Skip to content
VaultTerm
Browse docs

Get Started

Credential Vault

Terminal & SSH

Teams & Organizations

Browser Extension

Privacy-First AI

Self-Hosting

Administration

Configuration Reference

Security & Architecture

API & Integrations

Troubleshooting & FAQ

get-started

Quickstart: store your first secret

Sign in to the web app, create a vault, add a typed secret, optionally share it with a team, and reveal it — every reveal is audited.

Updated Jun 23, 2026

This walkthrough takes you from a fresh sign-in to a stored, shareable, revealable secret. It assumes you have access to a VaultTerm web app — either the hosted SaaS or a self-hosted instance. If terms here are unfamiliar, see Core concepts.

Before you start

  • An account in an organization. Individual sign-ups land in a shared default organization; team members are invited into their organization.
  • The web app open in your browser.

Steps

  1. Sign in to the web app. Open the web app and authenticate. You can sign in with a social login or, for an enterprise organization, your configured identity provider.

  2. Create a vault. From the vault area, create a new vault and give it a clear name (for example, “Shared infrastructure”). A vault is the container you grant access to; see Vault overview.

  3. Add a secret and choose its type. Inside the vault, add a new secret and pick the type that matches what you are storing — a login, an SSH key, an API key, an env file, a TOTP seed, a payment card, or a secure note. The type determines the fields you fill in. Fill them and save. The full list is in Secret types.

  4. (Optional) Share it with a team. If others need this secret, share it with a team rather than naming individuals. Team membership requires organization membership, so sharing stays inside your tenant. Rotation and sharing details are in Sharing and rotation.

  5. Reveal the secret. Open the secret and reveal its value when you need it.

A note on revealing

Revealing a secret is a sensitive action, so it is gated and recorded:

  • Reveals are audited. Each reveal lands in the tamper-evident audit trail, attributable to you. See Audit logs.
  • Social-login sessions require a step-up. If you signed in with a social login, the app asks for an additional WebAuthn proof (a step-up / user-verification check) before it will reveal a sensitive value. This binds the reveal to a hardware-backed presence check on top of your session.

Where to go next

All docs · Ask a question