CRM, Invoices, Pulse, blindspot, avatars — every applet gets decoupled from direct AWS/R2 keys. Instead, they upload files directly to browser-safe pre-signed PUT URLs. Vault handles the secure path generation, checksum checks, and serves download URLs dynamically.
Files go directly from the client's browser to the cloud bucket using pre-signed PUT keys, keeping your node servers light and fast.
Upload files directly from client to S3 using pre-signed PUT links, avoiding server bottlenecks.
Let enterprise clients connect their own custom R2 or S3 credentials to connect Vault to their buckets.
Files in a shared bucket are automatically organized under client-specific `tenants/{tenantId}/` folder structures.
Enforce visibility levels (public vs private), size constraints, and file extension checks at the container level.
Issue scoped keys so CRM, Engage, and other tools can register and link files programmatically.
Request dynamic, short-lived download links to keep sensitive documents safe from unauthorized access.
Vault connects to any S3-compatible API. Standard providers are registered out of the box.