Teams, organizations & workspaces
Secrets are a team problem. The moment a second person — or a second agent — needs a key, you need to answer who can touch what. Veil’s answer is two simple containers and a small set of permissions: organizations hold people and workspaces hold credentials, and every grant is explicit and narrow. The default is least privilege, so a new teammate or a new agent starts with access to nothing and gets exactly what you hand them — no more.
Organizations
An organization is your account boundary. Every organization is one of two types:
- personal — a private space for one person. (It’s not a special case; it’s just an org of type personal.)
- team — shared, with multiple members, roles, and seats.
Within an org, every member holds a role:
| Role | What it means |
|---|---|
| owner | full control of the org, including billing and deletion |
| admin | full access to every workspace in the org |
| member | access only to the workspaces explicitly granted to them |
| viewer | granted, read-leaning access to specific workspaces |
Owners and admins see everything. Members and viewers see nothing until you grant them a workspace — which is exactly the property you want.
Workspaces and permissions
A workspace is a folder of credentials with its own encryption key — production,
staging, personal. Workspaces are the unit of access control: you grant access per workspace,
never per individual secret, with up to five permissions.
| Permission | Lets the grantee… |
|---|---|
| read | see that a credential exists (name, host) — never its value |
| write | add, edit, and fill credentials |
| use | let an agent/broker use a credential — value injected, never shown |
| reveal | see plaintext, or repoint a filled secret |
| manage | grant and revoke others’ access |
These compose. A reporting agent might get use on analytics only. A senior engineer might get
write + reveal on staging but just use on production. See
access control for how permissions interact with policies and tokens.
Invite teammates so they land productive
Invite by email, then assign a role and workspace grants in the same step — so a teammate arrives already able to work, not staring at an empty org. You can grant several workspaces at once, each with its own permission set:
Scope agents to the narrowest reach
The same model is how you keep AI agents small. Don’t give an agent an admin’s keys — give its token use on a single workspace and nothing else.
Cutting off access fast
Plans, roles, and a kill-switch all live here:
- Seats for team members are managed on the Team plan.
- Revoke a single token to instantly close every path it opened — agent, CI, or SSH.
- Soft-delete the organization to immediately cut off key access for everyone — every member and every token — until it’s restored. A whole-org emergency stop.
Next: tune what each grant can actually do with policies & approvals, or read access control for the complete permission model.