docs

VaultKit Documentation

A secure, policy-driven control plane for unified data access across heterogeneous data sources.

VaultKit prevents credential sprawl and enforces data access policies across databases. Write queries in AQL (vendor-neutral JSON), policies decide who sees what, FUNL executes safely. Schema changes require explicit review—no silent data exposure.

Documentation

Getting Started

Core Concepts

CLI Reference

Advanced Topics

For Users:

For Approvers:

For Administrators:

Common Workflows

Request Data with Auto-Approval

# Submit AQL query
vkit request --aql '{
  "source_table": "customers",
  "columns": ["id", "email", "revenue"],
  "limit": 10
}'

# Fetch results
vkit fetch --grant gr_abc123xyz

Request Sensitive Data (Requires Approval)

# Submit request
vkit request --aql '{
  "source_table": "financial_transactions",
  "columns": ["transaction_id", "amount"],
  "filters": [{"field": "amount", "operator": "gt", "value": 10000}]
}'

# Check status
vkit requests list --state pending

# After approval
vkit fetch --grant gr_approved_xyz

Discover Schema Changes

# Scan database
vkit scan production_db

# Apply changes to baseline
vkit scan production_db --apply

# Update policies and deploy
vkit policy bundle
vkit policy deploy --bundle dist/policy_bundle.json --activate

Key Features

Feature Description
Zero-Trust Access Short-lived, cryptographically-signed tokens
Policy-Driven ABAC/RBAC with field-level controls
Multi-Engine PostgreSQL, MySQL, Snowflake, BigQuery
SQL-Level Masking Masking applied during query execution
Schema Governance Git-backed policies with drift detection
Audit Trail Complete logging of every data access
Approval Workflows Multi-stage approvals for sensitive data
Vendor-Neutral AQL abstracts database-specific syntax

Support

License

VaultKit is licensed under the Apache License 2.0.

Built with ❤️ by the VaultKit Engineering Team

This site is open source. Improve this page.