ArmorAccess — Credential-Leak Protection for MSPs
Your passwords shouldn’t walk out the door when a technician does.
ArmorAccess is the add-on that ends the copy-paste credential leak. Your team keeps documenting in Hudu, IT Glue, or whatever they use today — but the credentials themselves live sealed in ArmorVault. When a technician needs in, ArmorAccess injects the secret straight into a brokered session. They get access. They never see the password. And when they leave, there’s nothing for them to take.
The leak isn’t storage — it’s the copy-paste
IT documentation tools like Hudu and IT Glue are good at storing credentials. The leak happens the moment a technician uses one. They copy the password out, paste it into an RDP window, a switch console, a SaaS login — and now that secret lives in a clipboard, a sticky note, a saved session, a personal password manager, a screen-share recording. Multiply that by every tech, every client, every login, every day.
Then someone leaves. You rotate what you can remember to rotate — and hope the credentials they copied over three years never surface again. For an MSP or MSSP holding the keys to dozens of client environments, “hope” is not a control.
Access without exposure
ArmorAccess sits alongside the documentation platform you already use and removes the copy-paste step entirely.
- Brokered sessions. RDP, SSH, VNC, and web-app logins launch through ArmorAccess in the browser — no client install, no local credential.
- Injected, never shown. The credential is pulled from ArmorVault at connect time and injected straight into the session. It is never displayed, copied, or typed by the technician.
- An add-on, not a rip-and-replace. Keep documenting in Hudu, IT Glue, or your current platform. The credential itself moves into ArmorVault, and a one-click “Open with ArmorAccess” takes the place of the reveal-and-copy button.
- Every session recorded. Who connected, to what, when, and what happened — a complete, searchable privileged-access trail.
When a technician exits, there’s nothing to chase
This is the whole point. Because no one ever held the plaintext, off-boarding is one step: revoke their ArmorAccess. There are no copied passwords scattered across clipboards and personal vaults to hunt down, no emergency client-wide rotation, no lingering exposure from the tech who left two years ago. The credentials never left the vault, so they can’t walk out the door.
How it works
1. Connect your secrets
Credentials live in ArmorVault (or your existing HashiCorp Vault). ArmorAccess holds no standing copy.
2. Register the targets
Servers, network devices, and applications your team accesses — per client, per environment.
3. A technician requests access
ArmorAccess checks policy, pulls the secret just-in-time, and opens a brokered, recorded session.
4. The session closes
Nothing persists on the technician’s device. The credential reference is gone.
Who it’s for
- MSPs and MSSPs holding privileged credentials for many clients, where one copied password is a multi-client exposure.
- Internal IT teams managing access across servers, network gear, and SaaS for technicians who come and go.
- Anyone using Hudu, IT Glue, or a similar IT documentation platform who has realized that storing a password safely doesn’t stop it from leaking the moment it’s used.
Inside the Armorstack Portfolio
ArmorAccess pairs with ArmorVault — Vault holds the secret, ArmorAccess brokers the access so the secret is never seen. SENTRY correlates brokered-session telemetry with broader threat detection. Part of the Armorstack platform.
Give your techs access. Don’t give them your passwords.
Explore the Armorstack SaaS portfolio
Purpose-built security software engineered inside Armorstack.