Skip to content
1AIVault1AIVault
Vault

Vault Lock

Lock 1AIVault behind a passphrase, like a password manager. While locked, neither the app nor any AI tool connected over MCP can read your vault until you unlock it.

1AIVault Settings → Security tab showing the Vault Lock setup with two passphrase fields, a strength meter, and a no-recovery acknowledgment before Enable Vault Lock
Overview

What Vault Lock does

Lock 1AIVault behind a passphrase, like a password manager. While locked, neither the app nor any AI tool connected over MCP can read your vault until you unlock it.

Your vault is the richest record of how you work with AI, and being local-first means it lives on your machine — readable by anyone at the keyboard or any MCP-connected tool left running. Vault Lock puts a passphrase in front of that: while locked, the app and every connected AI client are refused reads, so your memory stays yours until you choose to open it.

Vaultv1.7.0
Why it matters

The payoff for your AI memory

Passphrase-locks the whole vault, sealed by default

Passphrase-locks the whole vault, sealed by default and opened only when you unlock

MCP-connected AI tools are refused every read

MCP-connected AI tools are refused every read while the vault is locked

Verified with a libsodium Argon2id key derivation

Verified with a libsodium Argon2id key derivation that stores only a key hash

Auto-locks after idle (15 minutes by default)

Auto-locks after idle (15 minutes by default) and starts locked on every launch

How it works

From first launch to reusable memory

  1. 1

    Open 1AIVault and go to the relevant workspace.

  2. 2

    Use Vault Lock as part of your capture, classify, recall, and connect workflow.

  3. 3

    Reuse the resulting memory across your connected AI tools.

FAQ

Common questions

Does Vault Lock encrypt my vault on disk?

No — Vault Lock is an access lock, not at-rest disk encryption. It gates reads through the app and the MCP server, which is the surface your AI tools actually touch. The passphrase is verified with Argon2id and only a hash of the derived key is stored.

What happens to connected AI tools while the vault is locked?

The out-of-process MCP server reads the locked state and refuses every tool call, so a Claude Code, Cursor, or other MCP client gets nothing from your vault until you unlock it.

Can I recover my vault if I forget the passphrase?

No. 1AIVault never stores your passphrase, only a hash of the derived key, so a lost passphrase means the vault stays locked. Keep it somewhere safe, like a password-manager master password.

Local memory, shared everywhere

Give every AI tool the same memory.

Start free, import real conversations, and reuse your memory across every AI agent you already use.