Quickstart: open your first session

This walkthrough connects you to a host through VaultTerm’s broker using a secret from your vault. The point of the broker is that the connecting device never holds a standing credential — access is injected just-in-time and the session is recorded. If you have not stored a secret yet, do Quickstart: store your first secret first.

Before you start

• A vault containing the credential the host accepts — a stored SSH key or a password. See Secret types.
• The host’s address, port, and the username you log in as.

Steps

1. Add an SSH connection profile. Create a new connection and fill in:

   • Host — the hostname or address (for example, host.example.com or 192.0.2.10).
   • Port — the SSH port (commonly 22).
   • Username — the account you log in as.
   • Auth method — choose a credential from the vault: a stored SSH key or a password. The secret stays in the vault; the profile only references it.

2. Open a brokered session. Launch the connection. The broker decrypts the referenced secret in memory, authenticates to the host on your behalf, and opens the terminal. See Connecting to hosts.

3. Run a command or open SFTP. Use the session like any terminal — run commands interactively, or switch to SFTP for file transfer over the same brokered connection.

What the broker guarantees

• No standing keys on the device. The credential is never written to your laptop. The broker injects access just-in-time for the session and nothing is left behind afterward — see JIT access.
• The session is recorded and audited. The brokered session is captured and lands in the tamper-evident audit trail, attributable to you. See Session recording and Audit logs.

Where to go next

• Understand the broker in depth in SSH broker overview.
• Manage many hosts and credentials in Connecting to hosts.