FAQ
Quick answers to common questions. For step-by-step guides, follow the links into the rest of the docs; for anything account-specific, reach Support.
Platforms & access
Which platforms does Sablefort support?
There are native desktop apps for Linux, Windows, and macOS, a browser extension for autofill, and the sablefort CLI for terminals and pipelines. Administrators manage the organization from the web admin console.
Can I use Sablefort offline?
Yes. The desktop app keeps an encrypted local copy of the vaults you have access to, so you can unlock and read your secrets without a connection. Changes you make offline sync automatically the next time you're online. See Troubleshooting if sync doesn't resume.
Is there a mobile app?
The current focus is first-class desktop, browser, and CLI experiences. For the latest on mobile availability, check with Support or your account team.
How many devices can I use?
You can sign in on as many of your own devices as you like; your vaults sync to all of them. Organizations can apply device and session policies — ask your administrator what's enforced in your org.
Security & recovery
Can Sablefort see my passwords?
No. Sablefort uses a zero-knowledge model: your data is encrypted on your device before it syncs, and our servers only ever store encrypted material. Your master password never leaves your device. See the Security model.
What happens if I forget my master password?
There is no self-service reset, because we never receive your master password. If your organization has admin-assisted recovery enabled, an administrator can start a recovery for you; if you keep an encrypted backup, you can restore from it. Full details are in Backup & recovery.
Do you require two-factor authentication?
Two-factor authentication is supported and strongly recommended, and organizations can make it mandatory through policy. See Deploy to your team.
Is my data encrypted in transit and at rest?
Yes — in addition to client-side encryption, connections use HTTPS/TLS and the encrypted data we store is also encrypted at rest. Your secrets are protected by multiple independent layers.
Teams & administration
How do I share a secret with a teammate?
Sharing is done through vaults rather than one item at a time. Add the teammate to the vault that holds the credential and they gain access; remove them and access is revoked everywhere on the next sync. See Sharing & permissions.
Does Sablefort support SSO and SCIM?
Yes. You can connect a SAML 2.0 or OIDC identity provider for single sign-on, and use SCIM 2.0 to provision and de-provision members automatically. Setup steps are in Single sign-on. Note that SSO governs who can sign in — your vaults are still encrypted under your own account.
Can I automate access in CI/CD?
Yes. Use a scoped service-account token with the CLI or the REST API to inject secrets into pipelines. Tokens are scoped to specific vaults, and every read is written to the audit log.
Is there an audit log?
Yes. Views, edits, shares, and break-glass events are recorded to a searchable, exportable audit log so your security team always has a record of who accessed what.
Plans & data
How much does Sablefort cost?
Pricing depends on your team size and needs. See the pricing page for an overview, and contact sales for a quote or enterprise terms.
Where is my data stored?
You choose a data region when your organization is created, which determines where your encrypted vaults are stored. Because storage holds only ciphertext, your plaintext is never sitting in any region in readable form. If you have specific residency requirements, contact sales.
Can I export my data if I leave?
Yes. You can export an encrypted archive of the vaults you have access to at any time (subject to org export policy). See Backup & recovery for the export and restore steps.
How do I get help?
Search these docs, check Troubleshooting for common issues, or reach our team through Support. Never include real secret values in a support request.