Home Glossary Zoho Vault Password Sharing (Vault)
Zoho Vault

Password Sharing (Vault)

Password Sharing in Zoho Vault is the controlled process of granting another user access to a Secret without revealing the plain-text password to that

Business Term

Password Sharing in Zoho Vault lets a credential owner grant another user the ability to use a Secret to log in, without that user ever seeing the underlying password. The recipient’s access level, view-only, edit, or share-forward, is set at the time of sharing and can be revoked instantly without changing the credential itself.

How Password Sharing Works in Zoho Vault

When you share a Secret, Zoho Vault re-encrypts the Secret’s key with the recipient’s public key so they can decrypt it client-side. The recipient can log in via Vault’s browser extension or mobile app without the password ever appearing in plain text unless they explicitly choose to reveal it. Sharing can be done at the individual Secret level or by adding a user to a Chamber, which grants access to all Secrets within that Chamber.

When to Use Password Sharing

Use Password Sharing when a colleague needs ongoing access to a shared service account such as a social media login, a billing portal, or a SaaS tool where individual accounts are not available. It replaces the unsafe practice of sending passwords over email or chat. Do not share Secrets with personal email addresses outside your organisation; instead, invite users to the Vault organisation first and then share with their corporate identity.

Key Considerations for Password Sharing

Sharing permissions are additive: a user with view-only access to a Secret cannot improve their own permissions. The owner of a Secret can revoke sharing at any time; the recipient will lose access on their next vault sync. In Enterprise plans, admins can restrict who is allowed to share Secrets outside a defined group. Sharing does not automatically notify the recipient; you may need to inform them separately. Review shared access periodically as part of your access-review cycle.

India Example: A Mumbai e-commerce startup shares its payment gateway admin login with the finance lead and the CTO via Zoho Vault. Both can authenticate without knowing the password, and when the finance lead leaves the company, the owner revokes their share in seconds, with no password rotation required.
Can a recipient of a shared Secret share it further with someone else?

Only if the original owner granted share-forward permission. By default, sharing grants view or use access without the ability to re-share. Enterprise plan admins can enforce a policy that prevents any re-sharing, ensuring the credential owner always controls the full list of people with access.

What happens to a shared Secret when the original owner’s account is deactivated?

When an account is deactivated in Zoho Vault, an admin or super admin can transfer ownership of that user’s Secrets to another active user. Until transfer is complete, recipients retain their existing access, but no one can update the Secret. This makes prompt ownership transfer critical during employee offboarding.

Need help implementing this in Zoho?

Aaxonix is a certified Zoho implementation partner based in Pune. Architecture-first, no surprises.