Vaulthalla Logo

Vaulthalla User Documentation

Vaulthalla is a Linux-native, self-hosted vault platform with a C++ daemon, a FUSE filesystem surface, a local CLI, a web console, PostgreSQL-backed metadata, TPM-aware secret handling, role-based access control, and local or S3-compatible vault storage.

These docs focus on using and operating Vaulthalla. They cover installation, first-run setup, CLI and web workflows, vault creation, encryption, sync, cost controls, backup planning, sharing, and troubleshooting.

Start Here

Install Vaulthalla

Install from the APT repository, choose a lean or interactive profile, and understand what the package creates.

First Run

Bootstrap the database, claim the CLI admin Linux UID, configure Nginx, and check service health.

Web Console

Open the browser interface and learn how the dashboard, filesystem, vault, user, cost, and admin pages fit together.

Daily Operation

CLI Guide

Use vh for status checks, setup, vaults, users, roles, API keys, secrets, sync, pricing budgets, and email checks.

Vaults

Understand local vaults, S3/R2 vaults, the FUSE mount, upstream encryption, and vault-level access control.

Sync

Choose cache, sync, or mirror behavior, run dry-runs, import S3 Inventory, ingest events, and reconcile remote indexes.

Safety And Recovery

Encryption

Understand TPM-backed master keys, per-vault AES keys, upstream S3 encryption, key rotation, and export boundaries.

Backup And Recovery

Build a usable disaster recovery set from PostgreSQL, Vaulthalla state, config, key exports, and secret exports.

Cost Control

Use request budgets and price budgets to keep S3/R2 operations bounded before sync work runs.

Administration

Use Users, Groups, And Roles to grant access, S3 Gateway to expose vaults through an S3-compatible endpoint, Operator Emails to configure notifications, and Sharing to issue controlled public or email-validated links.

When something breaks, start with Install Troubleshooting for package and service issues, then use General Troubleshooting for CLI, web, vault, sync, encryption, and cost-control symptoms.

Scope

These pages describe the shipped operator surfaces: vh, the web console, the package lifecycle, systemd services, the FUSE mount, PostgreSQL state, TPM or swtpm key protection, and S3-compatible storage behavior. Contributor-only docs remain available under Contributors, but they are not the primary path for operators.