Back to docs index

Encryption & Security

Termial protects your sensitive data with strong encryption. Your passwords, SSH keys, and credentials are secured both locally and in the cloud.

Cloud Sync Encryption

When you enable cloud sync, your data is protected with end-to-end encryption.

How It Works

  1. You create a passphrase when first setting up sync
  2. Data is encrypted locally before leaving your device
  3. Only encrypted data is stored on our servers
  4. Only you can decrypt your data with your passphrase

We never have access to your unencrypted data.

Setting Up Encryption

When you first sign in and enable sync:

  1. You'll be prompted to create a passphrase
  2. Choose a strong passphrase (at least 8 characters)
  3. Use a mix of letters, numbers, and symbols
  4. Confirm your passphrase
  5. Click Set Up Encryption

Important: If you lose your passphrase, your encrypted data cannot be recovered. Store it securely.

Unlocking Your Data

When you sign in on a new device:

  1. Enter your passphrase to unlock
  2. Your data is decrypted locally
  3. You can now access your synced connections and credentials

Changing Your Passphrase

To change your encryption passphrase:

  1. Go to SettingsAccount
  2. Find the encryption/passphrase section
  3. Enter your current passphrase
  4. Enter and confirm your new passphrase
  5. Click Change Passphrase

All your data will be re-encrypted with the new passphrase.

What's Encrypted

The following data is encrypted before sync:

  • SSH connections - Hostnames, usernames, ports
  • Credentials - Passwords, SSH keys, passphrases
  • Cloud connections - AWS, GCP, Azure credentials
  • Bookmarks - Local path bookmarks

Local Security

Keychain Integration

Termial uses your operating system's secure storage:

  • macOS: Keychain
  • Windows: Credential Manager
  • Linux: Secret Service (libsecret)

Your encryption key is stored in the system keychain, protected by your OS login.

What If Keychain Access Is Denied?

If you deny keychain access:

  • Cloud sync encryption won't work
  • Sensitive credentials can't be securely stored
  • Some features will be limited

To grant access later, you may need to:

  1. Open System Preferences/Settings
  2. Go to Security/Privacy settings
  3. Grant Termial access to the keychain

Forgot Passphrase

If you forget your encryption passphrase:

  1. Go to SettingsAccount
  2. Click Forgot passphrase?
  3. You can reset your vault, but this permanently deletes all your cloud-synced data
  4. Type DELETE to confirm
  5. Set up a new passphrase and re-add your data

Warning: This action cannot be undone. All your connections, credentials, and bookmarks in the cloud will be deleted.

Security Best Practices

  1. Use a strong passphrase - Don't reuse passwords from other services
  2. Store your passphrase safely - Use a password manager
  3. Keep your OS updated - Security patches protect the keychain
  4. Don't share your passphrase - Each team member should have their own account
  5. Sign out on shared computers - Your data remains encrypted when signed out