Password vault
A password vault is an encrypted digital repository for securely storing credentials — the core of any password manager or privileged access management system. Learn how a vault works, how it differs from a password manager, and why organizations rely on one.
What is a password vault?
A password vault is a digital repository that stores credentials — passwords, keys, tokens, and other secrets — in encrypted form. It is the secure core of a password manager and of privileged access management (PAM) systems: rather than living in browsers, spreadsheets, or people's heads, credentials sit encrypted in one place and are released only to authorized users.
How does a password vault work?
A vault protects credentials at rest and controls their release:
- Encryption — everything inside is encrypted and unreadable without the key.
- Access control — only authorized users or roles can retrieve a given credential.
- Injection — credentials can be delivered into sessions without being shown to the user.
- Auditing — retrievals and changes are logged for accountability.
In strong implementations the vault uses zero-knowledge encryption, so even the provider cannot read its contents.
Password vault vs. password manager
The vault is the encrypted store; the password manager is the full application built around it. A password manager adds the interface, password generation, autofill, sharing, and administrative controls on top of the vault. Put simply, the vault holds the credentials, and the password manager is how people and organizations use them.
Why use a password vault?
A vault removes the risky habits that expose credentials — reuse, sticky notes, shared spreadsheets — by keeping every secret encrypted in one controlled place. Access can be granted by role, credentials can be shared without being exposed, and every retrieval is auditable. It is the foundation on which both password management and privileged access management are built.
Frequently asked questions
What is a password vault?
A password vault is an encrypted digital repository for securely storing credentials such as passwords, keys, and tokens. It is the secure core of password managers and privileged access management systems, holding secrets encrypted in one place and releasing them only to authorized users.
What is the difference between a password vault and a password manager?
The vault is the encrypted store that holds credentials; the password manager is the full application built around it, adding the interface, password generation, autofill, sharing, and administrative controls. The vault holds the credentials; the password manager is how people use them.
Is a password vault encrypted?
Yes. A password vault stores all credentials in encrypted form, unreadable without the key. Strong implementations use zero-knowledge encryption, meaning even the provider cannot read the vault's contents.
A vault built for teams
Store, share, and govern credentials in one secure, encrypted place.
Related terms
Password manager
An application for vaulting, managing, and sharing credentials securely.
Read now →Zero-knowledge encryption
Encryption in which the provider never has access to your unencrypted data.
Read now →Credential injection
Secure input of credentials into a session without revealing them to the user.
Read now →