Establishing a default password management group ensures that your primary security or administrative teams always have immediate access to new credentials.

By defining a default view-edit group, the system automatically grants that group administrative privileges for every new password or secret added to the vault. This prevents orphaned secrets  and credentials that might otherwise become inaccessible if the original creator leaves the organization or if manual permissions are misconfigured.

Set the default group

Configure the global rule that applies view-edit privileges to your password inventory.

1. Navigate to Tools > Settings > Global Settings.

2. Click Edit at the top of the page.

3. Locate the Secrets section near the top of the configuration form.

4. Review the list of available administrative groups.

5. Select one or more groups to be the default managers:

   • Click a group name to select it.

   • Hold Ctrl (or Cmd on Mac) while clicking to select multiple groups.

6. Click Save at the bottom of the page to apply the changes.

Important behavior and logic

Understand how this rule affects both new and existing records in your vault.

• New Passwords: Any password or secret created after this rule is saved will automatically include the selected groups in the View Edit Groups field. These default privileges are mandatory and cannot be removed from individual records.

• Legacy Passwords: Credentials created before this rule was established will not be automatically updated in bulk. However, the system will apply the default view-edit group to these legacy records if they are manually edited at any point in the future.

• Access Consistency: This setting ensures a standardized security model where your core administrative team maintains a persistent "master key" for discovery authentication and user management.