Your clients' agents need credentials.
You need control.

The MSP credential problem

Your technicians work across dozens of clients. Each client has their own credentials. Today you manage this with shared password vaults, spreadsheets, or "that one document."

When a technician leaves, you scramble to change passwords across every client. Clavitor gives each client their own isolated vault. Your technicians get scoped tokens. Sarah leaves Friday — revoke her tokens across all clients in one click. Jim starts Monday — assign him the same role scopes. No passwords to rotate. No entries to touch.

Technician access model

Each technician gets scoped tokens into the client vaults they service. The scopes are roles — "Networking," "Helpdesk," "Full access" — not individual people. When Sarah leaves on Friday, you delete her tokens. When Jim starts on Monday, you assign him the same role scopes. The credentials in the vault never change. No passwords rotated. No entries touched. No Friday-night scramble.

The break-glass token is your safety net. It sits in a sealed envelope or a hardware safe — scoped to the full vault, never used unless everything else fails. The audit log records the moment it's activated, so you know exactly when and why.

99.99% reads for your clients

Every client vault is replicated cross-hemisphere — Calgary and Zürich. Two sites chosen for geological stability, political neutrality, and maximum distance from each other. If one goes down, the other serves reads and TOTP codes without interruption. Your clients' agents keep working. Their 2FA codes keep generating. No failover you need to trigger — it's automatic and continuous.

This matters for MSPs more than anyone else. When an infrastructure provider has an outage, your phone rings for every client on that provider. With Clavitor, credential access doesn't go down with the region. Your clients don't notice, and your support queue stays quiet.

Full traceability across every client

Every credential access is logged — which technician, which agent, which credential, when, and from where. When a client asks "who logged into our firewall last Tuesday," you have the answer in seconds. When an auditor asks for proof of access control, you export the log.

Password rotations are tracked the same way. When a credential is rotated — manually or on a schedule — the audit trail records who triggered it, which entry changed, and which agents picked up the new value. If a rotation breaks something, you trace it back to the exact change.

This is what separates credential issuance from password sharing. A shared password vault tells you the password was accessed — but not by whom, not by which agent, and not whether it was the human or the bot. Clavitor issues individual tokens to individual actors. Every access is attributed. Every rotation has a cause. Every login to a client's system traces back to a name, a scope, and a timestamp.

This isn't a feature you turn on. It's always running, across every vault, for every client. The audit log is your compliance proof, your incident response tool, and your answer to every "who did what" question your clients will ever ask.

Business case

Not just a security tool. A profit driver.

Credential management isn't overhead — it's a billable service that improves your margins, cuts operational drag, and raises the security posture of every client you manage.

Reseller program

Reseller margin included on every client vault. You set the price, we give you the margin. Volume tiers available — contact sales for partner rates.