Sales SaaS

On any project's Credentials tab you can store login/api-key/ssh/database values. Each value is encrypted with AES-256-GCM using a per-row random IV; the plaintext never appears in logs, list responses, or anywhere outside a successful reveal call.

Revealing a credential requires an active 2FA grant and writes a row to the access log. The plaintext auto-masks after 30 seconds.