Make monday.com work with Microsoft 365 & SharePoint →
apps for monday.com
Passwords & Secrets Vault logo

Passwords & Secrets Vault

Deview Studios

105 installs, since August 7, 2024.   9 installs/month.   Updated March 24, 2025.

14 days trial No touch
Project management Import & export Collaboration
Sign in to install
View on Marketplace
Gallery image Gallery image Gallery image Gallery image

Securely store secrets and share them with your team

Unlock a new level of security and collaboration within your monday.com workspaces with Passwords & Secrets Vault. The app ensures your sensitive information is always protected, yet easily accessible to authorized team members. Whether you're handling passwords, confidential project details, or any other critical data, Passwords & Secrets Vault has you covered.


Key Features


🗄️ Secure Storage of Various Secrets: Safeguard any type of confidential information directly within your monday.com workspaces. From passwords to private notes, keep everything secure in one place.

🤝 Seamless Team Collaboration: Authorize team members to specific vaults, enabling smooth and secure collaboration.

🔑 Team Secrets Management: Store and manage secrets for various tools and platforms, ensuring that team members have secure access without the need for insecure sharing methods.

📁 Confidential Project Details: Keep sensitive project information, like financial data or strategic plans, secure and accessible only to those who need it.


Top-Notch Data Privacy & Security


🔒 Browser Encryption: All secrets are encrypted exclusively in your browser. Sensitive data is transformed into an unreadable format before it even leaves your device.

🚫 Master Password is never stored: We adhere to a strict policy of never storing master passwords. The key to accessing encrypted secrets remains solely in your possession.

🛡️ Advanced Encryption: Leverage cutting-edge AES256-GCM encryption, a standard trusted by security professionals worldwide, to keep your data safe.

Empower your team to collaborate securely and efficiently. Download Passwords & Secrets Vault today and transform the way you handle confidential information within monday.com.


See the Passwords & Secrets Vault in action here


Book a free demo at [email protected]

Security & Compliance

Security

Does the developer periodically perform penetration testing?

No

Does the developer have a dedicated security and privacy point of contact for such issues or questions?

Yes
[email protected]

Does the app restrict redirects and forwards only to approved destinations, or show a warning when redirecting to potentially untrusted content?

Yes
Redirects nor forwards are not allowed by the app.

Does the app protect against mass parameter assignment attacks?

Yes
We explicitly verify all assigned parameters one by one. Additionally, we don't use auto binding/wiring libraries for parameter assignments.

Does the app perform encoding and sanitization on all user supplied parameters to protect against Cross-Site Scripting?

Yes
We use React to sanitize all inputs and frontend controls natively (String variables in views are escaped automatically) We don't use dangerouslySetInnerHtml or base64 encoded data.

Does the developer protect all state-changing actions against Cross-Site Request Forgery (CSRF)?

Yes
All requests are protected by 2 JWT tokens: - Standard monday.com short lived session token - separate JWT, in addition to the short lived session token, which is always unique and is used as additional authorization.

Does the developer have mechanisms to notify monday.com in case of a security breach?

Yes
In the event of a security breach, we will notify monday.com within 24 hours via email and the following submission form: https://support.monday.com/hc/en-us/requests/new?ticket_form_id=13855862562962

Does this developer have a process for installing application-level updates and security patches for the service (such as software packages and databases)?

Yes
We deploy application level updated through automated pipelines. critical and high vulnerabilities - 24-48 hours medium - 7 days low vulnerabilities - no specific timeline

Compliance

Is the app certified with the information security standard ISO/IEC 27001:2022?

Not answered

Is the app compliant with the Health Insurance Portability and Accountability Act (HIPAA)?

No

Is the app certified with System and Organization Controls (SOC 2 or SOC 3)?

No

Is the app compliant with the General Data Protection Regulation (GDPR)?

No

Data

Does the app send any data outside of monday.com? If yes, indicate whether the data is customer-submitted (e.g., board names, item names, doc content) or non-customer-submitted (e.g., account ID, board ID, user ID).

Not answered

Where does the app store logs data?

Not answered

Where does the app store the app data?

Not answered

Does the developer ensure application logs do not contain secrets or personally-identifiable information (PII)?

Yes
We use the "morgan" library for nodejs in all our apps, to filter out all secrets and PII from logs

Is customer data segregated from the data of other customers (for example logically or physically)?

Yes
Customer data is segregated logically through tenant IDs

Privacy

Does the developer enforce multi-factor authentication on employees access to systems which may process customer data?

Yes
Multi-factor authentication is enforced across all systems in our toolchain

Does the developer protect access to customer data based on the principle of least privilege?

Yes
Customer input is encrypted in the customers' browser. Data arrives in our backend encrypted and we don't have the key to decrypt it. If any data is required for processing it's done through automation, rather than human involvment

Reviews

November 2, 2024

FR: Perfect for sharing passwords with my team inside Monday. Very easy to use

Installation history

We have data for December 28, 2024 onwards only. Collected sometime after 00:00 UTC daily.

ID: 10000564App ID: 10171811Listing updated: March 25, 2025