Projects are the highest-level organizational unit in Secryn. They define ownership boundaries, group related vaults together, and determine which users can access the resources within them.
A project typically represents an application, environment, team, or customer. All vaults, secrets, keys, and certificates belong to a project, and access to those resources is always evaluated in the context of the project.
Projects serve several important roles in Secryn:
Users must be added to a project before they can interact with its vaults or resources.
Each project has users assigned with specific roles such as Admin, Project Manager, Contributor, or Read-only. Roles determine what actions a user can perform within the project, including managing vaults, creating resources, or viewing data.
Administrators have full access across all projects, while other roles are scoped only to the projects they are explicitly added to.
A project can contain one or more vaults. Vaults are used to further organize and secure secrets, keys, and certificates within a project.
By default, project members can access all vaults in a project unless a vault is marked as restricted. Restricted vaults require explicit user assignment, even for users who already belong to the project.
Access to resources in Secryn is evaluated in the following order:
This layered model ensures predictable and secure access behavior.
Projects in Secryn are permanent and cannot be deleted. This design choice ensures:
If a project is no longer actively used, access can be restricted by removing users, disabling vault access, or archiving resources within the project—without removing the project itself.
Projects form the foundation of Secryn’s access model. Once a project is created, you can safely build vaults and manage sensitive data with confidence, knowing that project boundaries remain stable and auditable over time.