Backup & Recovery
The cockpit does not upload anything anywhere. Backups are your responsibility — but the tools to create and restore them are first-class.
Create a backup bundle
In Control Room, hit Create backup. The cockpit produces an encrypted bundle file. The bundle is encrypted with the currently active master passphrase. There is no separate backup key.
Choose a destination outside the cockpit’s working directory. Suggested destinations:
- An offline external drive
- A hardware-encrypted USB device
- Your existing backup infrastructure (encrypted-at-rest cloud is fine if you trust it)
Restore from a backup bundle
In Control Room on a fresh install (or after a nuke), choose Restore from backup. Point at the bundle file. You will be prompted for the master passphrase that was active when the bundle was created. If you have rotated since, the older passphrase is required for that specific bundle.
What’s recoverable, what isn’t
| Item | Recoverable from backup? |
|---|---|
| Vault Notes | Yes |
| Research Vault records | Yes |
| Profile Organizer identities & PGP bundles | Yes |
| Module configuration | Yes |
| Master passphrase | No — by design |
| Decrypted in-memory state | No — it is intentionally ephemeral |
Frequency
There is no auto-backup yet. Scheduled backup is a planned Pro feature. Until then, the right cadence is whatever matches your operational tempo — daily is reasonable for active workspaces, weekly for reference-heavy ones.
Threat-model notes
A backup bundle is only as safe as its destination. A bundle encrypted with a weak passphrase, stored on a compromised drive, is exposed to that drive’s threat surface. Pick a strong passphrase and a reasonable destination.