FyVault

Teams & Access Control

FyVault uses role-based access control at two levels: organization and secret.

RBAC Model

Organization Roles

RoleCapabilities
OwnerFull control. Delete org, manage billing, transfer ownership
AdminManage secrets, devices, teams, members. Cannot delete org
MemberView secrets and devices. Cannot create or modify
ViewerRead-only access to all resources

Secret Access Levels

LevelCapabilities
ReadView secret metadata (not the value)
WriteUpdate secret values, manage versions
AdminFull control: delete, manage access, assign to devices

How It Works

  1. 1Create teams (e.g. "Backend", "DevOps", "Data Science")
  2. 2Add organization members to teams
  3. 3Grant teams access to specific secrets with a permission level
  4. 4Members inherit access from all their teams

Tip: Use teams to model your organizational structure. When an engineer moves from the Backend team to DevOps, simply update their team membership. Their access automatically adjusts.