Vault Score
The Vault Score is a calculated 0–100 security health score that reflects the overall security posture of your vault.
It is computed from multiple weighted factors — secret hygiene, key rotation compliance, access policy strength, MFA coverage, and detected risk patterns — and updated automatically as your vault state changes.
What is the Vault Score?
A single number that summarises how well your vault conforms to security best practices. A score of 100 means all best practices are followed. Lower scores indicate areas needing improvement, each with a specific remediation action.
What is it for?
Single-number summary
Replace complex security audits with a continuously updated score that is easy to communicate to stakeholders.
Know what to fix
Each contributing factor is broken down with a current value, target, and recommended action.
Track over time
Score history lets you measure the impact of security improvements and demonstrate compliance progress.
Benchmarking
Compare your score against industry benchmarks or your own historical baseline.
Key concepts
| Term | Description |
|---|---|
| Score calculation | The score is calculated as a weighted average of all contributing factors. Each factor has a maximum contribution proportional to its weight. |
| Weighted factors | Each scored dimension (secret hygiene, key rotation, etc.) has a configured weight that determines its maximum contribution to the total score. |
| Score categories | Critical (0–20), Poor (21–40), Fair (41–60), Good (61–80), Excellent (81–100). Each category triggers different alert behaviours. |
How to use the Vault Score
Reading your score
Navigate to QuantumVault → Vault Score. The score gauge is displayed prominently with a colour-coded category indicator.
Understanding factors
Below the gauge, each contributing factor is shown with its current value, target value, weight, and the specific actions that would improve the score.
Drill down into issues
Click any factor row to navigate directly to the relevant vault section (e.g., clicking Key Rotation opens the Keys page filtered to overdue rotations).
Track score history
Use the History tab to view a time-series chart of your score over the past 7, 30, or 90 days.
qapi vault score history --days 30Scoring factors reference
| Factor | Weight | Current value | Target | Impact |
|---|---|---|---|---|
| Secret hygiene | 25% | % of secrets with valid expiry | 100% | Up to 25 points |
| Key rotation | 25% | % of keys rotated on schedule | 100% | Up to 25 points |
| Access policies | 20% | % of resources with explicit policy | 100% | Up to 20 points |
| MFA coverage | 15% | % of users with MFA enabled | 100% | Up to 15 points |
| Risk patterns | 15% | Open Critical/High risks | 0 | Up to 15 points |
Relationships
Executive Report
The Vault Score is featured as the primary metric widget in the Executive Report dashboard.
Risk Patterns
Open risk patterns directly reduce the score via the Risk Patterns factor.
Vault
The score is computed per-vault. Multi-vault tenants will see a separate score for each vault.
Keys
Key rotation compliance is one of the highest-weighted scoring factors.
FAQ
How do I improve my score quickly?
The fastest wins are usually: enabling MFA for all users, setting expiry dates on secrets that have none, and resolving any Critical risk patterns. Together these can add 30–40 points.
How often is the score recalculated?
The score is recalculated every time a relevant vault resource changes (e.g., a key is rotated, a secret expires, a risk pattern is resolved). It is also recalculated on a schedule every hour.
Is there a minimum score below which alerts are sent?
Yes. By default, an alert is triggered when the score drops below 70 (Fair category). You can adjust this threshold in Settings → Notifications.
Can I retrieve the score programmatically?
Yes. Use GET /api/v1/vault/score to retrieve the current score and its factor breakdown in JSON format.
API & CLI reference
The Vault Score is available via the REST API:
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/v1/vault/score | Get the current vault score and factor breakdown. |
| GET | /api/v1/vault/score/factors | Get the detailed factor scores and remediation hints. |
| GET | /api/v1/vault/score/history | Get the score history for the specified time window. |