Add-on · $2 / user / month · Zero-Knowledge

TATER Vault - a password manager that's part of the platform.

A zero-knowledge password manager for your team, on the same sign-in, the same admin, and the same bill as the rest of TATER. Logins, secrets, notes, and one-time codes are encrypted and decrypted in your browser - so the server only ever holds ciphertext, and not even TATER's own AI tools can read them. Stop paying a separate vendor for the vault your compliance program already assumes you have.

Open Vault See pricing

What's in TATER Vault

A full-featured team password manager - the capabilities you'd expect from a standalone product, folded into the suite you already run.

Zero-knowledge by design

Encryption and decryption happen in your browser with a key derived from your master password. The server stores only ciphertext - TATER staff, the AI Analyst, and the MCP tools can't read your secrets, by design.

Logins, secrets, notes & cards

Keep passwords, secure notes, API secrets, payment cards, and identities in one organized vault - with folders, search, and favorites so the right entry is one keystroke away.

Built-in TOTP authenticator

Store the 2FA seed alongside the login and Vault generates the rolling 6-digit code inline - one less app to juggle, and the code is right where you sign in.

Password & passphrase generator

Generate strong passwords or human-readable passphrases with length and character controls, so every new credential is unique and hard to guess from the moment it's created.

Shared team vaults

Share a set of credentials with a group through a shared vault - scoped so the right team gets the right logins, and access is revocable the moment someone changes roles or leaves.

Org ownership & escrow

The organization retains escrowed access to vault data, so an offboarded, locked-out, or departed employee never takes critical credentials with them. Reclaim a user's vault as part of offboarding.

Security dashboard & hygiene

Surface weak, reused, and aging passwords across the vault. The analysis runs as counts your device computes and self-reports - so hygiene reporting never exposes the underlying secrets.

Import, export & extension

Move in from another manager, take an encrypted personal export with you, and let admins pull an inventory export for the record. A browser extension autofills logins where your team actually works.

Restricted Vault for documents

A separate, more tightly controlled vault for sensitive documents and files - kept apart from day-to-day passwords, with its own access controls for the records that need them.

How it's licensed

TATER Vault is an add-on app at $2 per user / month, on the same Entra ID sign-in as the rest of the platform - add it to any TATER subscription with no separate account or vendor. It's also bundled in at no extra cost with the $10/user/month Complete Platform. Enterprise and MSP volume discounts apply. Need to send a secret to someone outside the org? TATER Send hands off a password or file through a link that expires after a set time or number of views - no recipient account required.

The vault your compliance program already assumes you have.

Almost every framework expects credentials to be stored securely, shared deliberately, and reclaimed at offboarding. TATER Vault makes that real without a separate purchase, a separate login, or a separate admin console - the passwords live next to the controls, policies, and audits that reference them.