Key management

Generate an age keypair

Dirless uses age to encrypt your directory snapshot end-to-end. Your private key never leaves your machine - decryption happens entirely in the browser. You only need to generate a keypair once.

Keep your private key safe. Store it in a password manager or another secure location. If you lose it, your encrypted directory snapshot cannot be recovered - you would need to re-enter all your users manually.

Step 1 - Install age

Install the age tool

age is available on all major platforms.

macOS

brew install age

Debian / Ubuntu

sudo apt install age

Fedora / RHEL / Alma

sudo dnf install age

Windows (winget)

winget install FiloSottile.age

Or download a pre-built binary directly from the age releases page.

Step 2 - Generate

Generate your keypair

Run this command in your terminal:

age-keygen -o age-key.txt

This writes both the public key (a comment line starting with #) and the private key to age-key.txt in the current directory. The file looks like:

# created: 2026-01-15T10:23:44+00:00
# public key: age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p
AGE-SECRET-KEY-1QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ

Step 3 - Store safely

Save your keys

Copy the line starting with AGE-SECRET-KEY-1 - that is your private key. Paste it into Dirless when prompted. Store age-key.txt somewhere safe, such as a password manager (1Password, Bitwarden, KeePass, etc.).

The public key (the age1… value on the comment line) is stored by Dirless automatically when you first decrypt - you do not need to provide it separately.

← Back to your directory