Osvauld Community edition is free to use under AGPL 3.0, no strings attached.
Osvauld enterprise password manager facilitates secure sharing of credentials, mitigates common security risks such as password reuse and weak passwords, enforces password hygiene, and enhances the visibility of credential access across the team.
Osvauld is suitable for both big and small companies alike. It's a good fit if you have a team and want to securely manage access to credentials within the team effectively.
Osvauld imposes no limit on the number of users who can share passwords within the system. The platform is designed to accommodate organizations of any size, from small teams to large enterprises, without any restrictions on the user count.
The cost to implement Osvauld in a workplace is limited to the infrastructure expenses associated with hosting it within your company's environment. Due to Osvauld's lightweight architecture and optimized code base, these costs are typically minimal.
Osvauld enterprise password management system has secure storage with multiple levels of encryption. On top of that, it has a two-factor authentication for its users for additional safety.
Yes, your organization can trust Osvauld enterprise password management software as it has robust security features designed to protect sensitive information.
1) Two-Factor Authentication: Osvauld implements two-factor authentication by default, enhancing security significantly. This involves the use of OpenPGP encryption and signing certificates alongside a passphrase. Users must register these certificates with the server, which are then used with a passphrase for secure access.
2) Secure Storage and Use of Certificates: The encryption certificates are securely stored in a local storage. Upon entering the passphrase, these certificates are decrypted but only remain in memory while they are needed and are not stored persistently. This approach minimizes the risk of unauthorized access and exposure.
3) Secure Communication: Osvauld hashes and signs the payload for certain critical requests. These signed hashes are then verified on the backend to ensure the integrity and security of the data transmitted over the network.
4) Client-Side Decryption: All sensitive fields are decrypted exclusively on the client side, ensuring that sensitive data is never exposed in decrypted form outside of the client’s secure environment.
Osvauld employs a zero-knowledge architecture, ensuring robust security for stored passwords. Your sensitive data in Osvauld's database is encrypted using OpenPGP, a widely respected encryption standard. Crucially, the decryption of sensitive data occurs exclusively within the client-side browser extension, never on the server. Osvauld never stores any of the user's cryptographic keys or their derivatives.
Yes, you need internet access to use Osvauld. An active internet connection is required to fetch the encrypted passwords from your self-hosted backend. This ensures that you have access to the most up-to-date version of your passwords stored in the centralized system.
Super admin is the first user ever created in Osvauld. By default, all the shared folders will be shared with the super admin.
Yes, folders can be shared with users or groups. Any new credential added to a shared folder automatically inherits the same sharing properties, ensuring all authorized users or groups have access.
Permissions can be adjusted by accessing the 'Access List' option for folders. This list allows you to modify or revoke access rights for specific users or groups.
Yes, you can remove access to a single credential, If a credential was shared individually, you can adjust its access settings to remove specific users or groups by clicking on the credential details. However, if the folder itself was shared, you cannot selectively remove access to that specific credential without altering the access settings for the entire folder. This is because the credential inherits the sharing properties of the folder.
Environments are a way to organize and manage credentials and settings that developers use in their local development. They are collections of credentials grouped under a single name. This allows developers to invoke an environment-specific command (e.g., osvauld env env_name npm run dev) to inject these credentials into the shell, and when a credential changes they don't have to manage it as it will be automatically synced, thus eliminating the need for .env files.
Environments help by centralizing the management of local credentials used during development workflow, allowing developers to access all necessary configurations under one label. This approach minimizes the risks associated with hard-coded credentials in source code and makes it easier to update credentials without changing multiple configuration files. When a credential is updated in Osvauld, it's automatically reflected in the development processes that rely on that environment.
Users with 'Manage' access to a folder can add secrets to it, even if the folder was created and shared by someone else.
Osvauld provides two primary recovery options:
1. Users have the option to retrieve their certificates and store them somewhere safe, allowing them to recover their account when logging in from a new browser.
2. For enhanced safety, shared folders are by default accessible to a super admin, who can recover data in case a user's PGP certificates are lost or if they forget their passphrase.
You can contribute to Osvauld by joining our community on Discord. We welcome contributions from developers and enthusiasts in improving the project.
The main differences between the Osvauld Community Edition (CE) and the Enterprise Edition (EE) are focused on the added functionalities tailored for larger organizations that require more robust security and management features. The Enterprise Edition includes:
1) Audit Logs: Comprehensive logging of all actions and changes within the system crucial for compliance and security audits.
2) Multi-Factor Authentication (MFA): An additional layer of security that requires users to verify their identity using more than one authentication method, thus significantly reducing the risk of unauthorized access.
Yes, business password managers are designed to be scalable and can accommodate the needs of growing organizations.
There is no limit on how many passwords, folders, or persons can use Osvauld.
Osvauld is an on-premise first solution, i.e., you need to self-host the Osvauld-backed instance in the cloud provider of your choice. Refer to Osvauld documentation for detailed instructions - https://docs.osvauld.com/installation/setting-up-osvauld/
Each backend will represent an individual organization. Someone who is already registered with another organization does not exist in your organization, and you will not be able to add them to a folder or share credentials with them.
When a user is created, the user has the option to make them an admin or a regular user. Only admin users can add new users.
By using different profiles in Chrome, you can be part of two different teams simultaneously. Keep in mind you have to install and register for each profile separately.
Private Folders will not be shared with anyone. It will not be part of your organization's backup. All Shared folders are shared by default with the super admin for recovery purposes.
If you are assigned read-only access at the time of sharing, you will not be able to edit the credential. You can ask your Manager/Assignee for elevated access.
It will automatically get shared with everyone who has access to the folder. The credential inherits the sharing properties of the folder.
No, there are no limits.
Each credential comes with an Access list where you can edit the assigned permission or delete access.