Credentials and passwords
- Admin accounts, service accounts, application accounts
- Simplified rotation and revocation
- Full access traceability
✓ Digital sovereignty · Zero cloud · AES-256-GCM · Auditable open source Your critical secrets stay in-house.
Your critical secrets stay in-house.
Without depending on the cloud.
HeelonVault is a French open-source secrets manager. This on-premise Rust vault secures sensitive access, logs every action, and gives you full control without cloud dependency.
Linux available Windows available macOS in progress
Why choose HeelonVault?
Built for demanding teams, not for the mass market. No compromise on sovereignty.
Critical secrets and password management
A clear view for CIO and CISO teams: what you protect, how you govern it, and how you share it safely.
API tokens and integration keys
- CI/CD tokens, webhooks, and third-party integrations
- Encrypted storage and role-based access
- Lower exposure risk in scripts
SSH keys and certificates
- Central inventory for critical keys
- Usage controls and per-environment segmentation
- Stronger compliance and audit readiness
Sensitive documents
- Configuration files, runbooks, and operating procedures
- Encrypted protection and action history
- Access control by team and business need
Team vaults and shared access
Shared vaults per team
Create vaults for Finance, Ops, Infra, SOC, and Projects. Each team accesses only its scope.
Fine-grained roles
Read, write, administration: role-based assignment to prevent excessive privileges.
Controlled offboarding
Immediate, traceable access revocation without service disruption.
Vault and password manager comparison
A factual comparison between spreadsheets, KeePass, SaaS cloud tools, and HeelonVault.
Key point
KeePass is local (therefore non-cloud), but it does not natively cover team governance, actionable audit reporting, and CIO-level oversight.
HeelonVault advantage
HeelonVault combines on-premise deployment, operational auditing, and auditable open-source code (Apache 2.0), with exportable reports for CISO and CIO teams.
| Critere DSI | Excel / fichiers | KeePass (local) | SaaS Cloud | HeelonVault |
|---|---|---|---|---|
| Data sovereignty | Partial | Good | Low | Maximum (on-premise) |
| Actionable audit reporting | No | Limited | Medium (vendor-dependent) | Native + signed PDF report |
| Team governance | High risk | Complex | Correct | Designed for CIO/CISO |
| Source code auditability | Not relevant | Partial | Impossible | Yes (Apache 2.0) |
| Internet dependency | No | No | Yes | No (native offline) |
Pricing
Three clear plans to adopt a secrets and password vault aligned with your maturity.
COMMUNITY
Free- Open-source code (Apache 2.0)
- Centralized secrets management
- Community support (GitHub)
- Manual user updates
Most selected
INSTALLATION PACK
EUR 1,500 excl. tax (fixed)- Initial installation on your server
- OS and network hardening
- Email support within 48 business hours
- Fast production rollout
Need guidance before selecting a plan?
Book 30 minutes: we map your context and recommend the right service level.
Book 30 minCompliance & GDPR
A clear trust framework for DPO, CISO, and compliance leadership teams.
On-premise by default
Your data remains inside your infrastructure.Zero-knowledge architecture
HEELONYS cannot access any customer secret.AES-256-GCM + Argon2id
Advanced protection aligned with market standards.GDPR Art. 25 & 32
Privacy by Design and Security by Default.Let us discuss your project
I will reply within 48h with an initial expert assessment
Why contact us now?
- Free baseline audit
Fast analysis of your current posture vs identified risks
- Compliance roadmap
Clear action plan with figures (ROI, timeline)
- Field expert access
25+ years of experience in critical health and defense systems