From zero-knowledge encryption to blockchain-verifiable audit trails — Prodegy Vault is built for teams that can't afford a gap between what was promised and what actually happened.
Core platform
Every feature ships with zero-knowledge encryption as the foundation — there are no settings to misconfigure that would expose plaintext.
Your secrets are encrypted in the browser before leaving your device. We store only ciphertext — not even our engineers can read your data.
Zero-knowledgeEvery access, share, and modification is logged and cryptographically anchored. Prove what happened, to whom, and when — without relying on mutable server logs.
Tamper-evidentDefine who can view, edit, share, or rotate each secret. Granular permission sets let you enforce least-privilege without complex policy files.
Team governanceSchedule rotation for API keys, database credentials, and certificates. Rotation history is preserved in the audit log for compliance evidence.
OperationsTeam members request access with context; approvers act inside Prodegy Vault. Approval decisions are logged, time-boxed, and revocable instantly.
GovernanceShare secrets via one-time encrypted links with configurable expiry and view-count limits. Recipients never see the encryption key — only the disclosed value.
CollaborationDefine policy rules that block high-sensitivity secrets from being shared outside approved domains or user groups. Violations are logged and alerted in real time.
EnterpriseGet notified 30, 14, 7, 3, and 1 day before a secret expires. Alert emails are sent via Resend with urgency colour-coding so you never miss a rotation deadline.
ActiveLocked out of your authenticator? Use a pre-generated recovery code to regain access securely. All recovery events are flagged in the audit log for review.
AuthenticationZero-Knowledge Architecture
Prodegy Vault uses AES-256-GCM encryption executed entirely in your browser. The plaintext value of a secret never traverses our network.
Algorithm
AES-256-GCM · PBKDF2 · TLS 1.3
Audit & Compliance
Every event in Prodegy Vault — from secret access to team member changes — is logged with actor identity, IP address, user agent, and timestamp. Logs are anchored to an immutable blockchain record.
SECRET_ACCESSED
STRIPE_KEY · alice@acme.com · 2m ago
SECRET_ROTATED
DB_PROD_PASS · system · 1h ago
DLP_SHARE_BLOCKED
external recipient · 3h ago
MEMBER_INVITED
bob@acme.com · admin · 1d ago
AES-256
Client-side encryption standard
99.9%
Uptime SLA on Growth & above
100%
Zero-knowledge on all secret types
TLS 1.3
In-transit encryption standard
Product lines
Core secrets management is the foundation. Activate purpose-built modules for legal documents, team credentials, and family estate planning.
The foundation. Store, rotate, share, and govern API keys, database credentials, certificates, and any structured secret your team depends on.
Start freeSecure storage and access workflows for NDAs, contracts, IP filings, and evidence packages. Blockchain timestamping for legal admissibility.
Explore Legal VaultProtect wills, insurance documents, emergency contacts, and legacy instructions. Grant access to trustees with governed heir inheritance workflows.
Explore Family VaultShared login credentials, SSH keys, and service account passwords for engineering and ops teams. Full rotation support and RBAC-gated retrieval.
Explore Credentials VaultIntegrations
Import from other managers, push events to your SIEM, or call the REST API directly from your CI/CD pipeline.
One-click CSV import of existing vaults
LiveJSON export migration supported
LiveCSV export migration supported
LiveFull programmatic access on Growth+
LivePush audit events to any endpoint
LiveSAML 2.0 and SCIM provisioning
Q2 2026Stream audit events for SOC teams
Q3 2026Inject secrets into CI/CD pipelines
Q3 2026Start with 10 secrets free — no card required. Or talk to sales for an enterprise walk-through tailored to your use case.