Team Sharing
Share encrypted vaults with your team. Each member gets their own encrypted copy of the vault key via X25519 key exchange — no raw keys shared over Slack.
How It Works
1. You create a vault → random vault key generated
2. Vault key encrypted with your master key → stored on server
3. You share with a team member → vault key re-encrypted with their public key (X25519)
4. Team member decrypts vault key with their private key → accesses secrets
The server only stores encrypted blobs. It never sees the vault key or any secret value. This is the same key exchange mechanism used by Signal and WhatsApp.
Create a Team
Invite Members
| Role | Permissions |
|---|---|
| owner | Full access + delete team + manage members |
| admin | Read + write secrets + invite members |
| member | Read + write secrets in shared vaults |
Share a Vault
After sharing, every team member can mp pull and mp get from the shared vault. The vault key is re-encrypted for each member using their public key.
Audit Trail
Every vault and secret operation is logged. Track who accessed what, when, and from where.
vs. dotenvx Team Sharing
MeowPass
- • X25519 key exchange per member
- • Each person has their own encrypted vault key
- • Revoking access = remove their encrypted key
- • Audit trail of every access
dotenvx
- • Share raw DOTENV_PRIVATE_KEY via Slack/1Password
- • Everyone uses the same key
- • Can't revoke without re-encrypting everything
- • No built-in audit trail (free tier)