Accessing Vaults

You can only access decrypted files of a vault if you can unlock it. Unlocking a vault is just a two-step process as long as you know the password.

Unlocking a Vault

1. Select the vault you wish to unlock.
2. Click on the large Unlock button located at the center of the Cryptomator window.
3. Enter your vault's password.

A confirmation will be displayed if your password is correct. You can either close the confirmation window by clicking Done or click on Reveal Vault to show your unlocked vault in your file manager.

note

You can store the password in your operating system's keychain by checking the "Save Password" checkbox. There are also plug-ins available for Cryptomator, that allow you to store Cryptomator's vault passwords in third party password managers:

• KeePassXC plug-in stores Cryptomator's vault passwords in a KeePassXC database
• Bitwarden plug-in stores the vault passwords in Bitwarden's Secrets Manager

With a saved password, you can unlock your vaults without typing a password on every unlock. It's faster.

warning

Only store your password in the system's keychain on trusted devices. Anyone with access to the computer with stored passwords will be able to unlock your vault, and in some cases, even find your password.

Locking a Vault

To lock a vault, simply click Lock and the virtual drive will disappear or render empty. Your files remain encrypted at the vault's location.

Manage Files and Folders in Your Vault

By default, a vault's content will be accessible via an attached virtual drive on your PC. So, you can manage files and folders in your unlocked vault just like you do on any other hard drive or USB drive.

Alternatively, a vault's content can be accessed via a directory or a WebDAV server by changing its volume type. Click on Reveal Drive in the Cryptomator window to open the mount location using the default file manager (Windows Explorer, Finder, …).

note

Even though your files are shown unencrypted in the virtual drive, they are not stored unencrypted on the hard drive but only in volatile memory.

note

On Windows, you can choose the drive letter of the virtual drive for each vault using advanced vault options.

Locate Encrypted File

The Locate Encrypted File feature helps users find the encrypted version of a specific file. This feature is particularly useful when vault files are versioned and the user wants to restore an older version of a file. As Cryptomator encrypts filenames and obfuscates directory structures, users first locate the encrypted file and then restore an older version of the encrypted file with the third party app.

1. Unlock the desired vault.
2. Click on the Locate Encrypted File button.
3. Select the file within the vault.

As an alternative for clicking the button, you can directly drag & drop a file onto the button.

A file manager window opens showing the encrypted folder and marking the encrypted file.

File System Case Sensitivity

warning

Cryptomator virtual drives are always case-sensitive. This means Document.txt and document.txt are treated as two different files, regardless of your operating system.

This behavior is required for Cryptomator's deterministic filename encryption to work correctly across all platforms. While Linux users are accustomed to case-sensitive file systems, this can cause unexpected behavior on Windows and macOS where the default file systems are case-insensitive.

On Windows and macOS, this difference means:

1. Attempting to open Test.dat when the file is named test.dat will result in a "file not found" error
2. You can create both README.md and readme.md in the same directory, which would normally conflict
3. Some applications may fail when they expect case-insensitive file access

Our recommendation is to avoid creating files with names that differ only in case. Make sure to test applications like backup tools or any other software that will access files in your vault to ensure they handle case-sensitive file systems correctly.