Secrets management pricing is all over the place. Some tools charge per user, some per secret, some per API call, and some are free until you need enterprise features. We aggregated pricing from 12 tools across official pricing pages and put them side by side.
Here is the short version: a 25-person team could pay anywhere from $0/month (self-hosting HashiCorp Vault) to $525/month (Doppler Team plan). The right answer depends on your infrastructure, your compliance requirements, and how much operational overhead you are willing to absorb.
The four pricing models
Secrets management tools fall into four pricing buckets, and understanding which model you are buying into matters more than the sticker price.
Per-user pricing is the most common model for SaaS tools. You pay a flat rate per team member per month. Keeper Business starts at $3.75/user/month (billed annually), making it the cheapest per-seat option. Bitwarden Teams is $4/user/month. 1Password Business is $7.99/user/month. Infisical charges $18/user/month for their cloud offering. Doppler is the most expensive at $21/user/month for the Team plan.
For a 25-person team, that range looks like this: Keeper at $94/month, Bitwarden at $100/month, 1Password at $200/month, Infisical at $450/month, and Doppler at $525/month.
Usage-based pricing is what the cloud providers use. AWS Secrets Manager charges $0.40 per secret per month plus $0.05 per 10,000 API calls. Azure Key Vault charges $0.03 per 10,000 operations. GCP Secret Manager charges $0.06 per active secret version per month. For small teams with a few dozen secrets, this is extremely cheap, often under $5/month. But costs scale with usage and can become unpredictable at higher volumes.
Open source / self-hosted means the software is free but you manage the infrastructure. HashiCorp Vault and CyberArk Conjur both offer full-featured open source editions. Infisical also offers unlimited self-hosted use at no cost. The trade-off is real: you need compute, storage, high availability setup, and someone who knows how to operate these systems. The free tool can easily cost more than a SaaS product once you factor in engineering time.
Enterprise / custom pricing is the black box. Delinea Secret Server and Akeyless both require contacting sales. If you are evaluating these, budget for a longer procurement cycle and expect annual contracts.
The hidden costs nobody talks about
The license price is only part of the story. Here are the costs that catch teams off guard.
API call charges add up. AWS Secrets Manager charges $0.05 per 10,000 API calls. If you have automated rotation and frequent secret reads across microservices, this can add $50-100/month on top of your storage costs.
Self-hosted infrastructure is not free. Running Vault in production requires at minimum three nodes for high availability, persistent storage, and monitoring. On AWS, that is roughly $200-400/month in compute alone before you count engineering time for upgrades and incident response.
Support tiers cost extra. Most enterprise tools charge separately for premium support. HashiCorp's enterprise support, CyberArk's priority response, and similar tiers can add 20-30% to your annual spend.
Monthly billing premiums are real. Most per-user prices assume annual billing. Monthly billing is typically 20-30% more expensive. If you are not ready to commit annually, factor that into your comparison.
What we recommend by team size
Solo developers and tiny teams (1-3 people): Doppler's free tier covers up to 3 users with unlimited secrets. Hard to beat free. If you are already on AWS, Secrets Manager at a few cents per month is also a no-brainer.
Small teams (5-15 people): Keeper Business at $3.75/user/month or Bitwarden Teams at $4/user/month give you the most value per dollar. If you need more developer-focused features like CLI integrations and environment syncing, 1Password Business at $7.99/user/month is worth the premium.
Mid-size teams (15-50 people): This is where the per-user costs start to sting. At 25 people, Doppler costs $525/month. Consider whether a cloud-native solution (AWS/Azure/GCP) or a self-hosted open source tool makes more financial sense at this scale.
Enterprise (50+ people): Self-hosted Vault or Conjur with an internal platform team, or negotiate enterprise pricing with Doppler/Infisical/1Password. At this scale, the operational complexity of self-hosting is offset by the per-seat savings.
The bottom line
Do not pick a secrets manager based on price alone. The cheapest tool that your team does not actually use is infinitely more expensive than the pricier tool that gets adopted. Developer experience, integration with your existing stack, and operational overhead all matter more than the per-user sticker price.
That said, if you are comparison shopping, our full pricing comparison page has every tool side by side with free tier details, 25-person team costs, and enterprise pricing.