On a Mac use the Keychain

[drusellers]

I'm not sure where Vaulted is storing data, but I would much rather Vaulted store this data in the Mac keychain.

[antonbabenko]

@miquella Mark, I also wonder where does Vaulted store its data on Mac? Which file to backup?

[antonbabenko]

I found the location where all the data is stored - ~/.cache/vaulted/.

I am a bit surprised with this location because "cache" is a temporary thing and can be deleted if necessary.

Can this be moved to ~/.vaulted/, for example?

[miquella]

@drusellers: It was a very intentional decision to not store vault data in the OS's keychain. This helps us maintain consistency as users move between platforms and prevents users from being tied to a specific platform. Vault data is stored using NaCl's secretbox format, this allows vault files to be copied from one system to another, regardless of OS.

We do have a functional (but not yet complete) change to add password caching in the OS keychain.

[miquella]

@antonbabenko: Vaulted uses the XDG specification to decide where to store its data and cache files. As a result, the default location used to store vault data is ~/.local/share/vaulted/.

The cache directory you mentioned (~/.cache/vaulted/) is used to store session data. This cached session data is what prevents additional MFA prompts while the session is still valid. This session data can be removed without ill effect. Vaulted will simply generate a new session the next time a session is required. :)

One additional note: as session files do not store key derivation nor encryption details, the corresponding vault file is required to be able to decrypt session files.

[antonbabenko]

Thanks for pointing out where vault data is actually stored. I will backup ~/.local/share/vaulted/.