Shared vault

As a reminder, you have access to two types of vault:

• Your personal vault, to which only you have access.
• Shared vaults, enabling secrets to be shared between different people and teams.

On this page, we'll focus on your shared vaults.

For more information on personal vault and plug-ins, please consult the following documentations:

• Link for personal vault documentation, including authentication and account management
• Link for browser plugin documentation

Manage shared vault

Create shared vaults

On the filter menu, you have a button to create a new shared vault:

You can also create shared vaults from the Shared Vault Console.

After providing the name, the shared vault is created and you are the default Owner.

Access shared vault items

When you are a shared vault member, the items for which you have a permission are displayed with your personal items.

Access the Shared Vault Console

If you are Admin or Owner of a shared vault, you can access to the Shared Vault Console using:

• The button at the bottom left of the screen

• The button at the top right of the screen

From here you can select your shared vault (MyTeam or MyTeamAdmin in the following example):

Rename shared vaults

From the Shared Vault Console then Settings and Shared vault info you can rename your shared vault.

Only the Owners can rename a shared vault.

Members

To add a shared vault member, you must have access to the Shared Vault Console then go to Members.

From here you can click Invite member. Then you have to:

• Select the user or provide his email address (which must already exists on Enterprise Vault)
• Select his role
• Select his collection permissions

If you don't know what a collection is, you should start by reading the documentation.

Roles & Permissions

In a shared vault, members can have one of three possible roles:

• User: can only access to items
• Admin: can access to items, and manage the shared vault through the Shared Vault Console except for the shared vault information (shared vault name, collection management, delete, purge)
• Owner: can access to items, and manage the shared vault through the Shared Vault Console including the shared vault information (shared vault name, collection management, delete, purge)

In combination, members have permissions on selected collections:

• Can view: can view the entire content of the collection's items
• Can view, excepts password: can view the entire content of the collection's items, excepts for the passwords
• Can edit:
  • Can create new items
  • Can edit the entire content of the collection's items
• Can edit, excepts password:
  • Can create new items
  • Can edit the entire content of the collection's items, excepts for the passwords
• Can manage:
  • Can create new items
  • Can edit the entire content of the collection's items
  • Can delete the collection's items (Admin and Owner only)
  • Can manage the collection's members & permissions (Admin and Owner only)
  • Can change the collection name
  • Can delete the collection

Only Owner can add new Owners

Admins and Owners can only manage members of collections for which they have Can manage permission

User can't delete item, whatever their permissions are because it's done through the Shared Vault Console

If a User / Owner / Admin create a new collection, he automatically has the Can manage permission

Collection management

Shared vault Owners have additional settings to manage rights in the Shared Vault Console then Settings and Collection management.

• Owners and admins can manage all collections and items: give all permissions (edit, delete, manage members) for all collections to all Owners and Admins.
  
• Limit collection creation and deletion to owners and admins: prevent users to create collection.
  It is a very interesting option.
  Otherwise Users can create collection but can't add member (no access to the Shared Vault Console) and Admins/Owners can't manage members & permissions either (no Can manage permission for the collection).

Purge & Delete

From the Shared Vault Console then Settings and Shared vault info you can delete or purge a shared vault.

Only the Owners can purge or delete a shared vault.

Purge shared vaults

All items and collections are deleted. Members remain untouched.

Delete shared vaults

The shared vault is completely deleted and cannot be restored.

Manage items

Add / Edit / Delete items

Most of the possible actions are described in the personal vault documentation:

• Create login, credit card, identity or note secrets

We'll only deal with the specific shared vault features here.
But first, if you don't know what a collection is, you should read the documentation.

That said, here's a list of the specifics of managing items in a shared vault.

• The actions you can perform depend on your collection permissions.
  View items = Can view / Can edit / Can manage
  Create & Edit items = Can edit / Can manage
  Delete items = Can manage and you can only do this through the Shared Vault Console
  
  
• When an item exist in a personal vault, it can be moved to a shared vault through Assign to collection (click the 3 dots at the end of the item line).
  The item can't be assigned to the Unassigned collection
  
  
• When an item exist in a personal vault, it can be cloned to a shared vault through OWNERSHIP > Who owns this item?
  The default collection will be assigned by default, but if you uncheck it, the item will go to Unassigned collection
  
  
• A new item can be created on the shared vault
  From your personal vault; you have to change OWNERSHIP > Who owns this item?
  From your shared vault; a default collection will be assigned by default
  If no collection are selected, the item will go to Unassigned collection

And voila! everything else is the same.

Search items

Searching for an item in the shared vaults works in the same way as searching for a personal item.

• Search specific secrets documentation

Import / export data

Importing or exporting data to a shared vault works in the same way as for the personal vault.

• Import or export secrets

The only difference is the menu: Shared Vault Console > Settings > Import/Export data

Reports

Reporting on data in a shared vault works in the same way as for the personal vault.

• Generate security reports on your secrets

The only difference is the menu: Shared Vault Console > Reports

Manage collections

A collection is the equivalent of a folder. But as well as organizing items, it also carries the notion of user permissions.
When you create a shared vault, there are 2 default collections:

• Default collection, which is present by default but managed with permissions, like any other collection
  
• Unassigned, which is a collection that cannot be deleted, selected in filters and for which all shared vault members have Can manage permission. This is where items that don't have a dedicated collection go.

What you can do with a collection depends on your permissions:

• View items = Can view / Can edit / Can manage
• Create & Edit items = Can edit / Can manage
• Delete items= Can manage and you can only do this through the Shared Vault Console
• Manage members & permissions = Can manage and you can only do this through the Shared Vault Console
• Edit collection name = Can manage and you can only do this through the Shared Vault Console
• Delete the collection = Can manage and you can only do this through the Shared Vault Console

More information are available on the Members chapter

A collection can be created through the personal vault or through the Shared Vault Console.
You have to define:

• It's name
• The shared vault where the collection will be created (for personal vault creation only)
• If the collection must be created under another collection (nested collection)
• Optionally, permissions for users who are already members of the shared vault for which the collection is created.