End-to-End Encryption & Secret Key
Every entry is encrypted locally on the user's device before it ever leaves it. Access requires both the master password and a unique Secret Key — even 1Password itself cannot read your data.
LAYER 3.3 // 1PASSWORD
Managed 1Password — Password Management
A digital vault for every credential that matters.
Datatrek Managed 1Password is the systematic way to create, store, and share credentials — passwords, passkeys, API keys, certificates — inside an end-to-end encrypted vault. Each user gets a Business license plus a free Families license. Watchtower monitors password health continuously, flagging weak, reused, or breach-exposed credentials before they become an incident. NIS2 treats access control as a foundational pillar — 1Password is how you prove it.
E2E
Encrypted on-device before transit
Watchtower
Continuous breach + reuse detection
1+1
Business license + free Families license
Vault-Scoped Access Control
Build separate vaults per team or function with granular access rights. Share credentials securely between authorised users — never via email or chat.
Watchtower Auditing
Continuous monitoring of password health: weak entries, reused passwords, and credentials exposed in public breach databases — flagged the moment they're risky.
Passkeys, API Keys & Certificates
It is not just passwords. Passkeys, API tokens, SSH keys, certificates, and recovery codes all live in the same encrypted store with the same access controls.
Why credential management is now a control, not a convenience
The majority of breaches now begin with a credential — phished, reused, or leaked. Spreadsheets, browser saves, and shared inboxes are the actual attack surface most SMEs underestimate. A central, encrypted vault with Watchtower converts credential management from a personal habit into an audited organisational control — one that produces a verifiable trail of who has access to what, and flags risk before it becomes an incident.
NIS2 Art.21 makes access control and protection of sensitive information mandatory. 1Password's E2E encryption combined with the Secret Key model produces the kind of evidence auditors actually accept: vault structure, audit log, and Watchtower findings that demonstrate not just intent, but implemented and monitored controls proportionate to the risk.
Spreadsheets and browser saves are not credential management — they are credential theft waiting to happen.
What's included
- 1Password Business license per user
- 1Password Families license per user (free)
- End-to-end encryption with Secret Key
- Vault-scoped sharing
- Watchtower breach & reuse monitoring
- Passkeys, SSH keys & API tokens
- Audit log of vault access
- Recovery & onboarding workflows
Objectives
- Centralised, encrypted credential storage
- Eliminate weak and reused passwords
- Replace email/chat password sharing with audited sharing
- Detect breach-exposed credentials early
- Satisfy NIS2 access-control requirements
NIS2 alignment
1Password maps directly to NIS2 Art.21 requirements for access control and protection of sensitive information. End-to-end encryption with the Secret Key model, vault-scoped access rights, and a full audit log constitute documented technical controls that satisfy the directive's expectations for risk management and incident management measures proportionate to the threat.