This section contains instructions to manage vaults in Cryptomator Hub.
The vault list is the main page of Cryptomator Hub.
Here, all vaults which are shared with you, are listed.
After signing in, Hub redirects you to this list.
Alternatively, you can also access the list by clicking on the
Vaults tab in the navigation bar.
Even if you are an administrator of the Hub instance, only vaults which are shared with you are listed.
Create a Vault
To create a vault in Hub, navigate to the vault list and click on the
Create Vault button in the top right corner.
Every vault has a name and an admin password.
Fill out the form and continue the process by clicking the
Create Vault button in the right corner.
The vault admin password is needed to grant or revoke access to the vault. It is not used to unlock the vault in Cryptomator apps.
In the next step, the vault recovery key is displayed.
It can restore access to the vault data in case of an emergency, e.g. if the vault administrator password is lost or Cryptomator Hub is down.
Store it at a safe location, tick the checkbox and complete the setup by clicking the
Create Vault button at the bottom
The recovery key is highly confidential. It is a human readable form of the vault masterkey, which is used to encrypt your data and independent of the key management in Cryptomator Hub.
When the setup is finished, you have the opportunity to download the initial vault template and place it in your desired cloud storage location. You can unlock the vault and place data inside with Cryptomator. If you skip this step, you can download the template later.
The vault details page shows metadata of a vault (e.g. creation date) and contains the management section of the vault (e.g. grant a user access). To open it, navigate to the vault list and click on entry in the list. The details are displayed on the right side.
To add a user, grant devices access, or view the members list, you have to enable the management section in the vault details.
Open the vault details and click the
Manage Vault button.
In the dialog, enter the vault admin password.
If the password is correct, the vault details view is enriched with more elements:
Shared withmembers list
Download Vault Templatebutton
Update Permissionsbutton (only shown if necessary)
Add a User
If a user should have access to this vault, you need to share it with the user.
Click on the
Share button in the
Shared with list.
A search field opens up where you can search for users and groups.
To add a user or group, select it from the results list and click the
Currently, users and groups can only be managed via Keyloak.
If a member of this vault registers a new device or still has unauthorized devices, an admin of the vault has to grant access to these devices explicitly.
Only then, the user can unlock the vault with the device.
As a vault admin, you can see that an update is necessary when an
Update Permissions button appears.
Import a Vault
If you have a existing, password-based Cryptomator vault and want to switch to centralized, password-less user access management, you can import the vault in Cryptomator Hub. For a successful import, the recovery key of the vault and write access to its storage location is needed
The import is done via the Hub vault recovery feature.
Follow the vault online recovery guide and use the recovery key of the password-based vault in the process.
Don’t forget to replace the vault config file
vault.cryptomator at the vault storage location at the end.
Finally, to ensure that the vault cannot be unlocked with its old password anymore, remove the file
masterkey.cryptomator and all backup files ( ending with