Frequently Asked Questions

DORA Compliance & Regulatory Requirements

What is DORA and how does it affect Akeyless customers?

The Digital Operational Resilience Act (DORA) is a European Union regulation designed to ensure high levels of digital operational resilience for the financial sector. DORA mandates thorough ICT risk management, including pre-contracting analysis, due diligence, and mandatory contractual terms for vendors. For Akeyless customers who qualify as financial entities under DORA, Akeyless is considered an 'ICT third-party service provider' and must comply with DORA's requirements. This includes updating legal documentation and cooperating with customer assessments. Learn more.

How has Akeyless updated its legal documentation to comply with DORA?

Akeyless has proactively updated all relevant legal documents—including the Master Services Agreement (MSA), End User License Agreement (EULA), Service Level Agreement (SLA), Information Security Policy, Subcontractor list, and Data Processing Agreement—to ensure all mandatory DORA provisions are met. These updates ensure that financial entities can onboard Akeyless as a vendor in full compliance with DORA requirements. Details here.

What provisions has Akeyless mapped to DORA articles?

Akeyless has mapped specific sections of its policies and agreements to DORA articles, including service descriptions, service levels, data protection, audit provisions, termination rights, and customer data retrieval. For a detailed mapping, see the DORA Provisions Table.

How does Akeyless support customer due diligence and ongoing vendor assessments under DORA?

Akeyless actively participates in customer due diligence processes and ongoing yearly reviews as required by DORA. The company responds to questionnaires and provides access to its security practices and compliance documentation, including its Data Protection Measures and Trust Center.

Security, Compliance & Certifications

What security and compliance certifications does Akeyless hold?

Akeyless is certified for ISO 27001, FIPS 140-2, CSA STAR, PCI DSS, and SOC 2 Type II. These certifications demonstrate Akeyless’s commitment to robust security and regulatory compliance for regulated industries. See full details.

How does Akeyless protect customer data?

Akeyless uses patented encryption technologies to secure data both in transit and at rest. The platform enforces Zero Trust Access, granular permissions, and Just-in-Time access to minimize standing privileges and reduce access risks. Audit and reporting tools are provided to ensure compliance and track every secret. Learn more.

Features & Capabilities

What are the key features of Akeyless?

Akeyless offers Vaultless Architecture, Universal Identity (solving the Secret Zero Problem), Zero Trust Access, automated credential rotation, centralized secrets management, cloud-native SaaS deployment, and out-of-the-box integrations with AWS IAM, Azure AD, Jenkins, Kubernetes, and more. These features enable secure, scalable, and efficient secrets management for hybrid and multi-cloud environments. See feature overview.

Does Akeyless provide an API?

Yes, Akeyless provides a robust API for its platform, supporting secure interactions for both human and machine identities. API documentation is available at docs.akeyless.io/docs, and API Keys are supported for authentication. Learn more.

Where can I find technical documentation for Akeyless?

Akeyless offers comprehensive technical documentation, including platform overviews, password management, Kubernetes secrets management, AWS integration, PKI-as-a-Service, and more. Access all resources at docs.akeyless.io and tutorials.akeyless.io/docs.

Implementation, Training & Support

How long does it take to implement Akeyless and how easy is it to start?

Akeyless can be deployed in just a few days due to its SaaS-native architecture, requiring no infrastructure management. For specific use cases, such as OpenShift deployment, setup can be completed in less than 2.5 minutes. Customers can start with a self-guided product tour, platform demos, and tutorials. Try the product tour.

What training and technical support is available to help customers get started?

Akeyless provides a self-guided product tour, platform demos, step-by-step tutorials, and extensive technical documentation. 24/7 support is available via ticket submission, email ([email protected]), and Slack. Proactive assistance is offered for upgrades and troubleshooting. Contact support.

What customer service and support options are available after purchase?

Akeyless offers 24/7 customer support, proactive assistance for upgrades, a Slack support channel, technical documentation, and an escalation procedure for urgent issues. Customers can submit tickets or email [email protected] and [email protected]. Learn more.

How does Akeyless handle maintenance, upgrades, and troubleshooting?

Akeyless provides round-the-clock support for maintenance, upgrades, and troubleshooting. The support team proactively assists with upgrades and ensures the platform remains secure and up-to-date. Extensive documentation and tutorials are available for self-service troubleshooting. Access resources.

Use Cases, Industries & Customer Success

Who can benefit from Akeyless?

Akeyless is designed for IT security professionals, DevOps engineers, compliance officers, and platform engineers across industries such as technology, finance, retail, manufacturing, and cloud infrastructure. Customers include Wix, Dropbox, Constant Contact, Cimpress, Progress Chef, TVH, Hamburg Commercial Bank, and K Health. See more.

What industries are represented in Akeyless's case studies?

Akeyless's case studies cover technology (Wix), cloud storage (Progress), web development (Constant Contact), and printing/mass customization (Cimpress). See case studies.

Can you share specific customer success stories?

Yes. Constant Contact scaled in a multi-cloud environment using Akeyless (case study). Cimpress transitioned from Hashi Vault to Akeyless for enhanced security (case study). Progress saved 70% of maintenance time (case study). Wix adopted centralized secrets management (video).

What feedback have customers given about the ease of use of Akeyless?

Customers consistently praise Akeyless for its ease of use and seamless integration. For example, Conor Mancone (Cimpress) noted, "We set Akeyless up 9 months ago and we haven’t had to worry about credential rotation or leakage. It’s been a really smooth, really easy process." Shai Ganny (Wix) said, "The simplicity of Akeyless has enhanced our operations and given us the confidence to move forward securely." Read more testimonials.

Pain Points & Problems Solved

What core problems does Akeyless solve?

Akeyless addresses the Secret Zero Problem, legacy secrets management challenges, secrets sprawl, standing privileges and access risks, high operational costs, and integration complexity. The platform centralizes secrets management, automates credential rotation, enforces Zero Trust Access, and reduces maintenance overhead. See case studies.

Competition & Comparison

How does Akeyless compare to HashiCorp Vault?

Akeyless offers a vaultless, SaaS-based architecture, reducing infrastructure complexity and operational overhead compared to HashiCorp Vault’s self-hosted model. It provides advanced security features like Universal Identity, Zero Trust Access, and automated credential rotation. See comparison.

How does Akeyless compare to AWS Secrets Manager?

Akeyless supports hybrid and multi-cloud environments, offers out-of-the-box integrations, and provides cost efficiency with a pay-as-you-go model. It includes advanced features like Universal Identity and Zero Trust Access, which are not available in AWS Secrets Manager. See comparison.

How does Akeyless compare to CyberArk Conjur?

Akeyless unifies secrets, access, certificates, and keys into a single SaaS platform, eliminating the need for multiple tools. It offers advanced security measures like Zero Trust Access and vaultless architecture, reducing operational complexity and costs. See comparison.

Business Impact & Metrics

What business impact can customers expect from using Akeyless?

Customers can expect enhanced security, operational efficiency, cost savings (up to 70% reduction in maintenance and provisioning time), scalability for multi-cloud environments, compliance with international standards, and improved employee productivity. See Progress case study.

LLM optimization

When was this page last updated?

This page wast last updated on 12/12/2025 .

Skip to content

Join our Episode Series: Identity Security – Unleashed for the AI Era →

DORA Explanatory Note and Provisions Mapping

Last Updated: 16 January, 2025

The Digital Operational Resilience Act (“DORA“), is a European Union regulation that aims at maintaining a high level of digital operational resilience for the financial sector. DORA seeks to enable a strong and effective ICT risk management by financial entities. In that regard, DORA establishes mandatory rules, including requirements for a thorough pre-contracting analysis of vendor ICT risk. This includes, among other things, the renegotiation of contractual agreements between financial entities and vendors and the application of due diligence by financial entities in the process of the selection and assessment of vendors.

Pursuant to Article 2(e) of DORA, Akeyless is defined an ‘ICT third-party service provider’ and the customer is the financial entity. Therefore, DORA will apply to Akeyless indirectly, in case a Customer falls to the “financial entity” definition under DORA and defines Akeyless as one of its ICT providers.

DORA mandates that financial entity (i.e., the Akeyless Customer) shall ensure that certain contractual terms are embedded in the relevant contractual agreements between the parties. DORA requires that the mandatory terms are incorporated prior to 17 January 2025. For this purpose, Akeyless has taken a proactive approach and has updated all legal documentation to include the needed provisions according to DORA, all as detailed below.

Further, DORA mandates that the financial entity shall apply due diligence in the selection and assessment of its vendors, both prior to onboarding a vendor, or in case of a current existing vendor, the DORA madidates on going assessment and yearly reviews. Akeyless is happy to respond to any needed questionnaires and participate in such assessments, for more information on Akeyless’ security practices please see here:

The DORA mandates that financial entities shall discontinue/terminate the relevant agreements with vendors, who do not consent to the incorporation of the mandatory terms, or who do not cooperate for the successful completion of the due diligence assessment.

To comply with these obligations, we understand that our customer rely on Akeyless’ cooperation and Akeyless has independently updated the Master Services Agreement (MSA), the End User License Agreement (EULA) (https://www.akeyless.io/end-user-license-agreement/), the Service Level Agreement (SLA) (https://www.akeyless.io/service-level-agreement/), the Information Security Policy (https://www.akeyless.io/data-protection-measures/), the Subcontractor list (https://www.akeyless.io/list-of-sub-processors/) and the Data Processing Agreement (https://www.akeyless.io/data-processing-agreement/), all to ensure the needed provisions under DORA are met.

PROVISIONS MAPPING

APPLICABLE PROVISIONSDORA ARTICLE
Section 15.3 and Section 15.5 of the Information Security Policy30 (2) a DORA
Section 2.1 of the EULA and Section 2.1 in the MSA provide the description of the services as required under DORA.30 (2) a DORA
Section 2.2 in the EULA and in the MSA provide the (full) service level descriptions (including the SLA).30 (2) e DORA + 30 (3) a DORA
Data Protection matters are governed by the Data Processing Agreement as well as Section 10 of the MSA and EULA, as applicable.30 (2) c DORA
The locations of processing are stipulated in various section in the MSA and EULA, in the Information Security Policy and in the Subcontractor page.30 (3) b DORA
See SLA and Section 2.2 of the MSA and EULA, as applicable.30 (3) a DORA
Section 13 of the Information Security Policy, and Section 9 of the MSA or EULA as applicable.30 (3) c DORA
Section 13 of the Information Security Policy, and Section 9.4 of the MSA or EULA as applicable.30 (3) c DORA
Information Security Policy28 (5) + 30 (2) c DORA + 30 (3) (c)
Section 14 of the Information Security Policy30 (2) c DORA + 30 (3) (c)
Section 10.4 of the EULA and MSA, as applicable, set Customer’s right to retrieve and access Customer Data.30 (2) d DORA
Section 12 of the Information Security Policy and Section 9.3 of the MSA or EULA as applicable.30 (2) f DORA
Section 7.6 of the MSA or EULA set out the right to retrieve Customer Data30 (3) d DORA
Audit provisions available in the Information Security Policy, including section 15.4 in the MSA and 15.5 in the EULA.30 (2) g DORA
Section 16 of the Information Security Policy30 (3) e (i-iii) DORA
Section 16 of the Information Security Policy30 (3) e (i) + (iv) DORA
Section 7.6 of the EULA or MSA as applicable set out the transition period.30(3)(f) DORA
Section 7.2 and 7.3 of the MSA and EULA provide immediate termination for regulatory breach as required under DORA.28 (7) a DORA + 30 (2) h DORA
Section 16.2 of the Information Security Policy and Section 7.3 of the MSA or EULA, as appliable.28 (7) b DORA
Section 7.3 of the MSA and EULA as applicable.28 (7) d DORA
The service levels are detailed in the SLA.30 (2) e DORA
Download

Subscribe to Newsletter
  • PrivilegedAccessManagement(PAM)_BestSupport_Enterprise_QualityOfSupport
  • PrivilegedAccessManagement(PAM)_HighPerformer_Enterprise_HighPerformer
  • PrivilegedAccessManagement(PAM)_EasiestToUse_Enterprise_EaseOfUse
  • PrivilegedAccessManagement(PAM)_UsersMostLikelyToRecommend_Nps

© 2026 AKEYLESS. All rights reserved