Store, rotate, and audit API keys, certificates, and passwords โ all from one place.
Built for engineering and security teams who can't afford to compromise.
Secrets, passwords, and certificates stored with per-organisation encryption keys. Zero-knowledge at rest.
Schedule credential rotation with configurable policies. Push new values to AWS, Okta, GitHub, and Kubernetes automatically.
Import TLS/SSL certificates or generate RSA/EC key pairs on-demand. Get expiry alerts before they hit production.
Connect Okta, Azure AD, Google Workspace, or any SAML 2.0 IdP โ with JIT provisioning, force-SSO, and custom attribute mapping.
Every access, change, and rotation recorded with who, what, and when. Exportable for compliance reviews.
Approval workflows, access certifications, SOC 2 and ISO 27001 readiness reports, and policy enforcement built in.
Organise secrets into folders with granular RBAC. Grant access to specific teams or individuals without sharing credentials.
Secret health dashboard with real-time anomaly detection and pre-expiry notifications via email, Slack, or webhooks.
TOTP two-factor authentication with backup codes. Emergency break-glass access for admin lockout scenarios.
No hidden fees. Upgrade or downgrade at any time.
Free
For individuals and small teams getting started.
Pro
For teams that need the full platform.
Join teams already trusting VaultHQ with their most sensitive credentials.
Get Started โ it's free