Skip to main content
VaultPAM
00 Features

one platform. three jobs to be done.

VaultPAM does different things for different people on your team — pick the view that fits your role.

01 I need to set this up

IT admin — browser-based, agentless, live in minutes.

1.1

Deploy in 5 minutes

Docker connector on any host, browser-based console, first privileged session in under 30 minutes. No project plan required.

1.2

No firewall changes

Outbound-only connector tunnels over port 443. No inbound rules. No VPN changes. No firewall review board.

1.3

Network discovery

Define an IP range and the connector scans your network for reachable targets — RDP, SSH, and other services. Discovered hosts appear in VaultPAM instantly; import them as managed resources with one click. No spreadsheets, no manual entry. Prefer to add resources manually? That option is always available too.

1.4

Automatic password rotation

Schedule credential rotation daily, weekly, or on demand. Users never need to know the password changed.

1.5

MFA in 2 minutes

TOTP, WebAuthn, and SMS OTP — enforce MFA for every privileged session with a single toggle in org settings.

1.6

Flexible connector deployment

Docker container or Kubernetes pod. Pick the right fit for every segment of your network. 5 minutes to deploy.

02 I need to report to the board

CISO — zero trust, zero standing privileges, EU residency.

2.1

Zero Trust architecture

Every access request is verified independently — no server is trusted just because the user is already inside the network. Each session is evaluated on its own merits, every time.

2.2

Zero Standing Privileges

No one has standing access to anything. Access is granted for a specific task, expires automatically, and leaves no lingering permissions behind.

2.3

Cryptographic policy enforcement

Access policies are cryptographically signed — if anyone tampers with them, the system refuses to open sessions and the attempt is logged.

2.4

Fail-closed by design

When anything in the authorization chain is unavailable, access is denied — not silently permitted. There is no fallback that opens a session.

2.5

Designed for attackers, not checkbox auditors

Every access path was threat-modeled before it shipped. Attack scenarios — not just compliance requirements — drove the architecture decisions.

2.6

EU data residency guaranteed

GCP europe-central2 (Warsaw). Audit logs, recordings, and credentials never leave the European Union. Your lawyers will approve.

03 I need audit evidence

Compliance — NIS2, SOC 2, GDPR and ISO 27001, exported on demand.

3.1

NIS2 Art. 21 mapped out of the box

Risk management, incident handling, MFA, cryptography, supply chain security — all Art. 21 PAM requirements covered and documented.

3.2

SOC 2 Type II controls

We generate the access log evidence your SOC 2 auditor will ask for — exportable as CSV or JSON in two clicks. No custom exports, no spreadsheet gymnastics.

3.3

GDPR/RODO by design

Personal data is encrypted at the application layer. Consent revocation and right-to-erasure are built in — not retrofitted. Your DPO will not need to ask twice.

3.4

Tamper-evident audit trail

Every access event is permanently recorded — nothing can be deleted or altered after the fact. When the auditor arrives, you export one file. Done.

3.5

ISO 27001:2022 aligned

Access control, cryptography, secure development, and 8 more ISO 27001:2022 control families covered and documented.

3.6

Compliance reporting export

Generate CSV/JSON evidence exports per compliance framework. Ready for auditor review, SIG questionnaires, and DPO assessments.

04 Ready when you are

Ready to cover every privileged path?

Deploy VaultPAM today. No agents. No six-month project. NIS2-ready in 5 minutes.

New to PAM? Start with the fundamentals.

Why PAM →