Travel Mode
Travel Mode temporarily hides sensitive secrets from your vault when you cross international borders or enter high-risk environments where your device may be subject to inspection.
Only secrets explicitly marked as travel-safe remain visible while Travel Mode is active. All other secrets are hidden — they are not deleted, just not shown.
What is Travel Mode?
Travel Mode is a vault-level toggle that filters the secrets visible to you based on a per-secret travel-safe flag. When enabled, only travel-safe secrets appear in your vault. When disabled, all secrets are visible as usual.
What is it for?
Border crossings
Comply with border inspection requirements without revealing sensitive corporate secrets or personal credentials.
Security policies
Enforce corporate travel security policies that require employees to limit vault access in certain jurisdictions.
Easy toggling
Activate and deactivate Travel Mode with a single click or API call — no secrets are permanently deleted or moved.
Key concepts
| Term | Description |
|---|---|
| Travel-safe flag | A per-secret boolean attribute. When true, the secret remains visible in Travel Mode. When false or unset, the secret is hidden. |
| Travel Mode toggle | A vault-level switch that activates or deactivates Travel Mode for the current user session. |
| Hidden secrets | Secrets not marked as travel-safe become invisible while Travel Mode is active. They are not deleted; they reappear immediately when Travel Mode is deactivated. |
| Device inspection | The scenario in which a border official or third party requests access to your device and its applications. |
| Plausible deniability | Because travel-safe secrets are real and fully functional, the vault appears as a normal, limited-scope vault during inspection. |
How to use Travel Mode
Mark secrets as travel-safe
Before travelling, open each secret you need access to while abroad and enable the Travel Safe toggle. Only these secrets will be visible when Travel Mode is active.
PATCH /api/v1/secrets/{id}
Content-Type: application/json
{ "travelSafe": true }Activate Travel Mode
Go to Settings → Profile or use the Travel Mode button in the vault header. Enable the toggle. Your vault will immediately show only travel-safe secrets.
POST /api/v1/vault/travel-mode
Content-Type: application/json
{ "enabled": true }What's visible in Travel Mode
Only secrets with the travel-safe flag set to true are shown. The vault count, secret names, and any other metadata for hidden secrets are not visible.
Deactivate Travel Mode
After crossing the border or leaving the high-risk environment, disable the toggle in Settings → Profile or via the API/CLI. All secrets immediately become visible again.
qapi vault travel-mode disableField reference
| Term | Type | Description |
|---|---|---|
| travelSafe | boolean | Per-secret flag indicating whether the secret is visible when Travel Mode is active. Default: false. |
| travelMode.enabled | boolean | Vault-level flag indicating whether Travel Mode is currently active for the user. Default: false. |
Relationships
Vault
Travel Mode is scoped to the vault. Activating it affects all secrets in the vault that do not have the travel-safe flag.
Profile
The Travel Mode toggle is accessible from the user Profile page for quick activation.
Settings
Travel Mode state is stored as a user-level setting and persists across sessions until explicitly disabled.
FAQ
Are hidden secrets still encrypted on the device?
Yes. Hidden secrets remain in the vault, fully encrypted. Travel Mode only controls visibility in the UI and API responses — it does not remove data from storage.
What happens if I close and reopen the app while Travel Mode is active?
Travel Mode persists across sessions. The vault will continue to show only travel-safe secrets until you explicitly disable Travel Mode.
Does Travel Mode affect other users in the same vault?
No. Travel Mode is a per-user setting. Activating it for yourself does not affect the visibility of secrets for other vault members.
Can an admin force Travel Mode for all users?
Not currently. Travel Mode is user-controlled. Org-level Travel Mode policies are on the roadmap for a future release.
API & CLI reference
Travel Mode can be controlled programmatically via the REST API and CLI:
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/v1/vault/travel-mode | Get the current Travel Mode status for the authenticated user. |
| POST | /api/v1/vault/travel-mode | Enable or disable Travel Mode. |
| GET | /api/v1/secrets?travelSafe=true | List all secrets marked as travel-safe. |