What Is Vault?
The Vault module provides secure password and secret management, powered by Vaultwarden — an open-source, Bitwarden-compatible server. Each organisation in the platform has access to a scoped vault instance where team members can securely store:
- Service account credentials.
- Customer infrastructure passwords.
- API keys and tokens.
- WiFi passwords.
- Secure notes.
- SSH keys and certificates.
Accessing Vault
Click the Vault tile in the left sidebar navigation. You will be redirected to the Vaultwarden web interface at the configured URL, authenticated in the context of your organisation.
Vault Features (via Vaultwarden)
- Items — logins, cards, identities, secure notes.
- Organisations — team vaults shared across members.
- Collections — group items within an organisation vault.
- Send — time-limited encrypted shares of text or files.
- Password Generator — create strong random passwords.
- Browser Extension — auto-fill credentials in any browser.
Vault Share Requests
When a team member needs access to a vault item they don't currently have, they can submit a Vault Share Request:
- Go to Vault → Share Requests.
- Click + New Request.
- Describe what access is needed and why.
- An admin is notified and can approve or reject the request.
- On approval, the admin grants the appropriate Vaultwarden collection access.
Security Notes
- Vault data is encrypted at rest using Vaultwarden's built-in encryption.
- The Vault instance URL is configured at Admin → Settings → Vault.
- Ensure the Vaultwarden instance is accessible only from within your private network or VPN.
- Vault access is audited through Vaultwarden's built-in audit log (accessible to organisation admins within the Vaultwarden interface).
Integration with RMM
When RMM agent installer tokens include credentials for customer infrastructure, those credentials should be stored in the Vault under the relevant customer collection — not in plain text in config files or tickets.