Frequently Asked Questions

Prodegy Vault is a security platform for governed secrets and secure data workflows across Prodegy Vault, Legal Vault, Family Vault, and Credentials Vault.

It combines zero-knowledge data protection with blockchain-verifiable audit integrity for confidence in both confidentiality and accountability.

Prodegy Vault uses AES-256-GCM for all secret encryption. All secrets are encrypted end-to-end with keys generated and managed by your infrastructure. We use TLS 1.3 for all data in transit and SHA-256 for integrity verification.

Our Zero-Knowledge Architecture ensures that even Prodegy staff cannot decrypt your secrets. Your encryption keys never leave your infrastructure, giving you complete control over your data.

Yes! Prodegy Vault supports data residency for multiple regions including India, UK, and EU. For enterprise customers, we can support custom regions based on your compliance requirements.

You can choose exactly where your secrets are stored, and we guarantee no cross-border transfers without your explicit consent. This is perfect for organizations with strict data localization requirements.

Prodegy Vault is architecturally ready for SOC 2 Type II and ISO 27001 compliance. We have built all controls and features required by these standards into our platform. Third-party audit and official certification is planned for Q3 2026.

We also support HIPAA, GDPR, DPDPA, and other regulatory requirements through built-in features like audit logs, data residency, role-based access control, and encryption. We undergo regular internal security audits and penetration testing to ensure readiness.

Getting started is easy! You can create a free account with our Starter plan (up to 10 secrets). Just sign up, create your first secret, and start using our REST API.

For teams, we recommend the Consumer plan ($9.99/mo) which includes unlimited secrets, full audit logs, and support for up to 5 users. For enterprises with custom requirements, contact our sales team.

Yes! Prodegy Vault includes automatic secret rotation for all paid plans. You can set rotation schedules (daily, weekly, monthly) and define custom schedules for specific secrets.

When a secret is rotated, we handle the update automatically and notify your applications via webhooks. This ensures your secrets are always fresh and minimizes exposure windows in case of compromise.

Absolutely! Prodegy Vault has a full REST API and direct integrations with popular CI/CD platforms like GitHub Actions, GitLab CI, Jenkins, and CircleCI. You can seamlessly fetch secrets during your build process.

We also support Docker integration, webhook-based automation, and custom integrations for all your existing tools.

With Prodegy Vault's automatic rotation, exposed secrets can be rotated instantly to minimize damage. Our audit logs capture the exact time of exposure, what was exposed, and who had access.

For critical incidents, use our break-glass access mechanism with approval workflows to gain emergency access with complete audit tracking. This ensures you can respond quickly while maintaining security.

SSO (via OIDC/SAML) and SCIM 2.0 provisioning are planned for Q2 2026. These features will allow enterprises to use their existing identity providers for authentication and automatically manage user access.

If you need these features sooner, contact our sales team for custom enterprise arrangements.

We maintain automated daily backups across multiple geographical regions. Our Recovery Time Objective (RTO) is 15 minutes and Recovery Point Objective (RPO) is 1 hour.

We test disaster recovery quarterly to ensure it works. In the unlikely event of a major outage, we can restore your secrets to a secondary region with minimal data loss.

Currently, Prodegy Vault is offered as a managed cloud service with data residency options (India, UK, EU, US). On-premises deployment is available for enterprise customers with custom arrangements.

Contact our sales team if you have specific on-premises requirements or air-gapped network requirements.

Rate limits are configurable per API key and plan. Starter plan: 100 requests/minute. Consumer plan: 1,000 requests/minute. Team and Enterprise: Custom limits. Burst capacity is available for legitimate traffic spikes.

We also provide monitoring dashboards to track your API usage and help optimize performance.

Each organization gets completely separate encryption keys, databases, and processing pipelines. There is no shared infrastructure between customers. Data isolation is enforced at the application, database, and storage layers.

We perform regular penetration testing to verify that cross-tenant data access is impossible.

Average API response time is under 100ms from most regions. We maintain a global CDN for faster data retrieval. Secret retrieval operations are typically the fastest since secrets are cached locally when possible.

Performance depends on: network latency from your location, number of concurrent users, and complexity of your access control policies. Enterprise customers get dedicated optimization support.

Yes! Our approval workflow system supports multi-signature requirements. You can define policies that require 2, 3, or more approvals from different teams before a secret can be accessed or rotated.

This is perfect for highly sensitive production credentials where separation of duties is required.

Prodegy Vault is built specifically for enterprise secrets management with a focus on simplicity and compliance. Key differentiators include:

Zero-Knowledge Architecture: We cannot decrypt your secrets, even with full system access. Your encryption keys stay in your control.

Data Residency: Choose where your secrets are stored (India, UK, EU, US) with no forced cross-border transfers.

Blockchain-Verifiable Audit Logs: Every critical secret event is logged with tamper-evident records and integrity anchoring.

Automatic Rotation: Built-in rotation scheduling with zero-downtime updates and webhook notifications.

Compliance-Ready Architecture: Built to support SOC 2 Type II, ISO 27001, HIPAA, GDPR, and DPDPA requirements. Official certifications planned Q3 2026.

Step 1: Create an API key in your Prodegy Vault dashboard.

Step 2: Install our SDK: npm install @prodegyvault/sdk or pip install prodegyvault

Step 3: Initialize the client with your API key and fetch secrets:

const vault = new ProdegyVault({ apiKey: process.env.VAULT_API_KEY });
const dbPassword = await vault.getSecret('prod/db/password');

Your application will automatically cache secrets and refresh them when rotated. No manual intervention needed!

Yes! Use our vault-agent to sync secrets to environment variables before your app starts. Just run:

vault-agent export --format=env > .env.prod
source .env.prod
npm start

Or use our Docker integration to inject secrets into containers at runtime without storing them in images.

For local development, you can:

Option 1 (Recommended): Use a separate development environment in Prodegy Vault with less stringent access controls. Your local machine can fetch secrets with a development API key.

Option 2: Use .env files for local testing (never commit to git). Keep .env in .gitignore.

Option 3: Use our CLI tool to fetch secrets locally: vault get dev/db/password

We recommend Option 1 for team collaboration—everyone uses the same source of truth for secrets.

Use our GitHub Action to fetch secrets during CI/CD:

- name: Get Prodegy Vault secrets
  uses: prodegyvault/action@v1
  with:
    api-key: ${{ secrets.VAULT_API_KEY }}
    secrets: prod/db/password,prod/api/key

- name: Deploy to production
  run: npm run deploy

Process:
1. Git push triggers workflow
2. GitHub Actions fetches secrets from Prodegy Vault
3. Secrets injected as environment variables
4. Build, test, and deploy with secrets
5. Secrets automatically cleaned up after workflow

Security: Secrets are never logged, stored in artifacts, or committed to git. Each workflow gets fresh secrets from the vault.

Yes! Store entire database connection strings as single secrets. You can also store individual components:

Example PostgreSQL setup:
prod/db/postgres/host = db.example.com
prod/db/postgres/port = 5432
prod/db/postgres/user = appuser
prod/db/postgres/password = (encrypted)
prod/db/postgres/database = production

Your application can fetch all of these and construct the connection string, or we can provide a helper function to build it automatically.

Yes! Set up automatic rotation with our database driver support:

Supported databases: PostgreSQL, MySQL, MongoDB, Redis, Cassandra

Rotation Process:
1. Generate new credentials
2. Update the database user password
3. Update the secret in Prodegy Vault
4. Notify your applications via webhook
5. Old credentials are invalidated after grace period

Zero Downtime Guarantee:
- Applications are notified before old credentials expire
- Grace period allows applications to refresh credentials
- Failed connection attempts trigger immediate credential refresh
- Graceful fallback for applications with local caching

Configure Rotation: Set schedule (daily/weekly/monthly) in your dashboard. Rotation can be customized per secret with different schedules for different credential types.

Prodegy Vault supports granular RBAC with custom roles:

Default Roles:
- Admin: Full access, manage users and roles
- Manager: Read/write/rotate secrets, manage approval workflows
- Developer: Read/use secrets, no rotation/deletion
- Auditor: Read-only access, view audit logs

Custom Roles: Create custom roles with specific permissions for your organization's structure:

- PaymentTeam: Can only access payment-related secrets
- DatabaseAdmins: Full control over database credentials
- InternalAudit: Can view logs but cannot access secrets

Path-Based Scoping: Permissions can be scoped to specific secret paths (e.g., `prod/*`, `staging/db/*`). This allows fine-grained access control per team or project.

Define policies that require approvals before accessing or modifying critical secrets:

Example Policy: Production database passwords require 2 approvals from database admins before access

Workflow Steps:
1. User requests access to a protected secret
2. System reviews policy requirements
3. Approval notification sent to designated approvers
4. Approvers review the request (user, timestamp, IP, reason)
5. Access is granted only after required approvals
6. Full audit trail of who approved what and when

Flexibility: You can set different approval requirements for different operations (read vs. write vs. rotate) and different secret categories.

Prodegy Vault maintains blockchain-verifiable audit logs for every critical secret operation:

Logged Events:
- Secret created/read/updated/deleted
- Secret accessed by application or user
- Access denied attempts
- Secret rotated
- User added/removed
- Approval granted/denied
- Policy changes

Log Details Include: Timestamp, user/API key, action, secret name, result, IP address, user agent

Export logs in JSON/CSV format for compliance reporting. Logs can be streamed to your SIEM (Splunk, DataDog, etc.) in real-time.

Prodegy Vault scales to enterprise size:

Users: Unlimited users with fine-grained access control
Secrets: Unlimited secrets across multiple projects
Teams: Organize users into teams with delegated access management
Organizations: Multi-organization support for holding companies

We support thousands of concurrent API requests and manage millions of secrets across hundreds of organizations. Enterprise customers get dedicated account management and performance optimization.

SSO integration is coming in Q2 2026. We will support:

- Okta (SAML/OIDC)
- Azure AD / Microsoft Entra ID
- Google Workspace
- Generic SAML 2.0
- Generic OpenID Connect (OIDC)

SCIM 2.0 automatic user provisioning will also be available, allowing you to manage Prodegy Vault users directly from your identity provider.

Until SSO is available, you can manage users manually or contact sales for custom enterprise arrangements.

Yes! Prodegy Vault is built for compliance:

Supported Frameworks:
- GDPR (EU) ✓ Ready
- UK GDPR ✓ Ready
- DPDPA (India) ✓ Ready
- HIPAA (US healthcare) ✓ Architecture Ready
- SOC 2 Type II → Certification Q3 2026
- ISO 27001 → Certification Q3 2026

Built-in Compliance Features:
- Encryption at rest (AES-256-GCM)
- Encryption in transit (TLS 1.3)
- Data residency options (India/UK/EU)
- Immutable audit logs
- Multi-signature approvals
- Break-glass access logging
- Automated backups and disaster recovery

Contact our compliance team for detailed compliance documentation and attestations.

Recommended Architecture:

Layer 1 - Identity & Access:
- Okta/Azure AD for user identity (coming Q2 2026)
- Prodegy Vault API keys for applications
- RBAC for team-based access

Layer 2 - Secret Storage:
- Prodegy Vault as centralized secret store
- Data residency in appropriate region (India/UK/EU)
- Multi-region replication for HA (Enterprise only)

Layer 3 - Distribution:
- SDK/API for applications
- CI/CD integration for deployment secrets
- Webhook notifications for secret updates

Layer 4 - Rotation & Lifecycle:
- Automatic rotation schedules
- Zero-downtime updates
- Expired secret cleanup policies

Layer 5 - Monitoring & Compliance:
- Immutable audit logs
- Export to SIEM (Splunk, DataDog)
- Regular access reviews and attestations

Prodegy Vault HA Strategy:

Single Region HA (Default):
- Multi-AZ deployment within region
- Automatic failover between availability zones
- 99.9% uptime SLA
- RTO: 15 minutes, RPO: 1 hour

Multi-Region HA (Enterprise):
- Replicate secrets across regions
- Automatic regional failover
- Supports data residency requirements
- Can maintain consistency across regions

Application-Level Caching:
- Applications cache secrets locally
- Automatic refresh on rotation
- Graceful degradation if vault is temporarily unavailable

Disaster Recovery:
- Daily backups to multiple regions
- Quarterly DR testing
- Documented recovery procedures

Zero-Knowledge Architecture:
- Prodegy cannot decrypt customer secrets
- Encryption keys generated by customer
- Keys never leave customer infrastructure
- Even staff with database access cannot read secrets

Network Security:
- TLS 1.3 for all transit
- IP whitelisting per API key
- VPC endpoint support for private connectivity (Enterprise)
- DDoS protection and rate limiting

API Key Security:
- Rotate API keys regularly
- Use different keys per environment
- Store keys in environment variables, never in code
- Monitor for API key exposure

Application Integration:
- Always use HTTPS
- Implement API key rotation in CI/CD
- Monitor for unauthorized access attempts
- Log all secret access for audit

Migration Approach:

Phase 1 - Planning:
- Identify all secret locations (env vars, config files, existing vaults)
- Categorize secrets by type and sensitivity
- Define naming convention (prod/db/postgres, staging/api/keys)
- Plan rotation schedules

Phase 2 - Setup:
- Create Prodegy Vault projects/namespaces
- Set up teams and RBAC
- Configure approval workflows for sensitive secrets
- Enable audit logging

Phase 3 - Migration:
- Bulk import secrets via API or CLI
- Update applications to read from Prodegy Vault
- Test with staging environment first
- Deploy in rolling waves to production

Phase 4 - Cleanup:
- Disable old secret storage
- Rotate all imported secrets
- Verify all apps use new vault
- Document new secret management process

Absolutely! Prodegy Vault is perfect for personal use. Here's why consumers choose it over traditional password managers:

Personal Use Cases:
- Store passwords for all your personal accounts
- Manage API keys for personal projects
- Secure storage of authentication tokens
- Backup recovery codes and 2FA secrets
- Store credit card info and identity documents

Why Prodegy Vault is better for consumers:
- Zero-Knowledge: We cannot access your passwords—only you control them
- Military-Grade Encryption: AES-256-GCM encryption (same as top competitors)
- Complete Visibility: See every time you or anyone access your secrets
- Multi-Device Access: Seamlessly access from phone, tablet, laptop
- Automatic Backups: Your secrets are always safe with redundant backups
- Free & Affordable: Free for up to 10 secrets, or $4.99/month for unlimited
- No Vendor Lock-in: Export your secrets anytime in standard format

Advanced Features Everyday Users Love:
- Password strength generator with custom requirements
- Organize with tags and categories
- Time-locked access (reveal passwords after 30 minutes)
- Share credentials securely with family members
- Automatic cleanup of old passwords

Prodegy Vault:
✓ Complete zero-knowledge encryption—we cannot see your passwords
✓ Password generator with strength validation
✓ Organize with custom tags and categories
✓ Complete audit log of every access
✓ Multi-device sync (phone, tablet, desktop)
✓ Time-locked access for sensitive passwords
✓ Secure family sharing with permission control
✓ Automatic backups to multiple regions
✓ No ads, no tracking, no data selling
✓ API access for power users
✓ All features work seamlessly for 1 user or 100 users

Why Prodegy Vault is Easier for Everyday Users:
Unlike consumer password managers that treat you as a product, Prodegy Vault puts you in complete control. Your passwords are encrypted on your device before they ever reach us. We literally cannot access them—even if we wanted to. This gives you peace of mind that comes from true zero-knowledge security without any of the complexity.

Plus, as your needs grow—whether you want to share passwords with family, manage business account credentials, or grant access to a team—Prodegy Vault scales with you. One platform for personal passwords, family sharing, and business secrets.

Recommended fit: Prodegy Vault is best suited for team secrets, governed access, auditability, and infrastructure credential workflows.

Prodegy Vault isn't specifically designed for personal file sharing, but you can use it for sharing secrets:

For trusted sharing:
1. Create a Prodegy Vault organization
2. Invite family/friends as team members
3. Create a shared project for common secrets
4. Each person gets their own API key
5. Everyone can access shared secrets with full audit trail

Better alternatives for general file sharing:
- Google Drive (with privacy controls)
- Dropbox
- OneDrive
- Tresorit (encrypted)

For casual personal information sharing, standard cloud storage is easier. Use Prodegy Vault only for sensitive credentials that need access control and audit logging.

Yes! Here's why:

Encryption:
- AES-256-GCM encryption (military-grade)
- Secrets encrypted before leaving your device
- Encryption keys managed by you, not Prodegy
- Even Prodegy staff cannot read your secrets

Privacy:
- No third-party access to your secrets
- No selling of data to advertisers
- Your data stays in the region you choose (India/UK/EU/US)
- GDPR compliant

Security:
- Regular penetration testing
- SOC 2 compliance (certifications Q3 2026)
- ISO 27001 compliance (certifications Q3 2026)
- 99.9% uptime guarantee
- Automated daily backups

Audit Trail:
- Every access is logged
- See who accessed what and when
- Export logs for your records

Your secrets are safer with Prodegy Vault than in spreadsheets, shared documents, or email.

Note: Prodegy Vault doesn't use a traditional "master password" like password managers. Instead:

Authentication Methods:
- Email/password login
- Magic links (coming soon)
- SSO via Okta/Azure AD (coming Q2 2026)
- Multi-factor authentication (MFA)

If you forget your password:
1. Click "Forgot Password" on the login page
2. We send a reset link to your email
3. Set a new password
4. Your secrets remain encrypted and secure
5. You're back in access immediately

Security Note: Because of our Zero-Knowledge Architecture, we never have access to your secrets, even if you reset your password. Your encryption keys are managed separately.