Teams
Teams let you organize members into logical groups and grant those groups access to shared folders. Instead of sharing credentials with individuals one by one, you share with a team -- and anyone added to or removed from that team automatically gains or loses access.
Creating a Team
- Navigate to Admin Console > Teams > Create Team.
- Enter a Team Name (e.g., "Engineering", "Marketing", "DevOps").
- Optionally add a Description to clarify the team's purpose.
- Click Create.
Only Owners and Admins can create teams. Once created, the team appears in the Teams tab and is available as a sharing target throughout the vault.
Adding and Removing Members
Open a team and click Add Members. Search by name or email and select one or more members to add. Removing a member is equally straightforward -- click the Remove button next to their name.
When a member is removed from a team, SyVault automatically re-wraps the shared folder keys so the removed member's key material can no longer decrypt team-shared data. This re-wrapping happens asynchronously and completes within seconds.
Adding or removing team members is an admin-level action. Members cannot add themselves to teams.
Team-Scoped Shared Folders
Each team can have one or more shared folders. A shared folder is a collection of records (logins, notes, cards, identities) that every team member can access. Shared folders are encrypted with a folder-specific key, which is wrapped individually for each team member using their public key (ECDH P-256).
To create a shared folder:
- Open a team and click New Shared Folder.
- Name the folder (e.g., "AWS Credentials", "Social Media Accounts").
- Set permissions:
| Permission | Description |
|---|---|
| Can View | Members can read records but not edit or delete them |
| Can Edit | Members can read and modify records |
| Can Manage | Members can add, edit, delete records, and invite others to the folder |
- Click Create Folder and begin adding records.
Use Cases
Engineering team sharing infrastructure credentials. Create an "Engineering" team, add all developers and SREs, and create shared folders like "AWS Production", "CI/CD Tokens", and "Database Credentials". When a new engineer joins, adding them to the team grants access to all relevant folders in one step.
Marketing team sharing social media logins. Create a "Marketing" team with shared folders for each platform -- "Twitter / X", "LinkedIn", "Instagram". The social media manager sets permissions to "Can Edit" so team members can update passwords after rotation without needing to request them each time.
Use descriptive folder names and keep each folder focused on a single service or project. This makes it easy to revoke access at a granular level when team composition changes.
Nesting and Limits
Teams cannot be nested (no sub-teams). If you need hierarchical grouping, create separate teams and assign shared folders independently. There is no hard limit on the number of teams per organization, but each team can contain up to 500 members (Business plan) or unlimited members (Enterprise plan).
Deleting a Team
Deleting a team removes all member associations and unlinks shared folders. The shared folders themselves are not deleted -- they become unassigned and can be reassigned to another team or managed individually. The deletion is recorded in the audit log (team.delete).
Deleting a team immediately revokes all team members' access to the team's shared folders. Ensure that any critical shared folders are reassigned before deleting a team.