Frequently Asked Questions

Is Osvauld free to use?

Osvauld Community edition is free to use under AGPL 3.0, no strings attached.

How does Osvauld reduce cyber security risks?

Osvauld enterprise password manager facilitates secure sharing of credentials, mitigates common security risks such as password reuse and weak passwords, enforces password hygiene, and enhances the visibility of credential access across the team.

Is Osvauld only suitable for big companies?

Osvauld is suitable for both big and small companies alike. It's a good fit if you have a team and want to securely manage access to credentials within the team effectively.

How many people can share their passwords using Osvauld?

Osvauld imposes no limit on the number of users who can share passwords within the system. The platform is designed to accommodate organizations of any size, from small teams to large enterprises, without any restrictions on the user count.

What is the cost of implementing Osvauld into a workplace?

The cost to implement Osvauld in a workplace is limited to the infrastructure expenses associated with hosting it within your company's environment. Due to Osvauld's lightweight architecture and optimized code base, these costs are typically minimal.

How safe is Osvauld as an enterprise password management solution?

Osvauld enterprise password management system has secure storage with multiple levels of encryption. On top of that, it has a two-factor authentication for its users for additional safety.

Can my organization trust Osvauld enterprise password management software?

Yes, your organization can trust Osvauld enterprise password management software as it has robust security features designed to protect sensitive information.

1) Two-Factor Authentication: Osvauld implements two-factor authentication by default, enhancing security significantly. This involves the use of OpenPGP encryption and signing certificates alongside a passphrase. Users must register these certificates with the server, which are then used with a passphrase for secure access.

2) Secure Storage and Use of Certificates: The encryption certificates are securely stored in a local storage. Upon entering the passphrase, these certificates are decrypted but only remain in memory while they are needed and are not stored persistently. This approach minimizes the risk of unauthorized access and exposure.

3) Secure Communication: Osvauld hashes and signs the payload for certain critical requests. These signed hashes are then verified on the backend to ensure the integrity and security of the data transmitted over the network.

4) Client-Side Decryption: All sensitive fields are decrypted exclusively on the client side, ensuring that sensitive data is never exposed in decrypted form outside of the client’s secure environment.

What if the database gets leaked? Is it safe to save all my passwords in one place?

Osvauld employs a zero-knowledge architecture, ensuring robust security for stored passwords. Your sensitive data in Osvauld's database is encrypted using OpenPGP, a widely respected encryption standard. Crucially, the decryption of sensitive data occurs exclusively within the client-side browser extension, never on the server. Osvauld never stores any of the user's cryptographic keys or their derivatives.

Do I need to be connected to the internet to use Osvauld?

Yes, you need internet access to use Osvauld. An active internet connection is required to fetch the encrypted passwords from your self-hosted backend. This ensures that you have access to the most up-to-date version of your passwords stored in the centralized system.

What is a super Admin?

Super admin is the first user ever created in Osvauld. By default, all the shared folders will be shared with the super admin.

Can I share an entire folder with another user?

Yes, folders can be shared with users or groups. Any new credential added to a shared folder automatically inherits the same sharing properties, ensuring all authorized users or groups have access.

How do I revoke permissions to certain users using folders?

Permissions can be adjusted by accessing the 'Access List' option for folders. This list allows you to modify or revoke access rights for specific users or groups.

Can I remove access to a single credential?

Yes, you can remove access to a single credential, If a credential was shared individually, you can adjust its access settings to remove specific users or groups by clicking on the credential details. However, if the folder itself was shared, you cannot selectively remove access to that specific credential without altering the access settings for the entire folder. This is because the credential inherits the sharing properties of the folder.

What are environments?

Environments are a way to organize and manage credentials and settings that developers use in their local development. They are collections of credentials grouped under a single name. This allows developers to invoke an environment-specific command (e.g., osvauld env env_name npm run dev) to inject these credentials into the shell, and when a credential changes they don't have to manage it as it will be automatically synced, thus eliminating the need for .env files.

How do environments help developers with local secrets management?

Environments help by centralizing the management of local credentials used during development workflow, allowing developers to access all necessary configurations under one label. This approach minimizes the risks associated with hard-coded credentials in source code and makes it easier to update credentials without changing multiple configuration files. When a credential is updated in Osvauld, it's automatically reflected in the development processes that rely on that environment.

Can users add a secret to a folder that someone else has created and shared with them?

Users with 'Manage' access to a folder can add secrets to it, even if the folder was created and shared by someone else.

What are the recovery options that Osvauld has?

Osvauld provides two primary recovery options:

1. Users have the option to retrieve their certificates and store them somewhere safe, allowing them to recover their account when logging in from a new browser.

2. For enhanced safety, shared folders are by default accessible to a super admin, who can recover data in case a user's PGP certificates are lost or if they forget their passphrase.

How can I contribute to Osvauld?

You can contribute to Osvauld by joining our community on Discord. We welcome contributions from developers and enthusiasts in improving the project.

What is the difference between Osvauld Community Edition (CE) and Enterprise Edition (EE)?

The main differences between the Osvauld Community Edition (CE) and the Enterprise Edition (EE) are focused on the added functionalities tailored for larger organizations that require more robust security and management features. The Enterprise Edition includes:

1) Audit Logs: Comprehensive logging of all actions and changes within the system crucial for compliance and security audits.

2) Multi-Factor Authentication (MFA): An additional layer of security that requires users to verify their identity using more than one authentication method, thus significantly reducing the risk of unauthorized access.

Is a business password manager scalable for growing organizations?

Yes, business password managers are designed to be scalable and can accommodate the needs of growing organizations.
There is no limit on how many passwords, folders, or persons can use Osvauld.

How do I get started with  Osvauld?

Osvauld is an on-premise first solution, i.e., you need to self-host the Osvauld-backed instance in the cloud provider of your choice. Refer to Osvauld documentation for detailed instructions -

What is an organization? How do I add a user who is already registered with another organization to my Vault?

Each backend will represent an individual organization. Someone who is already registered with another organization does not exist in your organization, and you will not be able to add them to a folder or share credentials with them.

Who can add new users?

When a user is created, the user has the option to make them an admin or a regular user. Only admin users can add new users.

Is it possible to join two teams at the same time?

By using different profiles in Chrome, you can be part of two different teams simultaneously. Keep in mind you have to install and register for each profile separately.

What is the difference between shared vs. private Folders?

Private Folders will not be shared with anyone. It will not be part of your organization's backup. All Shared folders are shared by default with the super admin for recovery purposes.

Why can't I edit Secrets that are shared with me?

If you are assigned read-only access at the time of sharing, you will not be able to edit the credential. You can ask your Manager/Assignee for elevated access.

What happens to new Secrets added to a Folder that has already been shared with other users?

It will automatically get shared with everyone who has access to the folder. The credential inherits the sharing properties of the folder.

Is there a restriction on the number of Secrets stored in Vault?

No, there are no limits.

How to do I revoke access to or unshare Secrets?

Each credential comes with an Access list where you can edit the assigned permission or delete access.

Still have a question?
Contact us. We will be happy to help you!