Quick Start

First Login and Basic Operations

Document Version: 1.0.0
Last Updated: 2026-02-10

---

1. First Login

1. Open https://vault.example.com in your browser
2. Enter the credentials provided by your administrator
3. On first login, you will be prompted to:
4. Change your password
5. Optionally enable Multi-Factor Authentication (MFA)

MFA Recommended

We strongly recommend enabling MFA for all accounts. Use Google Authenticator, Microsoft Authenticator, or any TOTP-compatible app.

2. Dashboard Overview

After login, the Dashboard provides an at-a-glance view of:

Section	Information
Secrets Summary	Total secrets, recently accessed, secrets requiring rotation
Certificates Summary	Active certificates, expiring soon, recently revoked
Sync Status	Multi-datacenter synchronization health (if enabled)
Agent Status	Connected agents, offline agents
Recent Activity	Latest operations by you and your team

3. Navigate the Interface

Main Navigation

Tab	Contents
Dashboard	Overview and status
Secrets	Secrets management per project
Certificates	Certificate management, CA administration
Projects	Project creation and settings
Agents	Agent registration and monitoring
Settings	User settings, organization settings, access control

Project Context

MazeVault uses projects to organize secrets and certificates. Select a project from the project selector in the top navigation to scope your view.

4. Create Your First Secret

1. Navigate to Secrets in the sidebar
2. Select your project (or create a new one)
3. Click + New Secret
4. Fill in:
5. Name: A descriptive name (e.g., production-db-password)
6. Value: The secret value
7. Type: Select the secret type (password, API key, SSH key, etc.)
8. Description: Optional description
9. Tags: Optional tags for organization
10. Click Create

The secret is now encrypted and stored. Share it with team members by assigning them to the project with appropriate roles.

5. Create Your First Certificate

1. Navigate to Certificates in the sidebar
2. Click + Request Certificate
3. Fill in:
4. Common Name: The domain or hostname (e.g., api.example.com)
5. Certificate Authority: Select the issuing CA
6. Template: Choose a template (Web Server, Client Auth, etc.)
7. Subject Alternative Names: Add additional domains or IPs
8. Validity: Certificate lifetime
9. Click Submit Request

Depending on your organization's approval policy:

• Auto-approved: Certificate is issued immediately
• Manual approval: An administrator must approve the request

6. Register an Agent

1. Navigate to Settings → Agents
2. Click Generate Bootstrap Token
3. Set the token expiration and maximum uses
4. Copy the bootstrap token
5. On the target server, run:

mazevault-agent register \
  --server https://vault.example.com \
  --bootstrap-token <token> \
  --hostname $(hostname)

The agent connects, receives its client certificate, and begins synchronizing.

7. API Access

For programmatic access, create an API token:

1. Navigate to Settings → API Tokens
2. Click Create Token
3. Set the token name and expiration
4. Copy the token (it will not be shown again)

Use the token in API requests:

curl -H "Authorization: Bearer ***REMOVED***" \
  https://vault.example.com/api/v1/secrets

See the API Reference for complete API documentation.

8. Next Steps

• Secrets Management Guide — Advanced secret operations
• Certificate Management Guide — PKI operations
• Troubleshooting — Common issues and solutions
• API Reference — Full API documentation

Related

• Authentication — Authentication methods
• Architecture Overview — Platform architecture