R2 Desk ProR2 Desk PRO
Beta $25First 250 per platform
Navigation
Beta $25First 250 per platformRead docs
DocsSecurity

Security, vault, and licensing

The app treats R2 credentials as the real asset. Security behavior is local-first and backend-enforced.

Security-conscious operators and technical buyers8 minCore workflowUpdated March 7, 2026
WindowsmacOSLinux
SecurityLicensing

Vault gating, keychain storage, passphrase behavior, licensing activation, and update checks.

  • Vault lock model
  • Keychain credential handling
  • HTTPS enforcement
  • License activation and update checks
Applies to
WindowsmacOSLinux
Covers
SecurityLicensing

Security, vault, and licensing

Vault model

The vault is the operational gate for the app.

While the vault is locked:

  • Operational commands are blocked.
  • The app routes you back to unlock instead of half-working.
  • Credentials remain in the OS keychain, not in frontend state.

Unlocking is passphrase-based and local to the machine.

Auto-lock policy

The app supports configurable idle timeout options:

  • 5 minutes
  • 15 minutes
  • 30 minutes
  • 1 hour
  • never

"Never" disables idle timeout only. Session-lock behavior is a separate security policy.

Credential storage

Profile metadata and secrets are handled differently on purpose.

  • Secret keys go to the OS keychain.
  • Non-secret profile metadata is stored in app data.
  • Request signing stays in the Tauri backend.

The frontend does not hold long-lived secret material.

HTTPS enforcement

The app rejects insecure URLs for profile-level public delivery fields.

This includes:

  • public base URL
  • CDN domain

If a field is present, it must be a valid HTTPS URL.

Error hygiene

Supportable security means more than storage location. Error handling matters too.

Security baseline:

  • redact raw credentials and tokens from surfaced errors
  • keep signed URL generation in the backend
  • avoid logging secrets to the activity panel or console

License activation

License activation is handled from the About surface.

Current behavior:

  • You paste a signed license payload.
  • The Rust backend verifies the signature.
  • The app stores the license locally and reports status.

If a license is invalid, tampered, or expired, the UI says so directly.

Update checks

Update checks are informational and backend-driven.

Current expectation:

  • The app can query release metadata.
  • The UI can tell you whether a newer version exists.
  • Startup does not block on the update check.

What support will never ask for

No legitimate support request asks you to send:

  • your Secret Access Key
  • raw Cloudflare API tokens
  • unredacted presigned URLs

If you need to share a failing URL mapping, redact the secret-bearing query parameters first.