search
Ctrlk
PricingLog inSign up

group-arrows-rotateSync of keys and passwords

This page explains how keychain synchronization differs from other data sync and how to keep your credentials stored locally while syncing the rest of your Vault data.

By default, Termius encrypts your data and syncs it across your vaults. Termius provides password-manager-grade security standards, ensuring your data is encrypted before it leaves your device.

circle-info

Learn more about the Encryption in Termius, see the Encryption overview.

At some companies, however, there are strict requirements for credentials to be kept locally and never synced, even in an encrypted format. Termius allows disabling the credentials synchronization to help with such cases.

chevron-rightWhat counts as credentials?hashtag

Usernames, passwords, SSH keys, and identities.

chevron-rightHow to disable the credentials synchronization?hashtag

You can disable the synchronization of your credentials stored in the Personal vault in Termius. To do so, you need to:

  1. Open Termius > Settings > Account

  2. Disable the Sync keys and identities toggle under the Synchronization section

chevron-rightCan I stop all the data from synchronizing?hashtag

If you have an account, then no, you can't.

The Sync keys and identities toggle only controls the credentials part.

The rest of the data (hosts, groups, snippets, etc.) stays encrypted and synced across your vaults.

circle-info

While the synchronization is not working in the free Starter plan, you might activate a Pro or Team trial at some point and the data will be synced then.

chevron-rightWhat will happen with my credentials if I log out?hashtag

If you log out, all the local data will be cleared.

triangle-exclamation

If synchronization of your credentials is disabled, they will also be cleared.

chevron-rightWhat changes on my other devices when I disable the credentials sync?hashtag

Your other devices will still receive all other data, but not credentials.

This also means you will need to manually replicate the same set of credentials on all your devices.

chevron-rightWhen it makes sense to disable the credentials synchronization?hashtag

There are a number of reasons for that. It all depends on the environment you operate in. To name a few:

  • Your security policy restricts credential sync

  • You want each device to hold its own set of credentials. However, in that case, you can also utilize the biometric SSH keys that never leave your device anyway

  • You don't need to sync credentials at all

chevron-rightI see it can be disabled for the Personal vault. What about the Team vault?hashtag

The Sync keys and identities toggle only controls the credentials in the Personal vault.

When you specify the credentials for your hosts in the Team vault, you can choose whether to share them with the team or require team members to use credentials from their Personal vault.

If you choose to store your credentials in Personal vault to keep usernames/passwords/keys only locally, each team member will need to disable credentials sync accordingly.

triangle-exclamation

IMPORTANT

When the Sync keys and identities toggle is disabled, the credentials data is not synced, and is only kept locally.

If you log out and the data gets cleared, Termius won't be able to help with the data recovery.

hashtag
Related concepts

To understand how synced data is organized, see Learn about vaults.

For encryption details, see Encryption overview.

PreviousIdentitiesNextTeam vaults

Last updated

Was this helpful?