What is Secure Notes (Vault)?

Secure Notes in Zoho Vault are encrypted free-text records for storing sensitive information that does not fit a standard credential format, such as

Secure Notes (Vault)

Business Term

Secure Notes in Zoho Vault serve as the vault for sensitive information that is not a username-and-password pair. Recovery codes, SSH private keys, software licence strings, and internal PIN numbers are all better stored as Secure Notes than in email drafts, sticky notes, or unencrypted text files, because they receive the same encryption and access-control treatment as any Secret.

How Secure Notes Works in Zoho Vault

A Secure Note is a special Secret type in Zoho Vault that has a title and an encrypted text body, without the mandatory URL and username fields of a standard credential. The body accepts free-form text, making it suitable for multi-line content such as a list of recovery codes or a configuration snippet. Secure Notes support the same sharing, Chamber membership, access control levels, and audit logging as standard Secrets.

When to Use Secure Notes

Use Secure Notes for any sensitive text that does not map to a service login: two-factor recovery codes generated when enabling MFA, API keys and bearer tokens, software serial numbers, bank account details or IFSC codes shared within a finance team, and emergency contact credentials. Do not use Secure Notes as a substitute for a document management system when the content is long, versioned, or requires formatting; encrypted storage does not mean searchable or manageable at scale.

Key Considerations for Secure Notes

Secure Notes do not trigger the password strength analyser or Password Policy compliance checks, because they have no password field. This means weak sensitive values stored in Secure Notes will not appear in audit reports. Secure Notes can be shared using the same access model as Secrets, so apply Chamber membership or direct shares thoughtfully. There is no character limit published for the note body, but very large text blocks may be better suited to an encrypted file store rather than a vault note.

India Example: A Delhi-based accounting firm stores the ten backup recovery codes for its Zoho One super admin account as a Secure Note in a Chamber named IT Administration, shared only with the IT manager and the managing partner. When the admin phone is unavailable, either person can retrieve the codes without the codes being exposed in an email thread.

Are Secure Notes in Zoho Vault searchable by their content, or only by title?

Zoho Vault’s search function searches Secret and Secure Note titles and associated URLs, not the encrypted body content. This is by design: searching encrypted body content would require decrypting every note on the server during the search, which would break the client-side encryption model. Name your Secure Notes descriptively so they are findable by title alone.

Can I attach a file to a Secure Note in Zoho Vault?

Zoho Vault’s Secure Notes are text-only records; they do not support binary file attachments within the vault itself. If you need to store an encrypted file such as a PFX certificate or a key file, you would need to use a separate encrypted file storage solution and store the access details for that storage as a regular Secret or Secure Note in Vault.

Need help implementing this in Zoho?

Aaxonix is a certified Zoho implementation partner based in Pune. Architecture-first, no surprises.

Book a Free Consultation →

← Back to Glossary