Bank-Grade
Password Vault
Enterprise-grade password vault with AES-256 encryption, granular permissions, full audit trail, and 2FA storage — built into your ERP.
Activate BOOM PASS
AES-256 Encryption at Rest
Passwords and 2FA secrets are encrypted with AES-256-CBC plus HMAC using a key stored outside the database.
- AES-256-CBC + HMAC encryption
- Encryption key outside database
- No plain-text passwords ever
Granular Access Control
Per-record access control. Share specific passwords with specific staff, roles, or departments.
- Per-staff visibility
- Per-role visibility
- Per-department visibility
- Strict isolation
Complete Audit Trail
Every action is logged. Each entry stores the staff ID, IP address, timestamp, and sanitized values without plain passwords.
- Logs reveal and copy events
- Staff ID + IP + timestamp
- Sanitized values
- Compliance-ready
Emergency Access
Admin can grant a staff member temporary access to a specific record for a defined number of hours.
- Time-limited access
- Logged in audit
- Admin can revoke early
- BreakGlass-expire after window
2FA Secrets and Passkeys
Store TOTP 2FA secrets encrypted alongside passwords. WebAuthn passkeys support for modern passwordless auth.
- TOTP 2FA secrets encrypted
- WebAuthn passkeys support
- Watermarked reveal modal
- Screenshot deterrence
Secure Attachments
Attach files to each record. Files stored in protected uploads folder with htaccess block.
- PDF and image attachments
- Protected uploads folder
- Permission-gated downloads
- Audited per file action
Audit Report and Compliance
Full audit report dashboard. Filter by user, action, date range, or specific record.
- Who revealed what
- Filter by staff and date
- Export for compliance
- SOC2 and ISO27001 ready
Client-Linked Passwords
Link any password record to a specific client. Open a customer profile and see all credentials.
- Link records to clients
- Client profile passwords tab
- Client-specific PDF export
- Folders and platforms
