Keeper Security has launched Keeper Universal Secrets Sync, a new capability within its KeeperPAM platform that automatically distributes rotated credentials across AWS, Azure and Google Cloud in a single rotation event — closing the gap between stored secrets and what is actually running in production. The feature, announced from Singapore, became available on 4 June and is included in existing KeeperPAM licences.

The launch tackles a problem the company calls secrets drift. For organisations managing credentials across multi-cloud environments, the risk is not only exposure but the silent divergence that occurs when secrets stored in a privileged access management platform fall out of sync with production pipelines. The consequences range from access failures and slower incident response to shadow secrets that carry active privileges no security team can see, govern or revoke.

Automatic distribution across cloud targets

Universal Secrets Sync monitors one or more Keeper Secrets Manager shared folders and pushes their contents to configured cloud targets, including AWS Secrets Manager, Azure Key Vault and Google Cloud Secret Manager. When a secret rotates in KeeperPAM, every connected environment receives the updated credential automatically, with no manual exports, custom integration scripts or post-rotation reconfiguration.

Other capabilities include a Dry Run mode that lets teams preview changes before any secret is distributed, multi-folder sync, a configurable Sync Identity that assigns least-privilege access for sync operations, and automatic error recovery that surfaces missing secrets and permission failures before they go undetected.

Closing a widely acknowledged gap

Keeper cited global research finding that 86 per cent of IT and security leaders agree their organisation would benefit from a PAM solution, yet 46 per cent of those that already have one still struggle to manage privileged access consistently across cloud and hybrid environments.

“Secrets drift is one of the most underappreciated risks in enterprise security programs. Organizations unknowingly leave stale credentials active in downstream cloud environments when distribution is manual. Universal Secrets Sync makes distribution automatic and auditable. Every secret rotation updates to all connected targets simultaneously, with Dry Run mode giving teams full visibility into what will change before anything is written,” said Craig Lurey, CTO and Co-founder of Keeper Security.

The company said the design gives developers two complementary access patterns — fast native retrieval through cloud SDKs where scale matters, and direct Keeper Secrets Manager access where reach and zero-knowledge control matter most. With AI agents proliferating and identity emerging as a defining attack surface, Keeper is pitching the feature to enterprises across APAC as a way to keep machine and human credentials consistent without adding manual overhead.