RabbitKey
Blog
Blog

Restoring Your Vault on a New Device

Whether you are upgrading to a new phone, replacing a lost device, or adding a second device, RabbitKey offers three distinct restore paths. Each has different requirements and tradeoffs.

Overview of the Three Paths

Method What you need Best for
Device-to-device QR transfer Both devices present Upgrading with the old device on hand
Restore from encrypted vault backup Backup file + master password Lost or replaced device, no sync
Restore from Recovery Kit Recovery Kit code + encrypted vault Lost master password, or your preferred recovery method on a new device

Path 1: Device-to-Device QR Transfer

If you are moving from one device to another and both are available at the same time, QR transfer is the smoothest path.

How it works:

  1. On your old device, open RabbitKey and start the migration/transfer flow
  2. The old device displays a QR code. This QR carries what the new device needs to take over the account — the vault's master key and your master password, plus the sync provider settings (for WebDAV, that includes the server URL and credentials).
  3. On the new device, open RabbitKey and choose to scan a migration QR code
  4. Scan the QR code with the new device's camera
  5. The new device now has the master key and sync settings, so it can authenticate, download the encrypted vault, and decrypt it

Because the QR carries the master key and master password, treat the displayed code as sensitive: only scan it on a device you control, and don't photograph or share it.

Requirements:

  • Both devices physically present, with the old device able to display the QR
  • For WebDAV, the server must be reachable from the new device's network

A note on providers: QR transfer is the migration path used for WebDAV sync. For iCloud Drive and Google Drive, the simpler route is to sign into the same Apple or Google account on the new device — once RabbitKey is installed and the provider is selected, it finds the encrypted vault. (iCloud sync works across both iOS and macOS devices on the same Apple ID.)

Path 2: Restore from Encrypted Vault Backup

If you have an encrypted vault backup file — exported manually or obtained from your cloud storage — you can restore directly from it.

Steps:

  1. Transfer the encrypted vault backup file to your new device (AirDrop, Files app, USB)
  2. Open RabbitKey on the new device and choose to restore from a backup file during onboarding
  3. Select the backup file
  4. Enter your master password — RabbitKey derives the key, decrypts the backup, and restores the vault

What you need:

  • The encrypted vault backup file
  • Your master password

If you have lost your master password: Use the Recovery Kit path instead (Path 3). The encrypted backup file alone is not sufficient — you need either the master password or the Recovery Kit to decrypt it.

For more on backup formats, see Exporting and Backing Up Your Vault.

Path 3: Restore from Recovery Kit

The Recovery Kit allows vault restoration without your master password. This path is relevant when:

  • You have forgotten your master password
  • You are setting up a new device and your primary recovery method is the Recovery Kit

Steps:

  1. Obtain the encrypted vault file — from your cloud sync provider or a backup copy
  2. Open RabbitKey on the new device and choose to restore with a Recovery Kit during onboarding
  3. Enter the 69-character RKRK-XXXX-... code (or load the .txt file)
  4. RabbitKey decodes the master key from the Recovery Kit and decrypts the vault
  5. You may be prompted to set a login password for the restored account on this device

What you need:

  • The encrypted vault file (from sync provider or backup)
  • Your Recovery Kit code

If you have neither: If you have lost your master password and do not have a Recovery Kit and do not have biometric unlock configured on a working device, your vault cannot be recovered. This is a deliberate consequence of the cryptographic design — see Local-First Security Architecture & Threat Model.

For full Recovery Kit details, see Your Recovery Kit, Explained.

Choosing the Right Path

Upgrading to a new device (old device available):

  • iCloud/Google Drive sync: sign into the same account on the new device, install RabbitKey, select the provider
  • WebDAV sync: use QR transfer from the old device

Lost or stolen device (no access to old device):

  • If sync was enabled: install RabbitKey on the new device, connect to the same sync provider, vault downloads automatically
  • If no sync: restore from an encrypted vault backup file using your master password

Forgotten master password:

  • Use Recovery Kit + the encrypted vault file from sync or backup

Platform Notes

RabbitKey is currently available on iOS. Android, macOS, and Windows are in development. All three restore paths are designed to work across platforms once those versions ship — an encrypted vault backup or Recovery Kit produced on iOS will be valid on the other platforms.

ON THIS PAGE