Backing up & recovering

Because the server holds none of your keys, recovery is something you set up. Open-secret walks you through it during first-time setup so you're not relying on a single device.

Your device backup (set up at first run)

Right after you create your account, the web app takes you to the backup step. There you choose a backup passphrase (at least 12 characters) and download an encrypted JSON file. That file contains this device's keypairs, sealed with your passphrase (Argon2id + authenticated encryption). The server never sees the file or the passphrase.

Store the file and passphrase separately

Both are required to recover. Keep the JSON somewhere durable (a USB stick, another password manager, printed) and keep the passphrase somewhere else. With both, you can restore your vault even if every device is gone. Without both, that particular recovery path is closed.

The three ways to recover

If you lose access to a device, you can get back in through any one of these. You only need one:

Another device

If you still have a paired device that unlocks, just pair the new one from it. Nothing else needed.

Your backup file

Restore from the JSON you downloaded at setup, plus its passphrase. Works with no other device and no operator involvement.

Operator backup

If the operator configured backup and you opted in, they can recover you from their offline key. The last resort.

Restore from your backup file

To be clear about what "fresh install" means here: it's a new copy of the web app or browser extension, a new browser, a new profile, a reinstalled extension, a different device. The server is untouched: your account and your (encrypted) entries are still there. Recovery is about getting this new client its keys back, not about resetting or reinstalling the server.

That new client holds nothing locally, so recovery comes from the backup file you saved earlier (a USB stick, another password manager, wherever). You bring that file to the new client; it restores your keys, and your keys then fetch and decrypt the entries the server is still holding.

Open the recover page in the new client

In the new web app / extension install, open Recover (/recover). (It also links to "attach this device instead" if you still have another paired device.)

Upload the backup file and enter the passphrase

Pick the backup JSON you saved. The app reads the file's cleartext metadata (the account, device, and server URL it belongs to) and shows them so you can confirm it's the right file before committing. Then type the backup passphrase. (The encrypted part, your device keypairs, isn't unlocked until submit.)

Set a new unlock password

Choose an unlock password for this freshly-restored install (it's local, like any device's unlock password). On submit the app decrypts the backup with your passphrase, re-wraps the recovered keys under this new unlock password, signs in with them, then pulls your encrypted entries from the server and decrypts them. You land back in your vault.

The file restores access, not the entries themselves

The backup holds your keypairs, not your entries. Your entries live (encrypted) on the server; the restored keys are what fetch and decrypt them. Recovery assumes the server still has your data, which is why operators also keep a database backup of the ciphertext (see Backup & recovery).

When does recovery actually fail?

Only if all of these are true at once:

you've lost every paired device, and
you've lost the backup file or its passphrase, and
the operator hasn't configured backup (or you never opted in).

So keep at least one of: a spare paired device, your backup file + passphrase, or operator backup. Any single one is enough.

Keep the backup current enough

The backup file restores your keys, and your keys decrypt whatever the server is holding. A backup taken at setup still recovers entries you add later. Re-export only if you want a fresh copy (for example after rotating your unlock password). New devices you pair each get their own backup step.