# Secrets Manager - Store, Manage and Deploy Infrastructure Secrets
Bitwarden Secrets Manager enables developers and DevOps teams to centrally store, manage and deploy secrets at scale. Start a free trial today!
---
BITWARDEN SECRETS MANAGER
## Secure your secrets. Manage AI agent access.
[Start free trial](https://bitwarden.com/go/start-secrets-enterprise-trial/)
[Read the docs](https://bitwarden.com/help/secrets-manager-overview/)
[Pricing](https://bitwarden.com/products/secrets-manager/#pricing)
### Secrets sprawl is a breach waiting to happen
**The problem:** Unmanaged plaintext secrets pose serious security risks.
- Hardcoded credentials in repos
- Shared .env files in Slack or email
- API keys in CI/CD logs
- AI agents requesting broad credential access
These practices expose critical credentials, paving the way for a costly data breach.
## One secure vault for every secret
## Governance without slowing down your developers
For IT teams looking for a complete enterprise solution, Bitwarden helps your business meet development deadlines while staying secure throughout the whole process.
### Audit-ready event logs
Every secret access, user login and administrative change is timestamped and logged. Export to CSV or pipe into your SIEM. Ready for your next audit.
### Role-based access controls
IT controls who can create projects, manage machine accounts and access secrets, ensuring compliance with least-privilege access.
### SSO, SCIM and directory integrations
Connect Secrets Manager to your existing business tech stack. Automatically provision users with SCIM, enforce SSO logins and invite developers via your directory provider.
## Secrets management. Streamlined.
Say goodbye to complex management systems that leave your secrets scattered. The Bitwarden process is easy to configure and deploy.
### Store secrets
Set up a project based on service, initiative or environment. Control who and what can read each project.
### Organise by project
Centralise API keys, DB credentials, SSH keys and certificates in an end-to-end encrypted vault, each assigned to a project.
### Issue machine access
Give each machine or agent its own access token scoped to exactly what it needs.
### Use secrets
Securely deploy secrets within your development workflows, CI/CD pipelines and agent processes.
## Get started in minutes
### SDKs
Software development kits (SDKs) empower your development team to build their own custom integrations and operations.
[Explore the SDKs](https://github.com/bitwarden/sdk-sm)
### Integrations
Quickly build connections between your various machines, tools and ecosystems with out-of-the-box integrations.
[Explore integration docs](https://bitwarden.com/help/ansible-integration/)
### CLI
The Secrets Manager CLI is the primary method for deploying secrets into applications, agent workflows and infrastructure.
[Explore CLI docs](https://bitwarden.com/help/secrets-manager-cli/)
## Unlimited secrets, no matter your size.
Get streamlined secrets management. Pick your plan.
### Teams
*For development teams that need more business capabilities.*
**$6** *per month / per user*
All Free features, plus:
- Unlimited secrets and projects
- Up to 20 machine accounts
- Audit activity with event logs
- Manage access with user groups
[Start Free Trial](https://bitwarden.com/go/start-secrets-teams-trial/)
---
### Enterprise
*SSO, SCIM, self-hosting, and enterprise policies for orgs with compliance requirements.*
**$12** *per month / per user*
All Free and Teams features, plus:
- Up to 50 machine accounts
- Granular access control
- Passwordless SSO integration
- Automate provisioning with SCIM
- Easy account recovery
- Flexibility to self-host
[Start free trial](https://bitwarden.com/go/start-secrets-enterprise-trial/)
[Contact Sales](https://bitwarden.com/contact-sales-secrets-manager/)
---
### Start free, scale later
*For solo developers and small projects*
*per month*
[Sign up now](https://bitwarden.com/go/start-secrets-free/)
---
Pricing shown in USD and based on an annual subscription. Taxes not included.
## Compare Secrets Manager plans and features
| Features | Free | Teams | Enterprise |
| --- | --- | --- | --- |
| Unlimited secret storage
*Store unlimited developer secrets at no additional cost.* | ✓ | ✓ | ✓ |
| Securely share secrets with users
*Securely grant read or write secret access to users across the organisation.* | Up to 2 users | Unlimited users | Unlimited users |
| Machine and AI agent access via machine accounts
*Facilitate programmatic machine and AI agent access to a discrete set of secrets via machine accounts.* | Up to 3 machine accounts | Up to 20 machine accounts, $1 per additional machine account | Up to 50 machine accounts, $1 per additional machine account |
| Organise secrets via projects
*Group relevant secrets together by project to easily assign user and machine access.* | Up to 3 projects | Unlimited projects | Unlimited projects |
| Two-step login
*Add extra security to your login process with two-step login, also known as 2FA or multi-factor authentication.* | Authenticator apps, email | Authenticator apps, email, YubiKey, FIDO2 and Duo | Authenticator apps, email, YubiKey, FIDO2 and Duo |
| Organisation two-step login via Duo
*Enable and enforce organisation-wide two-factor authentication through Duo MFA.* | - | ✓ | ✓ |
| Event and audit logs
*View detailed records of login and organisation actions.* | - | ✓ | ✓ |
| User groups
*Organise users by groups and grant them permissions for specific projects and access controls.* | - | ✓ | ✓ |
| Directory Connector
*Synchronise your directory service with Bitwarden using the standalone Directory Connector application to easily provision users and groups.* | - | ✓ | ✓ |
| SSO Integration
*Integrate with your existing Identity Provider to log in to Bitwarden.* | - | - | ✓ |
| SCIM Support
*Use the SCIM protocol to manage and provision Bitwarden users from your Identity Provider or directory service for easy onboarding and employee succession.* | - | - | ✓ |
| Enterprise policies
*Set organisation-wide controls and additional settings for how Bitwarden is used, with many customisation options.* | - | - | ✓ |
| Account Recovery Administration
*Recover locked-out accounts by having an administrator initiate the account recovery process, which maintains the Bitwarden zero-knowledge encryption policy.* | - | - | ✓ |
| Custom roles
*Assign specific permissions to users, including policies like SSO or Account Recovery.* | - | - | ✓ |
| Priority Support
*24/7 priority email support* | - | - | ✓ |
| Self-host option
*Run the Bitwarden server application on your own network or server.* | - | - | ✓ |
| Pricing
*Based on annual plan* | **Free** [Sign Up Now](https://bitwarden.com/en-gb/go/start-secrets-free/) | **$6/Month/User** [Get Started](https://bitwarden.com/en-gb/go/start-secrets-teams-trial/) | **$12/Month/User** [Get Started](https://bitwarden.com/en-gb/go/start-secrets-enterprise-trial/) |
## Secrets Manager FAQ
### What is a secret?
Secrets refer to digital authentication credentials for sensitive parts of the IT and developer ecosystem. Secrets are sensitive key-value pairs that need to be securely stored and should never be exposed in plain-text code or transmitted over unencrypted channels.
Examples of secrets are:
- SSH keys
- Database passwords
- SSL or TLS certificates
- Private encryption keys
- API keys
- One-time password devices
### What is a machine account?
Machine accounts represent non-human machine users, like applications or deployment pipelines, that require programmatic access to a discrete set of secrets.
### What is a project?
A project is a collection of secrets that can be grouped together based on how you want to structure access by your engineering, DevOps, and cybersecurity teams.
### How does Bitwarden Secrets Manager support agentic AI?
Bitwarden Secrets Manager enables teams to securely provision AI agent access to pre-determined development secrets to use in scripts and CI/CD pipelines. By replacing plaintext API keys and other secrets with Bitwarden generated secret ID strings, you can help prevent AI agents from gaining unauthorized access to credentials and ecosystems.
Learn more about [how to use Bitwarden Secrets Manager to protect environment variables from agent access](https://bitwarden.com/en-gb/blog/secure-ai-agent-access-with-secrets-manager/).
### What is the difference between Bitwarden Secrets Manager and Bitwarden Password Manager?
Bitwarden Secrets Manager is built for developer teams to centrally store, manage, and deploy privileged secrets. Secrets Manager is tailored for infrastructure secrets and is supported only by the web app and the CLI clients. If you are looking to help your employees manage their personal credentials, check out [Bitwarden Password Manager](https://bitwarden.com/en-gb/products/business/).
### Can I use Bitwarden Secrets Manager and Bitwarden Password Manager together?
Yes! Secrets Manager and Password Manager can be used in conjunction to provide even stronger security to your business.
### Can I mix and match Bitwarden Secrets Manager and Bitwarden Password Manager plans?
An organization will have the same plan across any product they are subscribed to. For example, if a customer is subscribed to a Bitwarden Password Manager Enterprise plan and decides to purchase Bitwarden Secrets Manager, they will also be subscribed to the Enterprise plan.
To subscribe to a different Secrets Manager plan than what you are currently subscribed to with Password Manager, simply create a new organization or account and sign up for Secrets Manager following [these steps](https://bitwarden.com/en-gb/help/sign-up-for-secrets-manager/).
### Can Bitwarden Secrets Manager guarantee high availability?
Bitwarden aims for the highest levels of availability. You can learn more about Bitwarden availability in the [Security White Paper](https://bitwarden.com/en-gb/help/bitwarden-security-white-paper/).
In addition, there are multiple secret backup options.
1. **Integrations** - Some integrations, like Bitwarden Secrets Manager Kubernetes Operator, act as a caching layer when secrets are fetched.
2. **SDKs** - Secrets can be cached locally when using an SDK. Caching any information or credentials in a local environment should be done with care and security awareness.
3. **Self-hosting** - Self-hosting Secrets Manager ensures that secrets are available in the event you cannot connect to the Bitwarden cloud.