This disclosure provides enhanced management of access rights for dynamic groups of users sharing secret data. Instead of relying on traditional administrative techniques for modifying access rights for stored data, the techniques disclosed herein allow a storage service to communicate with a group management system to verify membership of user groups, e.g., channels, chat session, or meetings, and automatically change access rights to stored data as users leave or join a group. Encrypted data can be stored within a storage vault. The storage vault can be dedicated to storing encrypted data shared between a user group, e.g. a channel. A server managing the storage vault can receive membership data from a group management service. As users join the group or leave a group managed by the group management service, each user's access permissions to the storage vault can be added, removed or modified.