Vault Transfer
Vault transfer allows organization admins to reassign a member's vault contents to another member. This is primarily used during employee offboarding to ensure credentials, secure notes, and other records are not lost when an account is removed.
When to Use Vault Transfer
- Employee departure: Transfer credentials to a manager or successor before deleting the departing member's account.
- Role change: Move project-specific credentials from one team member to another.
- Account consolidation: Merge records from a redundant account into a primary one.
Vault transfer is a one-way, irreversible operation once the recipient accepts. Plan carefully before initiating a transfer.
Prerequisites
- You must be an organization Owner or have the Admin role.
- The source member's account must be in Active or Suspended status.
- The recipient must be an active member of the same organization.
- The recipient must have enough vault storage quota to accommodate the transferred records.
Transfer Workflow
Step 1: Lock the Source Account
Before initiating a transfer, lock the source account to prevent further changes:
- Go to Admin Console > Members.
- Select the departing member and click Suspend Account.
- This immediately revokes their active sessions and prevents new logins.
Step 2: Initiate the Transfer
- On the suspended member's profile, click Transfer Vault.
- Select the recipient from the member list.
- Review the transfer summary: total records, folders, shared items, and attachments.
- Click Request Transfer.
Step 3: Recipient Acceptance
The recipient receives an email and an in-app notification with the transfer details. They have 7 days to accept or decline.
- Accept: The transfer proceeds. Records are re-encrypted under the recipient's keys.
- Decline: The transfer is cancelled. The admin is notified and can choose a different recipient.
- No response after 7 days: The transfer request expires. The admin can reissue it.
Step 4: Delete the Source Account
After the recipient accepts and the transfer completes:
- Verify the transfer status shows Completed on the member's profile.
- Click Delete Account to permanently remove the source member.
What Gets Transferred
| Transferred | Not Transferred |
|---|---|
| Login credentials | Master password |
| Secure notes | Two-factor authentication seeds |
| Credit card records | Session history |
| Identity records | Device registrations |
| File attachments (up to 100 MB each) | Personal settings and preferences |
| Folder structure | Emergency access grants |
| TOTP seeds stored as records | Shared folder memberships (revoked) |
Shared folder memberships held by the source member are revoked during transfer. The recipient does not inherit the source member's sharing relationships. If the recipient needs access to those shared folders, an admin must grant it separately.
How Zero-Knowledge Is Maintained
SyVault never has access to plaintext vault data during a transfer. The process works as follows:
- When the admin initiates a transfer, the server generates a one-time transfer key pair.
- The source member's vault keys are wrapped with the transfer public key. Because the source account is suspended and the admin has organizational key escrow rights, the org's escrowed copy of the member key is used.
- When the recipient accepts, their client unwraps the transfer key using the organizational key hierarchy, then re-encrypts every record under their own vault key.
- All cryptographic operations happen in the recipient's browser. The server only stores ciphertext at every stage.
The transfer key pair is destroyed after the transfer completes or expires.
Monitoring Transfers
Active and completed transfers are logged in Admin Console > Audit Log with the event type vault.transfer. Each log entry includes:
- Source member
- Recipient
- Record count
- Timestamp of each status change (requested, accepted, completed, or expired)
Cancelling a Transfer
An admin can cancel a pending transfer at any time before the recipient accepts:
- Go to Admin Console > Members and select the source member.
- Click Cancel Transfer in the transfer status panel.
The source account remains suspended. No records are moved.
Frequently Asked Questions
Can I transfer to someone outside the organization? No. Both source and recipient must be members of the same organization.
What happens to attachments larger than 100 MB? Attachments exceeding 100 MB per file are excluded from the transfer. The admin receives a report listing any skipped attachments.
Can I do a partial transfer? Not currently. Vault transfer moves all records. If you need selective transfer, use the sharing feature to share specific folders with the recipient, then delete the source account.