An admin creates a named Password Policy specifying minimum length, required character types (uppercase, lowercase, numbers, special characters), maximum age in days before a rotation reminder, and password history depth to prevent reuse. The policy is then assigned to one or more Chambers. When Vault’s built-in password generator is used, it respects the active policy by default. Existing Secrets that do not meet the policy appear in the Password Audit report as non-compliant, prompting the owner to update them.
Apply Password Policies to Chambers that hold production credentials, financial system logins, or any Secret subject to regulatory requirements such as PCI-DSS or ISO 27001. Create a separate, less restrictive policy for internal-tool Chambers where frequent rotation would cause unnecessary friction. Do not apply a policy to personal Chambers if your organisation follows a passphrase approach rather than complexity rules, as the two models conflict.
Password Policies in Vault are advisory and compliance-reporting tools: Vault will store a non-compliant password if a user chooses to override. Enforcement relies on the compliance report being reviewed regularly. Policies do not automatically rotate passwords; they flag overdue Secrets for manual action. If your organisation uses the Vault password generator for all new Secrets, the generator will satisfy the policy by construction, reducing the number of compliance flags significantly.
No. Zoho Vault flags expired Secrets in the Password Audit report and can send reminder notifications, but it does not automatically change the password on the target service. Automatic rotation would require integration with the service’s API or a privileged access management layer. Vault’s role is to alert and record; the user or admin must perform the actual rotation.
Yes. Each Chamber can have a distinct Password Policy assigned, allowing stricter rules for high-risk Chambers such as production servers and more relaxed rules for lower-risk Chambers such as test environments. A single Secret that belongs to multiple Chambers will be evaluated against the most restrictive policy applied to any Chamber it belongs to in the compliance report.
Aaxonix is a certified Zoho implementation partner based in Pune. Architecture-first, no surprises.