OverviewWho sees what in VaultSave a credentialReveal, copy, and edit fieldsShare a credentialGenerate a passwordCreate team password patternsReview a person's accessReview and revoke sharingRotate secretsRun an offboardingAudit logTroubleshooting
CONCEPTReference

Who sees what in Vault

Access in Vault follows two rules: a credential is private until it joins a group, and the governance screens are manager-only. This page describes the full model.

Private or shared through groups

  • A credential with no group is Privada (private): only the owner sees it.
  • Adding the credential to a group exposes it to every member of that group — with no per-person exception.
  • There is no person-to-person internal sharing. To give someone access, they need to be in one of the credential's groups. Groups are created and managed in Groups.
  • For a one-off handoff to someone outside, there is the single-use link.

`Criar para outro membro` (Create for another member) transfers ownership

At creation, managers can turn on Criar para outro membro. The credential is born in the selected person's private vault — they become the owner, and you stop seeing the credential (unless it joins one of your groups). This changes the owner; it is not a share.

Manager and user

Every member has a role in Vault, set in the team's member management: manager, user, or no access. The role controls which screens appear in the Vault navigation.

ScreenUserManager
CredentialsYesYes
Password generatorYesYes
AccessNoYes
Audit logNoYes
RotationNoYes
SharingNoYes
OffboardingNoYes
  • Managers can also: create credentials for another member, create and edit Padrões do time (team patterns) in the Password generator, and create access tokens that never expire.
  • Anyone without Vault access doesn't see the app in the side switcher.

Personal teams

In a personal team there are no groups and no internal sharing. All credentials are private, and the Todas (all), Privadas (private), and Compartilhadas (shared) filters don't appear.

What gets recorded

  • Opening a credential records Visualizou (viewed). Revealing or copying a value — even while hidden — records Viu segredo (saw secret).
  • Anyone with access to a credential sees its history in the Histórico (History) tab of the credential panel.
  • The team's full trail lives in the audit log, visible to managers only.

Next

Share a credentialReview a person's accessAudit log