Vault Management
This section contains instructions to manage vaults in Cryptomator Hub.
Vault List
The vault list is the main page of Cryptomator Hub.
Here, all vaults which are shared with you, are listed.
After signing in, Hub redirects you to this list.
Alternatively, you can also access the list by clicking on the Vaults
tab in the navigation bar.

Note
Even if you are an administrator of the Hub instance, only vaults which are shared with you are listed.
Create a Vault
To create a vault in Hub, navigate to the vault list and click on the Create Vault
button in the top right corner.
Every vault has a name and an admin password.
Fill out the form and continue the process by clicking the Create Vault
button in the right corner.

Note
The vault admin password is needed to grant or revoke access to the vault. It is not used to unlock the vault in Cryptomator apps.
In the next step, the vault recovery key is displayed.
It can restore access to the vault data in case of an emergency, e.g. if the vault administrator password is lost or Cryptomator Hub is down.
Store it at a safe location, tick the checkbox and complete the setup by clicking the Create Vault
button at the bottom

Warning
The recovery key is highly confidential. It is a human readable form of the vault masterkey, which is used to encrypt your data and independent of the key management in Cryptomator Hub.
When the setup is finished, you have the opportunity to download the initial vault template and place it in your desired cloud storage location. You can unlock the vault and place data inside with Cryptomator. If you skip this step, you can download the template later.

Vault Details
The vault details page shows metadata of a vault (e.g. creation date) and contains the management section of the vault (e.g. grant a user access). To open it, navigate to the vault list and click on entry in the list. The details are displayed on the right side.

Manage Vault
To add a user, grant devices access, or view the members list, you have to enable the management section in the vault details.
Open the vault details and click the Manage Vault
button.
In the dialog, enter the vault admin password.

If the password is correct, the vault details view is enriched with more elements:
Shared with
members listDownload Vault Template
buttonUpdate Permissions
button (only shown if necessary)

Add a User
If a user should have access to this vault, you need to share it with the user.
Click on the Share
button in the Shared with
list.
A search field opens up where you can search for users and groups.

To add a user or group, select it from the results list and click the Add
button.
Note
Currently, users and groups can only be managed via Keyloak.
Update Permissions
If a member of this vault registers a new device or still has unauthorized devices, an admin of the vault has to grant access to these devices explicitly.
Only then, the user can unlock the vault with the device.
As a vault admin, you can see that an update is necessary when an Update Permissions
button appears.

Import a Vault
If you have a existing, password-based Cryptomator vault and want to switch to centralized, password-less user access management, you can import the vault in Cryptomator Hub. For a successful import, the recovery key of the vault and write access to its storage location is needed
The import is done via the Hub vault recovery feature.
Follow the vault online recovery guide and use the recovery key of the password-based vault in the process.
Don’t forget to replace the vault config file vault.cryptomator
at the vault storage location at the end.
Finally, to ensure that the vault cannot be unlocked with its old password anymore, remove the file masterkey.cryptomator
and all backup files ( ending with .bkup
).