Kuvii Vault · v2.4 · zero-knowledge

Zero-knowledge
by design.

The credentials vault for security-serious organizations. The server holds ciphertext — never plaintext.

Book a 20-minute demo Read the security brief

SOC 2 TYPE IIISO 27001HIPAA · BAANIST SP 800-57

audit-log · tamper-evident · merkle-signedlive

14:32:11svc:ci-deploy-prodreadstripe.live_key· eu-central · token-7f2a

14:31:58rita@northwind.corotateaws.root_iam· next due in 89d

14:30:42auditor@deloitteexportaudit.range_q1· metadata only

14:28:01svc:github-actionsreaddatadog.ingest_key· anomaly: new region

14:24:33leo@northwind.cosharesend.one-time· expires 24h

14:18:09systemverifylog.merkle_head· sig 0x9e2d…

14:11:47rita@northwind.coapprovereq.aws.write· jit · 2h window

head #0x9e2d3a…b41fverified at 14:18:09 UTCread-only · auditor

· production · audit-log

01 · Encryption

The math is the proof. Not the marketing copy.

Vault keys are wrapped per user with a key derived from their master password. The server stores ciphertext and never has access to the bytes needed to decrypt. Anyone running a database query — including us — gets the same answer: nothing useful. That is not a policy. It is the cryptography.

envelope · wrapped per user

clientmaster_password••••••••••••••

clientkdf(argon2id)derive → user_key

clientunwrap(user_key, wrapped_vault_key)vault_key

clientaes-256-gcm(vault_key, plaintext)ciphertext

wire↓ over TLS

serverINSERT INTO secrets(ciphertext, …)stored

serverattempt: decrypt(ciphertext)impossible · no key

Verifiable. Crypto is open-source. The protocol is documented end-to-end.

02 · Workflow

Built around the person on call.

A browser extension that follows your team around the web. A CLI for CI pipelines and one-shot deploys. Service tokens with scoped permission atoms, IP allowlists, and JIT windows. SCIM provisioning so revoking access on Friday means one click in the IDP — not a manual sweep on Monday.

~/northwind/apikuvii-cli · v2.4

$ kuvii run --vault production -- ./deploy.sh

fetching 6 secrets · scoped to ci-deploy-prod

injecting env: STRIPE_KEY, AWS_*, DD_API_KEY · 6/6

session sess_01HG7… · jit · 2h window

deploy.sh exited 0 · 47s

$ _

Scoped token · ci-deploy-prod

vault:productionread:stripe.*read:aws.deploy_*read:datadog.ingestip:35.230.0.0/16

healthy

03 · Audit

Designed for the day the auditor logs in.

A read-only auditor role that sees metadata but never plaintext. A tamper-evident, Merkle-signed audit log. SOC 2 evidence packs generated from the source of truth — not assembled from screenshots the night before fieldwork. The break-glass procedure is a flow you have practiced, not a Slack thread you are trying to find.

auditor@deloitte.com

read-only · metadata only · expires in 14d

AUDITOR

SOC 2 evidence · Q1 2026

CC6.1 — Logical access247 eventscompiled

CC6.7 — Restricted access1,841 eventscompiled

CC7.2 — Anomaly response12 eventscompiled

CC8.1 — Change management64 eventscompiled

Customers

Trusted by security teams that don't sign procurement docs for fun.

We moved off 1Password Business after a procurement freeze. Kuvii passed our security review without a single exception — the auditor opened the evidence pack and closed the ticket.

Noor Bakari

Head of Security · fintech · 820 employees

NORTHWIND

PARALLAX

KETTLE

AURORA BANK

TERMINUS

COVALENT

SIGNAL/9

HALLOWED

Pricing

Three tiers. No "contact sales" wall in front of basic numbers.

Monthly or annual billing. Migration support from 1Password, Bitwarden, LastPass, and HashiCorp Vault is included on every plan.

Team

You've outgrown Slack DMs.

$6per user / month

Unlimited vaults & shares

Browser extension & CLI

SSO (OIDC / SAML)

Standard audit log

RECOMMENDED

Business

Your security review starts here.

$14per user / month

SCIM provisioning

Anomaly detection

BYOK (your KMS)

Auditor read-only role

Tamper-evident log

Enterprise

Worst-day-of-the-year ready.

Customvolume + dedicated infra

Break-glass with cooldown

Dedicated per-org KMS isolation

Named CISO contact

On-prem signing service

SLA · 99.99%

See full pricingOpen-source self-host edition · free for orgs under 10 seats

Get started

Twenty minutes. One CISO. Your security review.

We will walk you through the threat model, the cryptography, and a live anomaly drill. You bring the questions. We bring the engineer who wrote the code.

Book a 20-minute demo Download the security brief (PDF · 32 pages)