is a priority.
This is why we are delighted to be recognized by Kuppinger Cole across 3 of their Compasses for our modern, integrated solution that that combines Secrets Management with advanced Privileged Access Management (PAM) and Cloud Infrastructure Entitlement Management (CIEM) capabilities.
We have been recognized as a leader across several categories for offering a unified solution that secures human and machine identities, enforces Zero Trust, and eliminates the risks associated with standing credentials.
Why Secrets Matter
Secrets include passwords, API keys, encryption keys, private keys of certificates, tokens, SSH keys, database credentials, and passkeys, all of which are critical for cybersecurity. According to KuppingerCole’s analysis, secrets are often unmanaged, static, and invisible stored in code, hard drives, or unsecured vaults.
These unmanaged secrets pose enormous security risks. Breached secrets can be reused, shared, or exploited by attackers to move laterally, escalate privileges, or access sensitive systems undetected.
SSH Communications Security (SSH) addresses these challenges by deeply embedding secrets protection within the PrivX portfolio. Our modern secrets management capabilities include automated key rotation, policy-based access control, as well as robust compliance and governance features.
PrivX supports integration with CI/CD pipelines and various identity management systems such as SailPoint or Microsoft Entra, as well as offering a microservices architecture which allows for scalability and operational efficiency without downtime.
PrivX comes equipped with a traditional secrets vault and can manage standing keys when necessary, However, KuppingerCole notes that what sets SSH apart is how our PrivX solution supports passwordless and keyless access, integrating with modern authentication methods to eliminate the risks associated with static credentials.
Ephemeral Access with Just-in-Time (JIT) Secret Provisioning
At the heart of our approach is our JIT provisioning engine. Rather than relying on permanent, standing credentials, or secrets, PrivX dynamically issues ephemeral certificates—short-lived tokens that expire automatically after a session or task.
This greatly reduces the attack surface by eliminating long-lived credentials that can be stolen or misused. This means secrets are issued only when needed, scoped to specific tasks, and revoked automatically when the job is complete. Whether users are authenticating to a production server or workloads are granted temporary access to a database, JIT secrets ensure every connection is secure, traceable, and limited by policy.
This model supports both human access (e.g., sysadmins or developers) and machine-to-machine interactions (e.g., services, scripts or containers), aligning with the operational agility of modern organizations while maintaining tight security controls. The “less” model is not only more secure, it isbut also more efficient: a large customer was rotating 12,000 passwords per day which is a huge operational waste when better options are available.
Multi-Cloud Secrets Governance with Cloud Infrastructure Entitlement Management (CIEM) Integration
SSH was also recognized as a leader across several categories in the CIEM Compass. As cloud environments grow more complex, so does the challenge of managing secrets across them. SSH integrates CIEM directly into its secrets engine, enabling visibility into which users, applications, and services are accessing which resources—and how.
SSH supports all major public cloud platforms and therefore enables organizations to enforce least-privilege access, detect over-permissioned accounts, and ensure access is only accessible where explicitly allowed.
The SSH Advantage: Unified, Secure, Future-Ready
SSH enables organizations to transition from static, high-risk credential management to a dynamic, policy-driven Zero Trust model. Whether securing cloud-native applications, remote access, or industrial OT environments, SSH gives you the tools to eliminate standing credentials, streamline operations, and meet modern compliance needs—without compromising flexibility or control.
Read the full report KuppingerCole Secrets Management Leadership Compass 2025 >>>
Jani Virkkula
Currently employed by SSH.COM as Product Marketing Manager, Jani is a mixed-marketing artist with a strong background in operator and cybersecurity businesses. His career path of translator->-tech writer -> marketer allows him to draw inspiration from different sources and gives him a unique perspective on all types...