Multi-Tenant Credential Vault
A credential vault should separate tenant configuration from tokens and bot secrets.
Requirements
- Per-tenant isolation.
- Customer-controlled revocation.
- Rotation support.
- Audit trail for access.
- No tokens in CI logs or docs examples.
Local CLI tokens stay in OS keyring; vaulting applies to hosted enterprise services.
Enterprise help
Need approval paths, BYO app setup, audit logging, or support for a controlled rollout? Talk to OSO about enterprise onboarding.