I'm confused with the difference between Credential Manager and Windows Vault. Windows says
Credential Manager lets users store credentials relevant to other systems and websites in the secure Windows Vault
Credential Locker is a service that creates and maintains a secure storage area on the local computer that stores user names and passwords the user saved from websites and Windows 8 apps. Credential Locker is accessed through Credential Manager in Control Panel as part of the local User Account management feature.
Credential Manager uses the Credential Locker, formerly known as Windows Vault, for secure storage of user names and passwords. So, ok, drawing upon windows explanation we have a storage, the boxes in which credentials reside are called windows vault and the gut who gives us these boxes is Credential Manager.
But
1 When I create entry in Windows Credentials in Credential Manager they are stored in C:\Users\%USER%\AppData\Local\Microsoft\Credentials as single files decrypted via DPAPI.
2 When I create entry in Web Credentials (via vaultcmd because I can't do it via gui) in Credential Manager they are stored in C:\Users\%USER%\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28 in .vcrd files along with Policy.vpol that contains key for decrypting .vcrd file.
So I can infer that Windows Vaults are not "the boxes in which credentials reside" as I mentioned earlier, because different type of creds are stored in different ways and it looks that Credential Manager uses different mechanisms. Can someone please provide me with comprehensive information what is Windows Vault itself and what is Credential Manager and how all these stuff work.
P.S.
I explained it to myself this way
There is a Credential Manager that stores two types of credentials: Windows Credentials and Web Credentials. These types of credentials have different storage method.
Web Credentails are stored in
C:\Users\%USER%\AppData\Local\Microsoft\Vault\
Windows Credentials are stored in
C:\Users\%USER%\AppData\Local\Microsoft\Credentials
cmdkey or via gui
Web creds are stored as .vcrd files that can be decrypted using key from Policy.vpol
Windows creds are stored as files that can be decrypted via DPAPI
And can be accesed via vaultcmd
But this is an easy wat to explain and I wanna now how all this work under the hood.