vaultterm --platform
One platform for secrets and access
A vault for every secret type, an audited broker for every session, and the team controls to run it safely — five parts that share one audit trail.
Credential vault
One vault for every kind of secret.
Store logins, SSH keys, API keys, environment files and secure notes in a vault organised by type — envelope-encrypted, never plaintext at rest, and built for how engineers actually work.
Learn moreTerminal & SSH broker
Every session brokered and audited.
Connect to any host through an audited access broker. Access is injected just-in-time, decrypted in memory for the authorized session only, and written to a complete audit trail.
Learn moreTeams & JIT access
Share access without losing control.
Shared team vaults with role-based access and just-in-time elevation. Onboard and offboard people in one place, and keep an attributable record of who had access to what, when.
Learn moreBrowser extension
Your vault where you work.
Autofill logins and capture new credentials in Chrome and Firefox with a device-bound unlock. Secrets stay on the broker — nothing sensitive is stored in the extension.
Learn morePrivacy-first AI
Assistance that stays on your network.
AI help for the terminal and vault that defaults to a self-hosted model on your own LAN. Terminal output and secrets never leave your network unless you allow it, and only behind a redaction gate.
Learn morebroker status
It all runs through one audited broker
No standing credentials on laptops. The broker decrypts in memory for an authorized session, then everything is on the record — across every part of the platform.