Security
App lock, Secure Enclave keys, and encrypted backups.
Overview
vmux is designed so that credentials and terminal content stay protected at rest and in transit. This page summarizes the security features available across visionOS, iOS, and macOS.
App Lock
When App Lock is enabled, vmux locks automatically every time you leave the app. A blur overlay hides all terminal content until you authenticate.
Authentication uses the biometric method available on your device:
| Platform | Method |
|---|---|
| Apple Vision Pro | Optic ID |
| iPhone / iPad | Face ID |
| Mac | Touch ID |
If biometrics are unavailable (for example, after several failed attempts), vmux falls back to your device passcode.
Enabling App Lock
Open Settings (Cmd+,) and toggle App Lock in the Options tab. The toggle label shows the biometric method available on your device (e.g., "App Lock (Optic ID)").
Secure Enclave Keys
vmux generates SSH keys inside the device's Secure Enclave -- a dedicated hardware security chip present on all Apple silicon devices. Keys created in the Secure Enclave:
- Never leave the hardware. The private key cannot be exported, copied, or backed up.
- Are device-bound. Each device has its own key. If you reset the device, you must generate a new key.
- Require user presence. Signing operations are gated by biometric authentication or device passcode.
The key type is ECDSA P-256 (ecdsa-sha2-nistp256).
See SSH Key Management for instructions on generating a key and adding it to your servers.
Encrypted Backups
When exporting saved hosts, you can choose Export Encrypted to create a passphrase-protected backup file. Encrypted exports use AES-256-GCM and include passwords (which are otherwise excluded from plain exports). You need the same passphrase to import the backup on another device.
See Saved Hosts & Profiles for export and import details.
Password Storage
Passwords for saved hosts are stored in the system Keychain, never written to disk in plaintext. Specifically:
- The Keychain encrypts passwords at rest using the device's hardware key.
- Passwords are stripped from persisted profile data -- only the Keychain holds them.
- Deleting a saved host also removes its Keychain entry.
- Plain-text exports (non-encrypted) never include passwords.
Confirm Before Closing
vmux can prompt you before closing a window that has an active SSH connection, preventing accidental disconnects.
This is enabled by default. To toggle it, open Settings and find Confirm Close Connected in the Options tab. When enabled, closing a connected window shows a confirmation dialog before disconnecting.
Related
- SSH Key Management -- generating and using Secure Enclave keys
- Saved Hosts & Profiles -- host storage, export, and import
- Settings Reference -- full list of settings including App Lock and Confirm Close Connected