search
Ctrlk
CerbyDeveloper PortalSupport

Vaults

This article describes the benefits of the Vaults feature to ensure the privacy and security of your stored data.

At Cerby, vaults are protected spaces for storing and managing your account data and sensitive information (secrets). They provide an additional layer of security by implementing encryption and access controls, ensuring that only authorized users can access the stored data.

You can create additional local vaults to leverage a Zero-Knowledge architecture. The following are the characteristics of Cerby's vault strategy:

  • Cloud vault: Cerby stores and manages the encryption keys, and all automated tasks are supported.

  • Local vault: Users hold the encryption keys in trusted devices, which are not accessible to Cerby. This vault strategy has limited automated tasks.

When you no longer need a vault, you can disable it. With this status, users and teams with shared access to the vault cannot add more items (accounts or secrets). Still, the existing items remain active and accessible to them.

hashtag
User visibility

When creating a vault, you can choose its visibility and determine whether it should be the default vault. The visibility options are the following:

  • User visibility: The vault is only accessible to specific users via an access share.

  • Workspace visibility: Vault access is automatically shared with all the workspace users.

circle-exclamation

IMPORTANT: Currently, Cerby only supports vaults with workspace visibility; in a future release, user visibility will be supported.

hashtag
Default vault

Selecting a default vault makes it the predetermined vault when adding accounts and secrets to your workspace. It is also where all the items are stored when you migrate them to Cerby from your enterprise password manager (EPM), such as LastPassarrow-up-right and 1Passwordarrow-up-right, via the Password Manager Importer.

hashtag
Recovery key

After creating a vault, you can generate a recovery key. With this key, you can regain access to encrypted vaults if all the devices with the private keys are lost or unavailable. For more information about recovery keys, read the article Generate and manage the recovery keys for your vaultarrow-up-right.

hashtag
Trusted sessions on devices

Setting up a trusted session on a device is a requirement for creating a vault. With this setup, you ensure that all interactions with the Cerby platform come from authorized devices that meet corporate security standards.

In local vaults, trusted sessions on any of your devices are vital because they hold the corresponding encryption and decryption keys to access and decrypt the data of your accounts and secrets stored in your vaults. Also, encryption and decryption operations happen decentralized on such devices.

Last updated

Was this helpful?