LiveIntel Vault
Secure key-value secret storage for API keys, database credentials, and tokens. Vault uses zero-knowledge design, bearer token authentication, and built-in brute force protection so your secrets stay yours.
Core Capabilities
Vault is engineered around the principle that the service itself should never be able to read your secrets — even at the infrastructure level.
Key ID–Based Secret Retrieval
Store and retrieve secrets using human-readable key IDs. Namespaced
paths (e.g. prod/db/password) keep secrets organised
and access-controlled at any granularity.
Bearer Token Authentication
Short-lived, scoped bearer tokens are issued per client. Each token specifies which key paths it can read, write, or delete — following the principle of least privilege strictly.
IP Allowlists
Bind bearer tokens to CIDR ranges so that even a leaked token cannot be used from outside your production network. Per-token and per-path allowlists are both supported.
Zero-Knowledge Design
Secrets are encrypted client-side before transmission using your wrapping key. Vault stores only ciphertext — the server can never decrypt your data even with full database access.
Brute Force Detection
Adaptive rate limiting and automatic token lockout after configurable failed-attempt thresholds. Suspicious access patterns trigger real-time alerts and optional IP-level blocks.
Full Audit Logging
Immutable, append-only audit log records every read, write, and delete with timestamp, token ID, source IP, and path. Exportable to your SIEM in real time.
Zero-Knowledge Architecture
How Vault ensures even LiveIntel cannot read your secrets.