With Cryptomator your data is managed in vaults. You can think of a vault as a real, portable vault. Data you put into the vault is encrypted and secure.
You can access your data using the Cryptomator application and the vault password. Is the vault stored in the cloud you can even do this using separate computers or your iPhone or iPad (TODO link). You may also use a vault on multiple computers using an external drive.
If you use a vault with Cryptomator, it will be displayed as a virtual drive. You can use this drive like using a regular USB flash drive or hard disk drive. All files and folders you create inside the virtual drive will be encrypted and placed in the storage location of the vault on-the-fly.
The encrypted data is stored in a regular directory in the cloud, on your hard disk drive, or a USB flash drive. You can freely choose the storage location of each vault. When navigating to the storage location of a vault without Cryptomator, you will only see a collection of directories and files with cryptic names and contents. You can recognize the storage location of a vault by the
masterkey.cryptomator file inside.
After starting Cryptomator the vault overview is displayed. When launching Cryptomator for the first time, you will see only an empty list and a hint stating that you can create new vaults.
Create New Vaults
To create a new vault click on the plus sign (
1) and choose
Create vault (
2). You can now select the storage location. Navigate to the desired location, enter the name for your vault and click
After choosing the storage location you will be prompted for a password (
3). You have to remember this password at all times because there is no way to access your data if you forget your password. Choose a good password to make your data secure. We recommend to use at least 10 characters, ideally use sentences instead of words.
After you’ve created the vault (
4), you can access your data.
To make your vault available in the cloud you have to choose a storage location inside the cloud folder, e.g. inside your Dropbox or Google Drive folder. By doing this you can access your vault on all devices with access to your cloud and Cryptomator installed.
As an alternative you can store your vault in any other location like your user directory or an external drive. You can use such vaults only where you can access the storage location. Respectively your computer or the computer you connect your external drive to.
Add Existing Vaults
You have to open vaults you created on another device, e.g your iPhone, to have them displayed in Cryptomator. To do this click on the plus sign and choose
Open vault. Navigate to the storage location of your vault and choose the file
masterkey.cryptomator and click on
If you want a specific vault to stop being displayed in Cryptomator, you can select it and remove it using the minus sign or by right-clicking on it. This is only possible while the vault is locked. By removing a vault, it is only removed from the list but not deleted from your filesystem. You can re-add the vault afterwards.
To delete a vault permanently navigate to the storage location of the vault. The storage location is displayed in Cryptomator below the vault name or when hovering the vault. The symbol
~ stands for your user directory.
You can now delete the folder that contains the
masterkey.cryptomator file as you would do with other files and folders.
Accessing Your Data
Unlock a Vault
If you want to access the data inside a vault, you have to unlock it. Currently locked vaults are marked with a red dot in Cryptomator’s vault list. Unlocked vaults are marked with a green dot.
If you select a locked vault, you can unlock it by entering your password. After entering the correct password Cryptomator displays a diagram showing the currently en- and decrypted amount of data. In addition, the virtual drive containing the decrypted data is opened.
You can now use this drive with the open and save dialogs of other programs to access the data in the vault and work with the files as usual.
Advanced Unlock Options
When unlocking a vault, you can display further options. Here you are able to choose what happens after unlocking the vault. By default it will also get mounted as a virtual drive. These options allow you to:
- Disable mounting
- Change mount name and drive letter (only on Windows)
- Save the password in your system keychain (only Windows and macOS)
- Automatically unlock the vault when starting Cryptomator (only if the password has been saved)
Reveal an Already Unlocked Vault
If a vault is already unlocked, you can search the virtual drive using your file browser. You can also display it using Cryptomator. Choose the unlocked vault, click on the small arrow next to
Lock vault and choose
Experts may also copy the WebDAV-URL. You can use it with the WebDAV client of your choice to access the vault.
Lock a Vault
If you no longer want to access the data in a vault, you can lock it in Cryptomator by clicking on
By doing this, accessing the files in the vault is only possible after unlocking the vault using the password.
As long as the vaults are unlocked, the Cryptomator window can be closed without quitting the application. Cryptomator will be minimized to the tray icon. By right clicking the tray icon, you can open or quit Cryptomator.
Be careful not to quit Cryptomator in this way, if you still want to access the files in the vaults with other programs.
The settings are displayed using the gear button on the lower right corner of the vault list. Mac users may also use the
You can disable automatic update checks here. If you do this, we recommend that you regularly check https://cryptomator.org for updates to profit from all bug fixes and improvements.
Experts can set the port used by the Cryptomator WebDAV server. The default port is