Troubleshoot Vault

Cause: share links are single-use — the first access invalidates the link. URL previews in chat apps may have consumed the link before the recipient, and reloading the page counts as a new access.

• Generate a new link on the credential: ⋯ menu → Compartilhar (share) → Gerar link (generate link). See Share a credential.
• Send the new link through a channel that doesn't generate URL previews and tell the person to copy the values on the first visit.
• If you suspect someone else opened the link, check the Acesso por link (link access) event in the audit log and rotate the secret.

Cause: the credential isn't a Login or its URL doesn't match the open site. The extension only fills Login credentials whose URL matches the tab.

• Confirm the credential's type is Login.
• Check the credential's URL and, for extra domains of the same service, add URLs alternativas (alternative URLs) in the credential panel.
• See Troubleshoot the extension for the remaining cases.

Cause: the credential is someone else's private credential, or it is in a group you're not part of. You only see what is yours or what is in your groups.

• Ask whoever created it to add the credential to a group you belong to — see Who sees what in Vault.
• Managers can check who reaches what in Sharing or on the Access screen.

Cause: the scope filters only appear in organization teams that have at least one shared credential. In a personal team, or while nothing has been shared, the list shows only your private credentials.

• Share a credential with a group — the filters come back.
• In a personal team there are no groups and no filters; this is the expected behavior.

Cause: the URL field requires the full address, with the protocol. "exemplo.com" doesn't pass validation.

• Include the protocol: https://exemplo.com.

Cause: bulk editing through the .env view replaces the entire set of fields — any key missing from the saved text is removed. The Confirmar alterações (confirm changes) dialog shows those removals as - lines before saving.

• Recreate the removed fields with Adicionar campo (add field), using the values from the source system.
• On the next bulk edit, review the - lines in the diff before clicking Salvar alterações (save changes). See Reveal, copy, and edit fields.

Cause: Desativar (deactivate) removes the credential from the list, and there is no trash bin or reactivation in the interface.

• Create the credential again with the values from the source system.
• If the value is lost, generate a new secret in the source system and register it — in practice, a rotation.

Cause: the secret isn't in an Env credential, or the CLI isn't connected to the vault. The CLI injects environment variables from Env credentials.

• Store the variables in an Env credential, as KEY=value, one per line.
• Confirm you can open the credential in Credentials — the CLI reaches the same as your account.
• Confirm the CLI connection in Access tokens.

Cause: an access token's value is displayed a single time, at creation. If you close the dialog without copying, you can't see it again.

• Create a new token and revoke the old one in Access tokens.

Cause: those screens are exclusive to Vault managers. For the other roles, they don't appear in the navigation.

• Ask a team administrator to adjust your Vault role in Manage members.
• See the role table in Who sees what in Vault.

Cause: the audit log export has a row cap, and the current filters return too many events.

• Apply Por usuário (by user) or Ações (actions) to reduce the result and export in parts. See Audit log.