Skip to main content
Create and manage a vault

This article describes how to create a vault to store and manage your accounts and secrets.

Cerby Team avatar
Written by Cerby Team
Updated over 4 months ago

At Cerby, vaults are protected spaces for storing and managing your account data and sensitive information (secrets). They provide an additional layer of security by implementing encryption and access controls to ensure that only authorized users can access the stored data.

When you join Cerby and create a new workspace, the Cerby platform automatically generates a default cloud vault and its corresponding encryption keys. However, you can create an additional local vault to leverage a Zero Knowledge architecture. The following are the characteristics of each vault strategy:

  • Cloud vault: It means that Cerby stores and manages the encryption keys, and all automation tasks are supported.

  • Local vault: It means that users hold the encryption keys in trusted devices and they are not accessible to Cerby. This vault strategy has limited automation tasks.

For more information about the vault strategy or encryption, read the How Cerby protects your data with cloud and local encryption article.

When creating a vault, you can choose its visibility and if you want it to be the default vault. The visibility options are the following:

  • User visibility: It means that the vault is only accessible to specific users via an access share.

  • Workspace visibility: It means that vault access is automatically shared with all the workspace users.

IMPORTANT: Currently, Cerby only supports vaults with workspace visibility; in a future release, user visibility will be supported.

Selecting a default vault makes it the predetermined vault when adding accounts and secrets. It is also where all the items are stored when transferring them to Cerby via the Password Manager Importer.

After creating a vault, a recovery key is also generated. With this key, you can regain access to encrypted vaults if all the devices with the private keys are lost or unavailable. For more information about recovery keys, read the How to generate and manage the recovery keys for your vault article.

Setting up a trusted device is a requirement for creating a vault, and you ensure that all interactions with the Cerby platform come from authorized devices that meet corporate security standards.

In local vaults, trusted devices are vital because they hold the corresponding encryption and decryption keys to access and decrypt the data of your accounts and secrets stored in your vaults. Also, encryption and decryption operations happen decentralized on such devices. For more information about trusted devices, read the How to set up and manage your trusted devices article.

When you no longer need a vault, you can disable it. With this status, users and teams with shared access to the vault cannot add more items (accounts or secrets). Still, the existing items remain active and accessible to them.

This article describes how to create and manage your vaults.


Requirements

The following are the requirements to create a vault:


Create a new vault

To create a new vault, you must complete the following steps:

  1. Select the Settings option from the left navigation drawer. The Workspace Configuration page is displayed.

  2. Activate the Privacy and Security tab. A table with a list of vaults is displayed in the Vault management section, as shown in Figure 1.

    Screenshot of the Vault management section in the Privacy and security tab. A table with the list of vaults is displayed.

    Figure 1. Table with the list of vaults in the Vault management section of the Privacy and security tab

  3. Click the Create new vault button. The Create new vault dialog box is displayed.

  4. Enter the vault name in the Vault name field.

  5. Select the corresponding vault strategy option from the Strategy drop-down list:

    • Cloud vault

    • Local vault

  6. Select the Set as default vault option if you want to set the new vault as the default when adding an item to Cerby.

  7. Click the Create button. The Store the recovery key dialog box is displayed.

  8. Write down the recovery key.

  9. Select the Yes, I wrote this down option.

  10. Click the Done button. The dialog box closes, a success message box is displayed, and an email message is sent.


Set an existing vault as the default vault

If you want to set an existing vault as the default vault, you must complete the following steps:

  1. Select the Settings option from the left navigation drawer. The Workspace Configuration page is displayed.

  2. Activate the Privacy and Security tab. A table with a list of vaults is displayed in the Vault management section.

  3. Click the More options icon of the corresponding vault. A drop-down list is displayed.

  4. Select the Set as default vault option. A success message box is displayed.


Manage vaults in a workspace

Workspace Owners and Workspace Admins can perform the following management actions on the vaults created in a workspace:

The following sections describe each action.

View the vaults in your workspace

To view the vaults you have created in your workspace, you must complete the following steps:

  1. Select the Settings option from the left navigation drawer. The Workspace Configuration page is displayed.

  2. Activate the Privacy and security tab. A table with a list of vaults is displayed in the Vault management section.

View the details of a vault

To view the details of a vault, you must complete the following steps:

  1. Select the Settings option from the left navigation drawer. The Workspace Configuration page is displayed.

  2. Activate the Privacy and security tab. A table with a list of vaults is displayed in the Vault management section.

  3. Click the Settings icon of the corresponding vault. The vault details page is displayed with the Settings tab activated.
    You can view the values of the following fields:

    • Vault name

    • Strategy

    • Visibility

Initiate a vault recovery

Workspace Admins can generate a recovery key via a trusted device and initiate a vault recovery using an active key.

To initiate a vault recovery, you must complete the following steps:

  1. Select the Settings option from the left navigation drawer. The Workspace Configuration page is displayed.

  2. Activate the Privacy and security tab. A table with a list of vaults is displayed in the Vault management section.

  3. Click the Settings icon of the corresponding vault. The vault details page is displayed with the Settings tab activated.

  4. Click the Recover vault button from the Emergency controls section. The Vault recovery dialog box is displayed.

  5. Enter the recovery key in the Recovery key field.

  6. Click the Recover vault button. The Store your new recovery key dialog box is displayed.

  7. Write down the recovery key.

  8. Select the Yes, I wrote this down option.

  9. Click the Done button. The dialog box closes, a success message box is displayed, and an email message is sent.

Disable a vault

To disable a vault, you must complete the following steps:

  1. Select the Settings option from the left navigation drawer. The Workspace Configuration page is displayed.

  2. Activate the Privacy and security tab. A table with a list of vaults is displayed in the Vault management section.

  3. Click the More options icon of the corresponding vault. A drop-down list is displayed.

  4. Select the Disable vault option from the list. The Disable vault? dialog box is displayed.

  5. Click the Disable vault button. The Confirm your identity to continue dialog box is displayed.

  6. Confirm your identity by using one of Cerby's multi-factor authentication methods. The vault is displayed in the table, with the Disabled status.


View the vaults to which you have shared access

All users can view the vaults to which they have shared access, no matter their workspace role. To do so, you must complete the following steps:

  1. Click your user profile, located at the top right of the Cerby dashboard. A drop-down list is displayed.

  2. Select the My Profile option. The My Profile page is displayed.

  3. Activate the Security tab. A table with a list of vaults is displayed in the Vaults section, as shown in Figure 2.

    Screenshot of the Vaults section in the Security tab of the My profile page. A table with vaults is displayed.

    Figure 2. Vaults section in the Security tab of the My profile page

Did this answer your question?