Cryptomator Hub is a zero-knowledge key management solution that allows you to manage access to your vaults from a central component deployed on your own infrastructure.
Decide, on which web addresses you want to deploy Hub and Keycloak (and set up DNS and TLS termination, if required)
Use the Setup Wizard to generate a deployment descriptor template
Customize the template if needed (e.g., adjust the Ingress settings) and deploy the software stack to your cluster
Log in to Keycloak to
adjust authentication settings
set up users/groups or LDAP/AD
Log in to Cryptomator Hub and start creating Hub-managed vaults
To get started, use the Setup Wizard to generate the necessary configuration files.
Cryptomator Hub depends on Keycloak, an open-source identity and access management solution. That means, Hub manages access to your vaults whereas Keycloak manages users, groups, and authentication. In the Setup Wizard, you will have the option to choose between deploying Keycloak alongside Hub or specifying an URL to an existing Keycloak installation.
Using Keycloak, you can create users, delete users, manage groups, and optionally also synchronize users/groups to Keycloak using LDAP or other identity providers to whom you can then give access to vaults in Hub.
Subgroups are not supported at this time.
When Cryptomator Hub is freshly installed, it comes with a community license.
This license is valid for 5 seats. Only users assigned to a vault will occupy a seat.
Get License button will direct you to an external website at cryptomator.org where you can buy a license for this instance. If successful, you will be automatically redirected back to your Hub instance.