Skip to content
VaultTerm
VaultTerm

Why VaultTerm is an audited access broker, not zero-knowledge

Zero-knowledge sounds reassuring, but it quietly rules out the access controls teams actually need. Here's the model VaultTerm chose instead, and why we say so plainly.

Plenty of secret managers lead with the phrase “zero-knowledge.” It’s a good marketing word: it implies the server can never see your data, so you never have to trust it. The trouble is that a strict zero-knowledge design also rules out the things teams ask a secrets-and-access platform to do — broker an SSH session, inject a credential just-in-time, scan command output for an exposed key, run server-side automation against a vault. All of those need the plaintext, in memory, at the moment of use.

So VaultTerm made a different, deliberate choice, and we describe it honestly.

The model

VaultTerm is an audited access broker. Concretely:

  • Envelope encryption throughout. Every secret is sealed with a data key that is itself wrapped by a higher key. Keys are never stored beside the data they protect.
  • No plaintext at rest. The server only ever decrypts a secret in memory, for a specific authorized action, and discards it afterwards.
  • Every access is on the record. Reads and brokered sessions land in a tamper-evident audit trail, so access is always attributable after the fact.

That last point is the one a zero-knowledge design can’t offer: if the server genuinely can’t see anything, it also can’t broker an audited SSH session or catch a leaked credential in your terminal output. We’d rather give security teams a real audit trail than a guarantee we’d have to break the first time someone needs just-in-time access.

Why we say it out loud

Calling our model what it is costs us a buzzword and earns us a straight conversation with the people who actually review security architecture. When a security engineer asks “can your server see my secrets?”, the honest answer is: yes, in memory, for an authorized and audited action, and never as plaintext at rest. That answer holds up under review. “Zero-knowledge” usually doesn’t, once the same engineer asks how the SSH broker works.

If you want the full picture — envelope encryption, the broker flow, privacy-first AI, and the audit trail — the Security & Trust page lays it out without the hand-waving.

securityarchitecture

See the model for yourself

Start free, or read how the audited broker works on the Security & Trust page.

Request access Security & Trust