R2 Desk ProR2 Desk PRO
Buy Private Beta$29 / R2CONTROL / first 100
Navigation
Buy Private Beta$29 / R2CONTROL / first 100Read docs
DocsSecurity

Security, vault, and licensing

The app treats R2 credentials as the real asset. Security behavior is local-first and backend-enforced.

Security-conscious operators and technical buyers8 minCore workflowUpdated March 11, 2026
WindowsmacOSLinux
SecurityLicensing

Vault gating, keychain storage, passphrase behavior, EULA acceptance, the 7-day trial, paid licensing, and update checks.

  • Vault lock model
  • Keychain credential handling
  • HTTPS enforcement
  • EULA acceptance, the 7-day trial, paid licensing, and update checks
Applies to
WindowsmacOSLinux
Covers
SecurityLicensing

Security, vault, and licensing

Vault model

The vault is the operational gate for the app.

While the vault is locked:

  • Operational commands are blocked.
  • The app routes you back to unlock instead of half-working.
  • Credentials remain in the OS keychain, not in frontend state.

Unlocking is passphrase-based and local to the machine.

Auto-lock policy

The app supports configurable idle timeout options:

  • 5 minutes
  • 15 minutes
  • 30 minutes
  • 1 hour
  • never

"Never" disables idle timeout only. Session-lock behavior is a separate security policy.

Credential storage

Profile metadata and secrets are handled differently on purpose.

  • Secret keys go to the OS keychain.
  • Non-secret profile metadata is stored in app data.
  • Request signing stays in the Tauri backend.

The frontend does not hold long-lived secret material.

HTTPS enforcement

The app rejects insecure URLs for profile-level public delivery fields.

This includes:

  • public base URL
  • CDN domain

If a field is present, it must be a valid HTTPS URL.

Error hygiene

Supportable security means more than storage location. Error handling matters too.

Security baseline:

  • redact raw credentials and tokens from surfaced errors
  • keep signed URL generation in the backend
  • avoid logging secrets to the activity panel or console

Trial and paid licensing

Private Beta licensing follows a specific install-to-license path.

  1. Install the app.
  2. Accept the EULA before access.
  3. Use the full Pro feature set during the 7-day trial.
  4. Buy through Lemon Squeezy when you want to continue after the trial.
  5. Receive your license key and register it in the app.

Enter the launch code R2CONTROL in the Lemon Squeezy discount-code field if the launch offer is still available.

The first-100-customer promo cap is global across all platform variants. Private Beta is a one-time purchase only. It is not a subscription.

Post-trial license behavior

Paid licensing is handled after the 7-day trial and then managed from the About surface.

Current behavior:

  • You paste the issued license key or signed license payload.
  • The Rust backend verifies the signature.
  • The app stores the license locally and reports status.
  • Access remains available during the trial, then requires successful license registration after day 7.

One activation per license

Private Beta licenses allow one activation per paid license.

Document that clearly when:

  • downloading the trial
  • buying after the trial
  • handling support or refund questions

If a license is invalid, tampered, or expired, the UI says so directly.

Update checks

Update checks are informational and backend-driven.

Current expectation:

  • The app can query release metadata.
  • The UI can tell you whether a newer version exists.
  • Startup does not block on the update check.

What support will never ask for

No legitimate support request asks you to send:

  • your Secret Access Key
  • raw Cloudflare API tokens
  • unredacted presigned URLs

If you need to share a failing URL mapping, redact the secret-bearing query parameters first.