Glossary / Credential vault

Credential vault

A secure, encrypted store for the passwords and secrets an MSP needs to manage client systems — with access logging and rotation — replacing a spreadsheet or shared document.

An MSP accumulates an enormous number of credentials across its client base — admin logins, API keys, service account passwords, network device credentials — and how those are stored is one of the highest-leverage security decisions the MSP makes, because a single leaked vault can expose every client at once.

A real credential vault encrypts secrets at rest, logs every access (who viewed or used which credential, when), and supports rotation on a schedule rather than a password that's technically "in the vault" but has been unchanged for three years.

This is also one of the first things a security-conscious client's own IT or compliance team will ask an MSP about directly — "how do you store the passwords to my systems" is a very reasonable, very common vendor-security question.

How Nexus handles this

The Nexus security suite includes an encrypted credential vault with scheduled rotation and access logging, built into the platform rather than a separate tool bolted on.

Ready to see it in the platform?

Join the design-partner cohort and we'll show you exactly where this lives.