Secure Sync and Sharing Using Vaults Secure Sync and Sharing Using Vaults

Secure Sync and Sharing Using Vaults

Roman Kudiyarov Roman Kudiyarov


Vaults enable Termius users to have a single source of truth in a secure fashion. The main difference between a regular sync and sharing is that Termius uses enterprise-level encryption. All the user data is end-to-end encrypted, which means it is encrypted before it syncs with the Termius cloud.

The following entities can be stored in a vault:

  • Host and Group
  • Port Forwarding Rule
  • Snippet and Packages
  • Keys, Identities, and Passwords
  • Known Hosts

Entities within one vault could be connected. For example, a port forwarding rule can be linked with a host from the same vault. The only entities that could be connected to shared vaults are keys, passwords, and identities from the personal vault when the host has Personal Credentials as the Credentials Mode.

Credentials Mode

Credential mode is an additional host setting in a shared vault. This setting sets how usernames, passwords, keys, and identities are handled in a shared vault. There are two main modes: personal and shared credentials. Personal credential means that every team member has their own set of credentials, and when they edit this field, those stay in their Personal Vault. This mode is recommended for environments with high-security requirements. The shared credentials mode is used when all team members have one set of credentials to access the host.

Moving data between vaults

Moving entities such as hosts or port forwarding rules between vaults is easy because Termius takes care of all the dependent data. For example, if a port forwarding rule is moved from the personal vault to a shared vault, then the host required for this rule will automatically be moved. Termius keeps your data in a working state and provides the same behaviour for all team members. 


Vaults are secure to use to store your sensitive data. Your master password protects access to your data in a vault. The master password is used to encrypt an encryption key(AES-256) that protects your data. More information is on the Encryption page. Read more about Vaults Security here.

Offline Mode

Generally, all the data is available offline. The internet is only required to set and sync the data.

Add comment

Please sign in to leave a comment.