Overview

The new Vaults feature is part of the WebApp 6.26 release. It enables organizations to securely manage, share, and control access to sensitive items (such as credentials) across teams and sub-organizations. Vaults are designed to replace or supplement traditional sharing, offering more granular permissions and centralized management.

Best Practices

• Use vaults for organizational or departmental credentials and sensitive data that require centralized control.
• Assign multiple owners to ensure continuity of access and management.
• Move items into vaults rather than sharing individually for better permission management and auditability.
• Regularly review vault membership and permissions to maintain security.

Key Features

Vault Creation & Organization

• Users can create vaults within their organization or for any child organization under their hierarchy.
• Vaults can be shared with individuals or groups from the same or child organizations. 
• Each vault can contain folders and items, and users can organize content as needed. 

Permissions & Roles

• Three main roles: Owner, Editor, and Reader.
  • Owner: Full control, can add/remove users, change permissions, and manage vault content. Multiple owners are supported, but at least one owner is required at all times. Owners cannot change their permissions, only the permissions of others. The creator of the vault is an Owner.
  • Editor: Can add, modify, and delete items, but cannot manage recipients or share the vault. 
  • Reader: Can view items only; cannot modify or share content. 
• Permissions can be changed dynamically, and users can be promoted or demoted between roles. 
• A Vault cannot be shared via Emergency Access.

Moving and Managing Items

• Items can be moved into a vault, which transfers ownership to the vault. Moving is not a copy; the vault and its permissions now manage the item. 
• If a user leaves a vault, they lose access to items in that vault unless they clone the item (if permitted). 
• Editors can move items into vaults; readers cannot clone or move items. 

Visual Indicators

• Items and folders within a vault display a vault icon for easy identification. There is a planned update to ensure all vault items and folders consistently show this icon.
• Shared items from a vault will also display a shared icon.

Sharing and Access

• Items in a vault can be shared externally, even with users outside the vault, with appropriate permissions. 
• Only members of a vault can see and access its contents. Non-members do not see the vault in their interface. 

Import/Export

• Importing items into a vault is supported; exporting is restricted to maintain security and ownership integrity. 
• Owners may have additional import options, but export is not generally available for vaults. 

Backup and Recovery

• Vault backups are planned, with access limited to users in the recovery group of the creating organization. The technical implementation is still being defined. 

Known Issues & Roadmap

• Some UI elements (such as vault icons) may not update immediately when items are moved. 
• A feature to convert existing shares directly into vaults is planned but not yet available. 
• Import into vaults is supported, but export and backup features are still under development.
• There is no Recycle Bin or restoration feature for a vault; once an item is deleted, it is permanent.