VA
Vault
Secrets, credentials, and key management
Search secrets, keys, environments, rotations, policies, and service identities...
ENCRYPTED
ROTATION READY
Secrets platform

Store sensitive values safely and make access explicit.

Vault is the secure layer for credentials, tokens, and keys. It reduces accidental exposure by centralizing storage, permissions, and rotation while keeping audit visibility high.

Secrets stored
1,942
Across products and environments
Keys rotating
84
Scheduled or policy-driven updates
Access checks
28.6k
Daily reads mediated by policy
Risk view

Vault snapshot

Surface stale credentials, risky sharing patterns, and secrets that need rotation before they become incidents.

Rotation dueThree environment keys reach their scheduled rotation window today.
TODAY
Policy cleanNo unexpected broad-read grants on the highest-sensitivity groups.
GOOD
Prism alignedVault access remains linked to the current identity and review model.
SYNC
Secrets
Keys
Policies
Rotation
Audit
Exposure control

Secrets rarely need to be seen

Vault gets stronger when raw secret visibility feels exceptional and most workflows route through usage, policy, and rotation abstractions instead.

LOW VISIBILITYSTRICT
Rotation rhythm

Expiry becomes routine

Key replacement, environment isolation, and recovery planning read more like regular operating hygiene than emergency-only security work.

ROTATIONSCHEDULED
Linked controls

Prism and Vault cooperate

Identity, approvals, and secret usage now feel visibly connected so high-sensitivity actions inherit the same trust boundaries across products.

PRISM-LINKEDREVIEWABLE
Secret inventory
Production API cluster

Core service credentials with restricted read scope and staged rotation plan.

STRICT
Preview env bundle

Temporary keys for safe testing and local-to-preview promotion workflows.

ROTATE
Signing material

Keys used for document trust, provenance, and ledger-backed verification paths.

HIGH
Policies

Least privilege by default

Most users and Roadies should never see raw secret values directly.

Environment isolation

Preview, production, and local keys stay separate to limit blast radius.

Explicit rotation lanes

Every critical secret class gets an owner, cadence, and failure-handling path.