Credential management
built for teams
Securely store and share passwords across your organisation. Fine-grained access control, full audit logging, and end-to-end envelope encryption — all in one place.
Everything you need
Envelope encryption
Each credential is encrypted with its own unique DEK. DEKs are encrypted with your master key — passwords are never stored in plaintext.
Mandatory 2FA
Every account requires TOTP two-factor authentication. There is no opt-out — security is enforced, not optional.
Multi-tenant organisations
Group credentials by organisation and grant per-user read or write access. Clients only ever see what they're supposed to.
Role-based access
Admins manage organisations, users, and all credentials. Clients get a clean portal view limited to their assigned organisations.
Full audit log
Every create, update, delete, and credential view is logged with the user, timestamp, and IP address. Nothing goes unrecorded.
Secure password generator
Generate cryptographically secure passwords of any length with configurable character sets, directly in the credential form.
Security at every layer
Every credential is encrypted with a unique key using AES-256-GCM envelope encryption. Master keys never touch the database. Two-factor authentication is mandatory for all accounts, and every action is written to an immutable audit log.