Blog

How RabbitKey works under the hood — encryption, security architecture, sync, and practical guides for getting your vault where you need it.

EncryptionHow RabbitKey Encrypts Your VaultA plain-English walkthrough of the cryptography behind RabbitKey: XChaCha20-Poly1305 authenticated encryption and PBKDF2-HMAC-SHA256 key derivation, all on your device.7 min readSecurityLocal-First Security Architecture & Threat ModelWhy RabbitKey has no servers, no accounts, and no analytics — and what that means for your threat model. Where your data lives and who can reach it.8 min readSecurityYour Recovery Kit, ExplainedIf you forget your master password, your Recovery Kit is how you get back in. What the RKRK- code is, how to export it, and why you must store it like a key.5 min readSync & PrivacyHow Zero-Knowledge Sync WorksRabbitKey syncs through iCloud, Google Drive, or your own WebDAV server — but only the encrypted vault ever leaves your device. How sync and conflict resolution stay private.6 min readGuidesMigrating From Another Password ManagerMoving to RabbitKey from another manager? Export your data as CSV, import it in a few taps, and clean up the plaintext export safely afterward.5 min readGuidesExporting and Backing Up Your VaultRabbitKey offers two very different exports: an encrypted vault backup and a plaintext CSV. Know which to use, and how to keep each one safe.6 min readGuidesRestoring Your Vault on a New DeviceThree ways to bring your vault to a new device: device-to-device QR transfer, restoring an encrypted backup, or recovering from your Recovery Kit.6 min read