Shared vault
As a reminder, you have access to two types of vault:
- Your personal vault, to which only you have access.
- Shared vaults, enabling secrets to be shared between different people and teams.
On this page, we'll focus on your shareshared vaults.
For simplicity's sake, the screenshots are taken from the web client, but most of the actions described can be performed on mobile or plugin clients.
For more information on personal vault and plug-ins, please consult the following documentations:
Link for the authentication and theauthentication secrets management documentation- Link for personal vault
documentationdocumentation, including authentication and account management - Link for browser plugin documentation
Shared actions with personal vault
Here are links from the personal vault documentation, to other actions you might want to take:
An existing personal item can be cloned or moved to a share vault.
Add attachments to secretsOrganize your vault withfavorites itemsSearch specific secretsGenerate secure links to share text or filesGenerate passwords and identifiersImport or export secrets
Import / Export can also be done through Share Vault Console > Settings > Import/Export data
Generate security reports about your secretsConfigure your account settingsClean up account contentChange master passwordSet language and theme preferencesSet timeout parameters
Manage shared vault
Create shared vaults
You can also create shared vaults from the Shared Vault Console.
After providing the name, the shared vault is created and you are the default Owner.
Access shared vault items
When you are member of a shared vault,vault itsmember, the items for which you have a permission are displayed with your personal items.
Access the Shared Vault Console
If you are adminAdmin or ownerOwner of a shared vault, you can access to the Shared Vault Console using:
From here you can select your shared vault (MyTeam or MyTeamAdmin in the following example):
CreateRename shared vaults
You can also create shared vaults from the Share Vault Console.
After providing the name, the shared vault is created and you are the default Owner.(We'll see the different role later)
Rename
Only the Owners can rename a shared vault.
Members
From here you can click Invite member. Then you have to:
- Select the user or provide his email address (which must already exists on Enterprise Vault)
- Select his role
- Select his collection permissions
Roles & Permissions
- User: can only access to items
- Admin: can access to items, and manage the shared vault through the Shared Vault Console except for the shared vault information (shared vault name, collection management, delete, purge)
- Owner: can access to items, and manage the shared vault through the Shared Vault Console including the shared vault information (shared vault name, collection management, delete, purge)
In combination, members have permissions on selected collections:
- Can view: can view the entire content of the collection's items
- Can view, excepts password: can view the entire content of the collection's items, excepts for the passwords
- Can edit:
- Can create new items
- Can edit the entire content of the collection's items
- Can edit,
remove,exceptsrevolepassword:- Can create new items
- Can edit the entire content of the collection's items, excepts for the passwords
- Can manage:
- Can create new items
- Can edit the entire content of the collection's items
- Can delete the collection's items (Admin and Owner only)
- Can manage the collection's members & permissions (Admin and Owner only)
Only Owner can add new Owners
roleAdmins and Owners can only manage members of collections for which they have Can manage permission
User can't delete item, whatever their permissions are because it's done through the Shared Vault Console
If a User / Owner / Admin create a new collection, he automatically has the Can manage permission
Collection management
- Owners and admins can manage all collections and items: give all permissions (edit, delete, manage members) for all collections to all Owners and Admins.
- Limit collection creation and deletion to owners and admins: prevent users to create collection.
It is an interesting option if you don't have checked the previous one.
Otherwise Users can create collection but can't add member (no access to the Shared Vault Console) and Admins/Owners can't manage members & permissions either (no Can manage permission for the collection).
Purge & Delete
From the Shared Vault Console then Settings and Shared vault info you can delete or purge a shared vault.
Only the Owners can purge or delete a shared vault.
All items and collections are deleted. Members remain untouched.
Manage items
Add / Edit / Delete items
Most of the possible actions are described in the personal vault documentation:
We'll only deal with the specific shared vault features here.
But before, we need to talk about collections. They will have their own dedicated chapter, but it's important to understand what they are when we talk about items.
A collection is the equivalent of a folder. But as well as organizing items, it also carries the notion of user rightspermissions.
When you create a shared vault, there are 2 default collections:
- Default collection, which is present by default but managed with
rights,permissions, like any other collection - Unassigned, which is a collection that cannot be selected in filters and in which all shared vault members have write access. This is where items that don't have a dedicated collection go.
That said, here's a list of the specifics of managing items in a shared vault.
- The actions you can perform depend on your collection permissions.
View items = Can view / Can edit / Can manage
Create & Edit items = Can edit / Can manage
Delete items = Can manage and you can only do this through the Shared Vault Console - When an item exist in a personal vault, it can be moved to a shared vault through Assign to collection (click the 3 dots at the end of the item line).
The item can't be assigned to the Unassigned collection - When an item exist in a personal vault, it can be cloned to a shared vault through OWNERSHIP > Who owns this item?
The Default collection is assigned by default, but if you uncheck it, the item will switch to Unassigned mode - A new item can be created on the shared vault
From your personal vault; you have to change OWNERSHIP > Who owns this item?
From your shared vault; the Default collection is assigned by default
If no collection are selected, the item will switch to Unassigned mode
And voila! everything else is the same.
Search items
Searching for an item in the shared vaults works in the same way as searching for a personal item.
Import / export data
Importing or exporting data to a shared vault works in the same way as for the personal safe.
The only difference is the menu: Shared Vault Console > Settings > Import/Export data
Reports
Reporting on data in a shared safe works in the same way as for the personal safe.
The only difference is the menu: Shared Vault Console > Reports
Manage collections
A collection is the equivalent of a folder. But as well as organizing items, it also carries the notion of user permissions.
When you create a shared vault, there are 2 default collections:
- Default collection, which is present by default but managed with permissions, like any other collection
- Unassigned, which is a collection that cannot be selected in filters and in which all shared vault members have write access. This is where items that don't have a dedicated collection go.
What you can do on a permission depend of your permissions:
- View items = Can view / Can edit / Can manage
- Create & Edit items = Can edit / Can manage
- Delete = Can manage and you can only do this through the Shared Vault Console
- Manage members & permissions = Can manage and you can only do this through the Shared Vault Console
More information on the
Create / Edit / Delete
chainage