Skip to main content

Documentation Index

Fetch the complete documentation index at: https://www.rumus.ai/docs/llms.txt

Use this file to discover all available pages before exploring further.

The vault is end-to-end encrypted on your device. Vault sync uploads the resulting ciphertext so your hosts, keys, accounts, snippets, and known-host fingerprints are available on every device you sign in on. Rumus’s servers never see the plaintext; they only store and shuttle encrypted blobs. This page covers how that flow works, what happens during conflicts, and how to recover after a fresh install.

What gets synced

Everything inside the vault — see Vault & encryption for the breakdown. In short: hosts, keychains, accounts, snippets, and known-host fingerprints. The metadata Rumus’s server can see is minimal — encrypted-blob ID, ciphertext, nonce, the version (for conflict resolution), and a small encryption metadata header used to verify the right secret key on download. Names, hostnames, usernames, command contents — none of that is visible to the server.

How sync runs

  • Per-item sync — each vault item is a separate encrypted blob with its own version. Edits to one host don’t reupload everything.
  • Triggered like config sync — at sign-in, periodically in the background, and on demand via Sync Now.
  • Same panel — the Settings → Privacy → Sync category for vault sync controls whether vault data syncs at all.
You can turn vault sync off and still keep config sync on (and vice versa). The two don’t depend on each other.

Conflict resolution

When you edit the same vault item on two devices before they sync, you get a conflict. Rumus surfaces this with a vault conflict dialog that asks how to resolve it:
ChoiceWhat it means
Use remoteTake the cloud copy. The local edits are dropped.
Use localTake the local copy. The cloud copy is overwritten on the next push.
Cancel sign-in / syncStop here, sort it out manually before continuing.
The dialog appears at sign-in (when you sign in on a device with a divergent local copy) and during in-session sync runs that detect a conflict. Choose carefully — the choice is per item, and the not-chosen side is gone. If you want to merge two records (combine two host entries from different devices), do it manually in Settings → Vaults: copy the fields you want, then resolve the conflict.

Recover the vault on a new device

This is the path you’ll most commonly take after replacing or reinstalling.
1

Install and sign in

Install Rumus on the new device, then sign in to your Rumus account.
2

Trigger vault setup

Open something that needs the vault — e.g. Remote Connection from the tab-bar chevron. The vault setup flow appears.
3

Choose Recover existing key

Instead of generating a new key, pick Recover existing key and provide your saved secret key (paste the string or upload the backup file).
4

Set a new PIN

The PIN is per-device. Pick a 6-digit code for this device — it doesn’t have to match the one on your other devices.
5

Sync down

Rumus connects, downloads the encrypted vault data, and decrypts it locally. You should now see all your hosts, keychains, etc., exactly as on your other devices.
If the secret key you provide doesn’t match the one used to encrypt the cloud data, decryption fails and Rumus tells you. The encryption metadata header is what makes this possible — Rumus can verify the key without ever decrypting the actual data.

When the vault won’t decrypt

If you’re sure you have the right secret key but Rumus says decryption fails:
  • Whitespace in the key — copy/paste sometimes adds invisible whitespace. Try retyping or re-uploading the file.
  • Old key from before a Reset Vault — if you (or someone with your account) clicked Reset Vault, the cloud was wiped and re-encrypted with a new key. Your old backup is no longer valid.
  • Wrong account — make sure you’re signed in to the same Rumus account whose vault you’re trying to recover.
If none of those apply and the data is critical, contact support before doing anything destructive.

Sync state and last-sync time

The Vaults settings show:
  • Last sync — timestamp of the last successful round trip.
  • Pending changes — local edits that haven’t been pushed yet.
  • Sync Now — force a sync immediately.
If the last-sync time is far in the past, check that you’re still signed in and that your network can reach Rumus’s API.

Multiple devices, simultaneous edits

Editing the same item on two devices at once is the case Rumus tries hardest to handle gracefully:
  • If both devices push at roughly the same time, the second push wins — the first’s changes are not lost; they end up in the conflict dialog when the loser pulls.
  • Different items edited simultaneously merge cleanly with no dialog.
  • Heavy parallel editing across devices is best avoided. Sync runs are seconds, not real-time — finish editing on one device, let it sync, then start on another.
Vault sync question we didn’t cover? Ask in the Rumus community.

Privacy guarantees

  • The cloud only ever holds ciphertext + a small encryption metadata header.
  • The header’s purpose is verification — it lets Rumus prove the supplied key matches without ever decrypting the data.
  • Rumus has no key escrow, no recovery key, no backdoor. Lost keys mean lost data — see Vault & encryption.

Next steps

Vault & encryption

The local-side picture: setup, PIN, and what’s stored.

Config sync

The non-encrypted sync flow for settings, AI prefs, and shortcuts.