Archon Vault - Encrypted Distributed Storage

Manage DID vaults and backup/restore files. Data is encrypted client-side before transmission — only you (or vault members) can decrypt.

Prerequisites

• Archon identity configured (~/.archon.env with wallet path and passphrase)
• Run archon-keymaster first to create your DID if you don't have one

Backup Operations

Backup Workspace to Vault

./scripts/backup/backup-to-vault.sh [vault-did]

Archives ~/clawd and ~/.openclaw to your encrypted vault. Respects .backup-ignore files.

Restore from Vault

./scripts/backup/restore-from-vault.sh <backup-did> [target-dir]

Verify Backup Integrity

./scripts/backup/verify-backup.sh <backup-did>

Disaster Recovery

./scripts/backup/disaster-recovery.sh

Full recovery procedure with mnemonic.

Vault Management

Create Vault

./scripts/vaults/create-vault.sh <vault-name>

Add/Remove Items

./scripts/vaults/add-vault-item.sh <vault-did> <item-did>
./scripts/vaults/remove-vault-item.sh <vault-did> <item-did>
./scripts/vaults/get-vault-item.sh <vault-did> <item-did>
./scripts/vaults/list-vault-items.sh <vault-did>

Manage Vault Members (Multi-Party Access)

./scripts/vaults/add-vault-member.sh <vault-did> <member-did>
./scripts/vaults/remove-vault-member.sh <vault-did> <member-did>
./scripts/vaults/list-vault-members.sh <vault-did>

Security Notes

1. Backup scope: Archives ~/clawd and ~/.openclaw by default. Review .backup-ignore to exclude sensitive items.

2. Encryption: All data encrypted before transmission to Archon gatekeeper/hyperswarm.

3. Vault members: Adding a member grants them decrypt access to vault contents.

4. Recovery: Your 12-word mnemonic is the master key. Store it offline.