Platform Capabilities

Every feature your team needs
to trust its secrets.

From zero-knowledge encryption to blockchain-verifiable audit trails — Prodegy Vault is built for teams that can't afford a gap between what was promised and what actually happened.

Core platform

Built for security-first teams

Every feature ships with zero-knowledge encryption as the foundation — there are no settings to misconfigure that would expose plaintext.

Client-side AES-256-GCM Encryption

Your secrets are encrypted in the browser before leaving your device. We store only ciphertext — not even our engineers can read your data.

Zero-knowledge

Blockchain-Anchored Audit Trails

Every access, share, and modification is logged and cryptographically anchored. Prove what happened, to whom, and when — without relying on mutable server logs.

Tamper-evident

Role-Based Access Control (RBAC)

Define who can view, edit, share, or rotate each secret. Granular permission sets let you enforce least-privilege without complex policy files.

Team governance

Automated Secret Rotation

Schedule rotation for API keys, database credentials, and certificates. Rotation history is preserved in the audit log for compliance evidence.

Operations

Just-in-Time Access Requests

Team members request access with context; approvers act inside Prodegy Vault. Approval decisions are logged, time-boxed, and revocable instantly.

Governance

Encrypted Secret Sharing

Share secrets via one-time encrypted links with configurable expiry and view-count limits. Recipients never see the encryption key — only the disclosed value.

Collaboration

Data Loss Prevention (DLP)

Define policy rules that block high-sensitivity secrets from being shared outside approved domains or user groups. Violations are logged and alerted in real time.

Enterprise

Secret Expiry Alerts

Get notified 30, 14, 7, 3, and 1 day before a secret expires. Alert emails are sent via Resend with urgency colour-coding so you never miss a rotation deadline.

Active

2FA Recovery Codes

Locked out of your authenticator? Use a pre-generated recovery code to regain access securely. All recovery events are flagged in the audit log for review.

Authentication

Zero-Knowledge Architecture

We can't read your secrets — and that's the point.

Prodegy Vault uses AES-256-GCM encryption executed entirely in your browser. The plaintext value of a secret never traverses our network.

  • Encryption key derived from your master password — never stored server-side
  • Each secret encrypted with a unique IV to prevent pattern analysis
  • TLS 1.3 in transit protects the ciphertext payload end-to-end
  • Encrypted backups anchored to blockchain for tamper-evident recovery
Read the security architecture →
Vault Encryption Layer
plaintext_secret Client only
AES-256-GCM ⟶ Encrypting
encrypted_ciphertext Stored

Algorithm

AES-256-GCM · PBKDF2 · TLS 1.3

Audit & Compliance

Audit trails your auditor will actually trust.

Every event in Prodegy Vault — from secret access to team member changes — is logged with actor identity, IP address, user agent, and timestamp. Logs are anchored to an immutable blockchain record.

  • Immutable log entries — no admin can edit or delete audit records
  • Export to JSON or CSV for SIEM ingestion and evidence packs
  • Export evidence-oriented reports aligned with ISO 27001, SOC 2, GDPR, and DPDPA programmes (not a substitute for formal certification)
  • Anomaly detection alerts on unusual access patterns
See compliance readiness →
Audit Log — last 4 events

SECRET_ACCESSED

STRIPE_KEY · alice@acme.com · 2m ago

Logged

SECRET_ROTATED

DB_PROD_PASS · system · 1h ago

Logged

DLP_SHARE_BLOCKED

external recipient · 3h ago

Alert

MEMBER_INVITED

bob@acme.com · admin · 1d ago

Pending

AES-256

Client-side encryption standard

99.9%

Uptime SLA on Growth & above

100%

Zero-knowledge on all secret types

TLS 1.3

In-transit encryption standard

Product lines

One platform. Four specialised vaults.

Core secrets management is the foundation. Activate purpose-built modules for legal documents, team credentials, and family estate planning.

Core Vault — Secrets Management

The foundation. Store, rotate, share, and govern API keys, database credentials, certificates, and any structured secret your team depends on.

Start free

Legal Vault — Document Governance

Secure storage and access workflows for NDAs, contracts, IP filings, and evidence packages. Blockchain timestamping for legal admissibility.

Explore Legal Vault

Family Vault — Estate Planning

Protect wills, insurance documents, emergency contacts, and legacy instructions. Grant access to trustees with governed heir inheritance workflows.

Explore Family Vault

Credentials Vault — Team Operations

Shared login credentials, SSH keys, and service account passwords for engineering and ops teams. Full rotation support and RBAC-gated retrieval.

Explore Credentials Vault

Integrations

Works with your existing stack

Import from other managers, push events to your SIEM, or call the REST API directly from your CI/CD pipeline.

🔑

1Password Import

One-click CSV import of existing vaults

Live
🛡

Bitwarden Import

JSON export migration supported

Live
🔒

LastPass Import

CSV export migration supported

Live

REST API

Full programmatic access on Growth+

Live
📡

Webhooks

Push audit events to any endpoint

Live
🔐

Okta / Azure AD SSO

SAML 2.0 and SCIM provisioning

Q2 2026
📊

Splunk / Datadog SIEM

Stream audit events for SOC teams

Q3 2026
🔧

GitHub Actions

Inject secrets into CI/CD pipelines

Q3 2026

See every feature in action

Start with 10 secrets free — no card required. Or talk to sales for an enterprise walk-through tailored to your use case.

Start free