Pricing

Enterprise-grade credential control.
Priced for builders.

Start with secure key storage. Upgrade to runtime injection when you're ready.
Same vault. No rebuild.

7-day free trial on every planCancel anytime during the trial
Builder
$15/mo
For real projects before production.
  • Unlimited secrets
  • Unlimited integrations
  • 3 projects · 3 proxy keys
  • 100K routed calls / mo
  • 30-day audit history
  • Manual rotation · MCP access
Start Builder
7-day free trial · cancel anytime
Best Value
Pro
$25/mo
For production apps handling live credentials.
  • Production runtime isolation
  • Leak detection
  • Guardrails
  • Step-up authentication
  • AI spend caps (workspace · project · runtime · model)
  • Spend anomaly + budget alerts
  • Cost recommendations + forecast
  • Runtime controls (kill switches · rate limits)
  • Advanced rotation (scheduled + auto)
  • Outbound webhooks (Slack / PagerDuty / HTTP)
  • Unlimited integrations
  • Unlimited projects + proxy keys
  • 1M routed calls / mo · 90-day audit
Try Pro free
7-day free trial · cancel anytime
Team
$15/seat/mo
For teams running production together.
  • Everything in Pro
  • Unlimited integrations
  • Team RBAC
  • Shared workspaces
  • Approval flows
  • Chargeback reports (per-team attribution)
  • SIEM forwarder (Splunk · Datadog · S3)
  • 1-year audit retention
  • Priority support
Try Team
Starts at $75/mo (5 seats) · 7-day trial
Enterprise
Custom
Contact sales.
  • SSO / SAML / SCIM
  • Dedicated proxy region
  • Customer-managed KMS
  • SOC 2 package
  • 99.99% SLA
  • Security review support
Contact sales
Annual contract · custom limits
All paid plans include encrypted storage (AES-256-GCM), proxy routing, and unlimited provider integrations. Integrations are never capped — connect every provider you use. Routed call overage is billed at $0.0002/call ($0.20 per 1,000) on Builder, Pro, and Team — fair-use, not punitive.
1 line
Change in your code
0
Raw credentials in your app
0
Redeployments to rotate
60+
Provider integrations
Compare

Feature comparison

FeatureBuilderProTeamEnterprise
Secrets storedUnlimitedUnlimitedUnlimitedUnlimited
IntegrationsUnlimitedUnlimitedUnlimitedUnlimited
Projects3UnlimitedUnlimitedUnlimited
Project proxy keys3UnlimitedUnlimitedUnlimited
Routed API calls / month100K1MUnlimitedCustom
Audit log retention30 days90 days1 yearIndefinite
Encrypted storage (AES-256-GCM)
Proxy routing
MCP access
Operations Executor (in-browser AI agent)5 sessions/moBYOK unlimitedBYOK unlimitedBYOK unlimited
Teachable denials + audit-trail explainer
AI Runtime billing dashboard
Manual rotation
Advanced rotation (scheduled + auto)
Guardrails
Leak detection
Step-up authentication
Production runtime isolation
AI spend caps (workspace/project/runtime/model)
Spend anomaly + budget alerts
Cost recommendations + forecast
Per-model fallback routing
Outbound webhooks (Slack/PagerDuty/HTTP)
Team RBAC
Shared workspaces
Approval flows
Chargeback reports (per-team attribution)
SIEM forwarder (Splunk · Datadog · S3)
SSO / SAML / SCIM
Dedicated proxy region
Customer-managed KMS
SOC 2 package
99.99% SLA
SupportCommunityEmailPriorityPriority + CSM
FAQ

Pricing FAQ

Yes — every plan includes a 7-day free trial, and Stripe holds a card to start the trial. You won't be charged until day 8. Cancel any time during the trial from your account settings and you pay nothing.
When Lockzero proxies an OpenAI or Anthropic request on your behalf — you call /proxy/openai/v1/chat/completions with your Lockzero token, Lockzero injects your real provider key server-side, and forwards to the provider. Each forwarded request counts as one proxy call. Listing secrets, reading metadata, and admin operations are NOT proxy calls and are unmetered.
Builder is for building and testing — real projects before they ship to production. Pro is for production apps handling live credentials. Both plans have unlimited integrations. What Pro adds is runtime safety: leak detection (alert the second a key is exposed), guardrails (block bad calls before they reach your provider), step-up authentication (require re-auth before revealing values), runtime controls, spend caps at workspace / project / runtime / model level with budget + anomaly alerts, cost forecast, and 90-day audit history. Builder is enough to build; Pro is what you need to safely run.
We don't cut you off. Builder, Pro, and Team include generous monthly pools, and overage is billed at fair-use rates ($0.0002/call — that's $0.20 per 1,000 calls). You'll get an email at 80% of your pool so you're never surprised.
SSO/SAML/SCIM, dedicated infrastructure, and SOC 2 reports cluster around a different set of buyer needs (security review, procurement, compliance). Bundling those at the Team tier price would underprice the actual work behind them. If you need SSO, talk to us — we'll get you the right setup.
Yes. Upgrade, downgrade, or cancel at any time from your account settings. Upgrades pro-rate immediately.
Team starts at 5 seats ($75/month). You can add more seats anytime — billing pro-rates. If you're a 1-2 person team that needs RBAC features, Pro handles most of that; Team adds shared workspace controls and per-client attribution.
Model Context Protocol — the standard AI agents like Cursor, Claude Code, and Claude Desktop use to connect to external tools. Lockzero is an MCP server, so any compliant AI can read your secrets, trigger rotations, and run integration tests directly. One-click install from the MCP page.
Yes. Honeypot keys look exactly like real API keys but are flagged in our system. Drop one in a config file or repo. If it's ever called, Lockzero fires a critical alert immediately — the only way it gets called is if your vault has been compromised.
SOC 2 Type II is in progress. NIST 800-171 / CMMC Level 1 alignment is largely in place. For SOC 2 reports, FedRAMP-tailored deployments, or on-prem installs, you want the Enterprise tier.

Start with keys. Ship without them.

Same vault. No rebuild. Upgrade when you're ready.

Start Builder — $15/moTry Pro — $25/mo
7-day free trial on every plan · cancel anytime
Pricing — Lockzero | Lockzero