An EU-native secrets manager and vault
Built and hosted in the European Union by a Danish team, and tied to no single cloud. Your secrets stay under EU jurisdiction while your infrastructure keeps the freedom to run wherever it needs to.
SikkerKey is a secrets manager and vault for the credentials your applications and infrastructure run on: database URLs, API keys, signing keys, the values that should never sit in a repository or a plaintext file. Two things set it apart. The first is how machines reach those secrets: they authenticate by signing each request with a key that never leaves the host, so there is no token to copy or leak. The second is jurisdiction. The vault, your secrets, and the full audit trail stay in the European Union, under EU law, operated from Denmark. For teams that would rather their most sensitive data not live inside a platform owned and governed outside the EU, SikkerKey is the European alternative.
It is also independent of any single cloud. Your machines can run on any provider, on your own servers, or across several at once, and they all reach SikkerKey the same way. The vault is not a feature of the platform you happen to use. It is yours, and it stays where you put it.
SikkerKey is not the team's first piece of security infrastructure. It grew out of SikkerAPI, a threat-intelligence service that ran a global network of honeypots and collected what they recorded. The machines in that network authenticated by signing each request with a key kept on the host, rather than carrying a token anyone who intercepted it could reuse. SikkerKey uses the same approach for machine access. The cryptography is standard and well understood. What we bring to it is the experience of having run it in production, at scale, for years.
A secrets manager that stays where you put it, answers to the people who use it, and never becomes a job of its own to operate.