Create a New Vault¶
To create a new vault, click on the plus sign ① and choose Create New Vault ②. You will now be prompted to select the storage location of your vault. This can be somewhere inside your Dropbox or Google Drive or anywhere on your hard disk. The storage location doesn’t need to be a cloud-synced directory.
After choosing the storage location you will be prompted for a password ③.
You have to remember this password at all times because there is no way to access your data if you forget your password. Choose a good password to make your data secure.
Finish by clicking Create Vault ④, then you can access your data.
Add Existing Vaults¶
It is possible to access already existing vaults by adding them to the vault list. To do this, click on the plus sign and choose
Open Vault. Navigate to the storage location of your vault and choose the file
masterkey.cryptomator and click on
If you created the vault on another device and cannot find it or its masterkey file, make sure that the directory containing the vault is accessible and properly synchronized.
If you want a specific vault to stop being displayed in Cryptomator, you can select it and remove it using the minus sign or by right-clicking on it. This is only possible while the vault is locked. By removing a vault, it is only removed from the list but not deleted from your filesystem. You can re-add the vault afterwards.
To delete a vault permanently, navigate to the storage location of the vault. The storage location is displayed in Cryptomator below the vault name or when hovering the vault. The symbol
~ stands for your user directory.
You can now delete the folder that contains the
masterkey.cryptomator file as you would do with other files and folders.
You can change the order of your vaults by dragging them to the desired position.
Change Vault Password¶
The password can be changed by right-clicking on a vault while it is locked. Currently, it’s not possible to change the password while the vault is unlocked.
The password is used to derive a KEK, which is then used to encrypt futher keys. The KEK changes, but the keys encrypted with the KEK will stay the same. The actual files will not get re-encrypted, meaning you can not upgrade a weak passphrase to a stronger one once the data has been synced to a service that allows recovery of older versions of the masterkey file.
If you like to encrypt your vault files with a new, stronger password, you need to create a new vault and drag the data from the old to the new one. Make sure to wipe all backups of the old vault afterwards.