Skip to main content
TownAdminPro
All modules
Governance & records

Credentials vault

Shared department secrets — vendor logins, plant credentials, treasurer's bank portal. Encrypted, role-gated, audited. Ends the sticky-note problem.

Used by Clerk · Treasurer · Public Works Director
Pricing Available in all tiers
app.townadminpro.com / vault ● MFA enforced
Department vaults
12
Total secrets
384
across all vaults
Access events MTD
3,420
every read logged
Expiring this month
2
rotation reminder
Department vaults
Permissions managed in roles · not on this screen
Public Works
● MFA
48
items
6
members
14m ago
last access
Treasurer
● MFA
32
items
4
members
2h ago
last access
Police
● MFA
64
items
12
members
1m ago
last access
Town Clerk
● MFA
28
items
3
members
38m ago
last access
Library
● MFA
18
items
4
members
yesterday
last access
Recreation
● MFA
22
items
5
members
4h ago
last access
Fire-EMS
● MFA
36
items
28
members
12m ago
last access
IT / Admin
● MFA
84
items
2
members
6m ago
last access

Department-vault summary with access log — credential values intentionally not displayed. Staff view.

Department-level shared vaults with role-based access. Encrypted at rest with a town-controlled key. Every read logged to the tamper-evident audit trail. Replaces the spreadsheet of passwords on the front-desk computer.

Capabilities

What you can do with credentials vault.

Per-department vaults with role-based access

Town-controlled encryption key — never held by us

Append-only audit log of every read, write, and rotation

Hardware-backed MFA enforced on every access

Rotation reminders for time-bound credentials

No vendor (us) access to your secrets, ever

Common questions

Credentials vault — answered.

The questions we hear most when towns are evaluating this module. Anything specific to your charter, your state, or your existing vendor — we'll answer on the discovery call.

01 Can TownAdminPro staff see our stored credentials? +
No. Vault entries are encrypted with a town-controlled key that never leaves your tenant in cleartext. We can't decrypt your secrets — not for support, not under subpoena. The trade-off is real: if your town loses its key custody, we can't recover the contents. Key custody and break-glass procedures are part of onboarding.
02 What happens when an employee leaves? +
Access revocation is one click in the staff directory — the moment a role is removed, that account's session ends and future vault reads are denied. The audit log captures every credential the departing employee read in the prior 90 days so your office knows exactly what to rotate.
03 What kinds of credentials do towns actually store here? +
The treasurer's state-revenue-portal login, the public-works SCADA password, vendor portal credentials (Tyler, Sensus, Plaid), the front-desk POS terminal key, water-plant chemical-supplier accounts, the council's shared Zoom and YouTube Studio logins. Anything that today lives on a sticky note, in a shared spreadsheet, or in one person's head.
04 Does this replace 1Password or LastPass? +
For shared town-hall credentials, yes. The difference is municipal-fit: per-department vaults aligned to your org chart, audit trails the auditor expects, and integration with your TownAdminPro staff directory so leaving employees lose access automatically. For personal passwords, staff can keep using whatever they like.
Plays well with

The modules credentials vault talks to most.

All 24 modules →
public-records
Documents & public records
Governance & records

Document management — full-text search, inline redaction, public-records queue with statutory clocks. Built for the clerk who is the records officer.
Previous module
Documents & public records
Governance & records
Next module
Cemetery management
Governance & records
Ready when you are

Run your town
on one system.

Thirty-minute discovery call with the actual builders. Bring last month's spreadsheets; we'll bring the questions.

Get in touch See all 24 modules
No commitment · No pushy sales reps