# Team vaults ## Overview Team vaults are the top-level organizational unit in Termius. A vault stores data and controls which team members can access it. Each vault is encrypted with a unique key. Members can access a vault only after the owner grants them permissions. Termius includes one non-shared **Personal vault** per user, and one default **Team vault** shared with all team members. Additional **custom team vaults** can be created and shared with specific team members. Members can have different permissions in different vaults: * **Can edit:** Allows creating, updating, and deleting data within the vault; adding or removing members. * **Can view:** Allows viewing data, initiating connections to hosts, and running snippets. Data cannot be modified. ## Set up your team Invite your team members to start collaborating in Termius. After that Team vault is created automatically. Use it to share and manage data with your team. {% tabs %} {% tab title="Desktop" %} 1. Invite your team members. You have several options to do it. The team will be created automatically after that 1. Click the chevron on the `Vault` tab and click `Team`

2. Click the `vault selector` on the entity edit form and click `Team`

3. Click `Plus button` on `Hosts screen` near your avatar and click `Invite team members`

2. Enter your team members' emails and click `Continue`

3. Wait for your members to accept their invitations and join the team 4. Grant them access to Team vault

5. Your Team vault is ready. Follow the next steps to define the vault structure and add more vaults If you already have data in your Personal vault, you can move it to your Team vault during Team vault setup or at any time afterward. See [Add data to vaults](#add-data-to-a-vault).

{% endtab %} {% endtabs %} ## Create vaults ### Define the vault structure Whether you separate access by projects, clients, environments, departments, or other criteria, vaults can be configured for that use case. A few examples of how different teams organize their data using vaults: {% tabs %} {% tab title="Small startup" %}

The team structure is flat, with a small number of members and a high level of trust. * **Vaults:** A single Team vault shared with all members. * **Groups:** Prod, Staging, and Development. {% endtab %} {% tab title="Consulting company" %}

The team structure is client-based, where small teams or individuals work with several clients. * **Vaults:** Each client has a separate vault. Team members are added and removed from vaults depending on the projects and clients they work with. * **Groups** are used to separate environments within the client's vault. {% endtab %} {% tab title="Mid-size Business" %}

The team structure is functional-based, with dedicated DevOps, Developers, and QA teams. * **Vaults**: Vaults separate **Production**, **Development**, and **Staging** environments. DevOps has access to all three. Developers can access Staging and Dev, while QA can only access Staging. * **Groups**: Within each vault, there are groups for different resource types, such as **Database Servers (DB)**, **Web Servers**, and **Cache**. {% endtab %} {% tab title="Enterprise" %}

The team structure is functional and location-based, with infrastructure distributed across multiple regions. Access is organized by region or data center. * **Vaults**: Organized by region and team. For example, **US-East-DevOps**, **US-East-Support**, **US-West-DevOps**, **EU-Central-DevOps.** * Each team structures groups to match their operational context. A data center team, for example, might organize by physical location: building, floor, room, and rack. {% endtab %} {% endtabs %} ### Add vault {% tabs %} {% tab title="Desktop " %} 1. To create a new vault, you have several options: 1. Open `Settings` > `Vaults` > `Add vault`

2. Click the chevron on the `Vault` tab and click `Add vaults`

3. Click the `Vault selector` on the entity edit form and click `Add vault`

2. Name it according to your vault structure

3. Add members to this vault and set their roles

4. Click `Save changes` {% endtab %} {% endtabs %} ### Add data to vaults {% tabs %} {% tab title="Desktop" %} 1. To add data to a vault, you have several options: 1. Open entity details and click the `vault selector` to choose the vault to move it to

2. Right-click on an entity you want to move or copy, then select `Move to` or `Copy to` and select the destination vault

2. Choose where you want to store credentials for hosts and groups

* **Personal vault** — the host or group will be added to a vault **without credentials**. Each member will need to use their own set of credentials saved in their Personal vault. * **Selected vault —** the host will be added to a vault **with credentials**. Each member will connect using the same **shared credentials**. Once the entity is saved to this vault, it is instantly accessible by all team members with access. 3. Once an entity is moved or copied, it is immediately available to all members of the selected vault. If the selected entities have linked entities, choose how to handle them: * **Copy** — all linked entities are copied to the selected vault and also remain in the original vault. * **Move** — all linked entities are moved to the selected vault, removed from the original vault, and unlinked from all other entities in the original vault.

{% endtab %} {% endtabs %} ## Edit vaults ### Change vault name {% tabs %} {% tab title="Desktop" %} 1. Open `Settings` > `Vaults` , or click the chevron on the `Vault` tab and click `Manage vaults`

2. Select a `vault` you want to edit. Personal and Team vaults have default names that can't be changed

3. Click on the vault name and change it 4. Click `Save changes` {% endtab %} {% endtabs %} ### Add members {% tabs %} {% tab title="Desktop" %} 1. Open `Settings` > `Vaults` , or click the chevron on the `Vault` tab and click `Manage vaults`

2. Select a `vault` you want to edit

3. Add team members to this vault from your team and set their roles

4. Click `Save changes` {% endtab %} {% endtabs %} ### Change member permissions {% tabs %} {% tab title="Desktop" %} 1. Open `Settings` > `Vaults` , or click the chevron on the `Vault` tab and click `Manage vaults`

2. Select a `vault` you want to edit

3. Click the `permission picker` for the member you want to edit: 1. **Can edit** allows the member to edit entities in the vault 2. **Can view** allows the member to connect and run snippets, but not edit them 3. **Remove access** allows removing a member from the vault

4. Click `Save changes` {% endtab %} {% endtabs %} ### Remove member from vault {% tabs %} {% tab title="Desktop" %} 1. Open `Settings` > `Vaults` , or click the chevron on the `Vault` tab and click `Manage vaults`

2. Select a `vault` you want to edit

3. Click the `permission picker` for the member you want to remove

4. Click `Remove access`, then `Save changes` {% endtab %} {% endtabs %} ## Security Vaults are the most secure way to share sensitive information across the team. Each vault is encrypted with a unique key, so only you and your team members with access to that vault can see and use its data. New members cannot access a vault until the owner grants access and sets their permissions. For more information about encryption and security, see [Encryption overview](/security/encryption-overview.md). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.termius.com/team-collaboration/team-vaults.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.