Product · Security & Vault

Credentials, access control,
and audit trails —
production-grade from day one.

Quovy's security layer is not an add-on. Every credential is encrypted and KMS-managed. Every user and API token is scoped by role. Every action is logged. The vault, access controls, and audit trail are standard infrastructure, not features you configure later.

See it in action
Audit Ledger
sealedtamper-evident
TIMESTAMPACTORACTIONRESOURCEHASH
14:07:22QuovyWRITEpolicy/ACP-2024-0891/endorsement-v4a3f9…c14b
14:06:55j.hartmannREADpolicy/ACP-2024-0891/limits8e21…f903
14:05:12QuovyWRITEentity/acme-corp/profilec77a…3d18
13:58:40R. WestonREADschema/commercial-property-v22b6f…91cc
13:51:03j.hartmannWRITEpolicy/ACP-2024-0891/coveraged04e…7a52
5 entries · append-onlychain verified ✓
Key capabilities

Secure by design,
auditable by default.

From the secrets that power your integrations to the roles that govern who sees what, Quovy's security infrastructure is built for regulated environments and enforced at every layer.

Credential Vault

Encrypted secret storage managed under AWS KMS. Credentials are never stored in environment variables or configuration files. Rotation is built in, and every access event is recorded.

Access Control

Role-based permissions define what each user and API token can do. Workspaces are fully isolated. Scoping is granular — a token that ingests documents cannot read audit logs, and vice versa.

Audit & Compliance

A full audit log captures every API request, data access event, and configuration change. Event history is immutable and queryable — sufficient for regulatory review without custom tooling.

How it works

Stored, scoped, and logged at every layer.

01
Credentials stored in the vault

Every secret — API keys, OAuth tokens, integration credentials — is encrypted at rest under AWS KMS. Rotation is built into the vault lifecycle, not a manual process. Environment variables are not used for secrets.

02
Access defined by role

Every user and every API token is assigned a role that determines exactly which resources and actions it can reach. Workspace isolation ensures that one team's data is not visible to another, regardless of shared infrastructure.

03
Every action logged

API calls, data reads, configuration changes, and administrative actions all produce immutable audit records. The full event history is available for any compliance review, incident investigation, or internal audit — without exporting to a separate system.

In practice
When a regulator asks who accessed a submission and when, the answer used to require reconstructing it from server logs. Now it's a query. The audit trail is built into the platform — we didn't have to instrument it ourselves.
Chief Compliance Officer, Regional Carrier
The Ecosystem

Built for how the industry actually works.

Quovy does not pitch core replacement. Tech leaders know how painful that is. We thread through the homegrown patchwork specialty teams have stitched together over years.

Guidewire
Duck Creek
Majesco
Origami Risk
Salesforce FSC
Snowflake
LexisNexis
Verisk
Applied Epic
Vertafore
OneShield
Socotra
Insurity
Sapiens
IVANS
EZLynx
ServiceNow
In-house
Guidewire
Duck Creek
Majesco
Origami Risk
Salesforce FSC
Snowflake
LexisNexis
Verisk
Applied Epic
Vertafore
OneShield
Socotra
Insurity
Sapiens
IVANS
EZLynx
ServiceNow
In-house
Outlook
Gmail
SharePoint
OneDrive
Google Drive
Excel
Google Sheets
Google Docs
Word
PowerPoint
AWS
Azure
Google Cloud
OFAC
SEC
Slack
Microsoft Teams
Moody's
NAIC
Dun & Bradstreet
Outlook
Gmail
SharePoint
OneDrive
Google Drive
Excel
Google Sheets
Google Docs
Word
PowerPoint
AWS
Azure
Google Cloud
OFAC
SEC
Slack
Microsoft Teams
Moody's
NAIC
Dun & Bradstreet
Security & Vault

Security that holds up when a regulator asks.

See how Quovy's vault, access controls, and audit trail are built into the platform — not bolted on.