background

Vault Master

Vault Storage

Professional Vault Storage

Are you interested in owning physical gold and silver, but would rather not keep it at home?. City Union Security has relationships with the world’s finest professional storage services. These secure vault facilities are strategically located around the world and have excellent reputations

Secured Vault Master


You can have complete peace of mind knowing your valuables are protected in a treasury grade vault. Both our safety deposit box vaults and the bullion depository are monitored 24/7 with the most sophisticated multi-level protection available.

Our comprehensive services for clients include safety deposit box storage for your valuables in either our treasury grade vaults. In addition, we provide an end-to-end service for purchasing bullion, insurance and buy-back of bullion.

For clients wanting to store jewellery, collectables, documents, back up devices, bullion or other items, it is a simple process to set up a safety deposit box with us.  We have a variety of box sizes available in both our state-of-the-art safety deposit box vaults, and can provide insurance for the contents of your safety deposit box.For clients wanting to store bullion exclusively, City Union offers both safety deposit boxes and based bullion depository for larger holdings.  Both storage facilities provide fully allocated and segregated storage.

.

Stats & Charts

Within the Vault system, a critical security concern is an attacker attempting to gain access to secret material they are not authorized to. This is an internal threat if the attacker is already permitted some level of access to Vault and is able to authenticate.

When a client first authenticates with Vault, an auth method is used to verify the identity of the client and to return a list of associated ACL policies. This association is configured by operators of Vault ahead of time. For example, GitHub users in the "engineering" team may be mapped to the "engineering" and "ops" Vault policies. Vault then generates a client token which is a randomly generated, serialized value and maps it to the policy list. This client token is then returned to the client.

On each request a client provides this token. Vault then uses it to check that the token is valid and has not been revoked or expired, and generates an ACL based on the associated policies. Vault uses a strict default deny or whitelist enforcement. This means unless an associated policy allows for a given action, it will be denied. Each policy specifies a level of access granted to a path in Vault. When the policies are merged (if multiple policies are associated with a client), the highest access level permitted is used. For example, if the "engineering" policy permits read/update access to the "eng/" path, and the "ops" policy permits read access to the "ops/" path, then the user gets the union of those. Policy is matched using the most specific defined policy, which may be an exact match or the longest-prefix match glob pattern.

.