VGS Vault

The VGS Vault is a customer-configurable, PCI-compliant storage zone where organizations can securely collect, store, and exchange sensitive data such as payment credentials, personal information, or any other confidential records.

Each data element stored in a Vault is replaced with a VGS Alias, a unique token that represents the original value but carries no inherent value to bad actors.

This aliasing process ensures that your systems, logs, and databases only ever handle non-sensitive representations, while VGS retains the responsibility for safeguarding the real data in a secure and compliant environment.

Vaults can be accessed and integrated through the VGS Secure Data suite of tools, including the HTTPS Proxies, Batch File Transmission Mechanisms, and TCP Proxy. Vaults can also be accessed securely using the VGS Vault API.

This flexibility enables secure data exchange across applications, services, and external partners, while preserving end-to-end data privacy and governance.

Managing Vaults

Organizations can operate multiple VGS Vaults to support different business units, environments, and compliance boundaries. Each Vault is isolated and independently configurable, allowing teams to separate data flows according to security, regulatory, or operational needs.

Sandbox vs. Live Vaults

VGS provides two Vault environment categories to support the full software development lifecycle:

Sandbox Vaults

Sandbox Vaults are designed for development, testing, and automation. They simulate live data flows without exposing real customer data, allowing developers to safely experiment with integrations, proxy routes, and API configurations. Sandbox Vaults support end-to-end automation, including CI/CD pipelines, QA environments, and contract testing, helping teams validate data flows before promoting to production.

Live Vaults

Live Vaults handle production traffic and real sensitive data. These Vaults are hosted in VGS’s fully compliant production infrastructure, ensuring adherence to PCI DSS, SOC 2, and other regulatory standards.

Live Vaults are used when applications need to tokenize, store, or exchange real data with downstream partners, such as payment processors, banks, or identity providers.

Together, Sandbox and Live Vaults create a safe progression path for building, testing, and deploying secure data operations.

Organizations can freely migrate configurations and routes between Vaults using the VGS Dashboard or CLI, maintaining consistent policies while isolating environments for compliance and control.

How to Create a Vault

Vaults are managed via the VGS Dashboard or VGS CLI. There is no limit to the number of Vaults you can create.

How Do I Control Access to Vaults

Users can be provisioned to a Vault with a read, write or admin role. Each role provides a different level of access. To implement strong SDLC, customers will typically provide engineers with write permissions to Sandbox Vaults and then use a service account to manage promoting the configuration of a Sandbox vault to their Live vault via an automated system.

Where Are Vaults Located?

VGS supports multiple global deployment regions, allowing customers to meet data residency requirements and minimize latency across geographies.

Regional Vault options enable you to store and process data within your preferred jurisdiction, ensuring minimal network travel time as well as alignment with privacy regulations like GDPR and other local data protection frameworks.

VGS currently supports deployments in North America, Europe, and Asia Pacific. More details on regional deployments and availability zones can be found here.