Supabase Vault is a Postgres extension that allows users to store and manage sensitive information, such as API keys and access tokens, in a secure manner. The core of the Vault is a table with metadata and an encrypted text column where secrets can be stored. A unique root key is pre-generated and managed by the pgsodium library, which provides an Encryption and Key Derivation API. This allows users to store sensitive information without exposing raw encryption keys, making it easier to manage key management tasks. The Vault uses Authenticated Encryption with Associated Data, ensuring that associated data is authentic when reading secrets. It can be used for storing reasonable amounts of secure data, but may not be sufficient for storing large amounts of sensitive information like PII.