Password Vault Structure

The logical structure of Password Vault is based on secrets and collections.

Secrets

A secret is an individual credential or confidential data object stored in encrypted form.

Supported secret types include:

• Password

• SSH key (RSA, ECDSA, Ed25519)

• X.509 certificate

• API key / token

• Encryption key

• Note

Each secret maintains immutable change history and supports access tracking.

Note

Availability of specific secret types depends on your license.

Collections

Collections provide hierarchical organization of secrets. They allow grouping of related credentials based on business logic, departments, systems, or environments.

Characteristics:

• Tree-based structure

• Maximum nesting depth: 5 levels

• Permission inheritance model

• Separate permission scope per collection

Collections are the primary boundary for access control enforcement.

Vault Scopes

Password Vault operates in two logical scopes:

• Personal Vault – individual user-managed secrets

• Organization Vault – centrally managed enterprise secrets