Auto-Lock

Auto-lock automatically locks your vault when you step away from your computer. Once locked, the master key is zeroed from memory and all revealed secrets are re-encrypted. Anyone who walks up to your machine sees the unlock screen, not your data.

How It Works

Claspt monitors mouse and keyboard activity within the app window. When no input is detected for the configured timeout period, the vault locks automatically.

The lock process:

1. The current page is saved.
2. All revealed secret blocks are collapsed and their decrypted values zeroed from memory.
3. The master key is zeroed from memory.
4. The unlock screen is displayed.

Note

Auto-lock is triggered by inactivity in the Claspt window specifically, not system-wide idle time. If you’re actively using other apps but haven’t interacted with Claspt, it will lock after the timeout.

Configuring the Timeout

Go to Settings > Security > Auto-lock timeout and choose a duration:

Option	Best For
1 minute	High-security environments, shared workstations
5 minutes	Recommended for most users
15 minutes	Balanced convenience and security
30 minutes	Long reference sessions
1 hour	Extended work sessions
Never	Physically secure environments only

The default is 5 minutes.

Tip

If you frequently reference secrets during development, 15 minutes is a good balance. You avoid constant re-authentication while still getting protection when you leave for coffee.

Manual Lock

You don’t have to wait for the timer. Lock your vault instantly:

• Keyboard shortcut: Cmd+Shift+L (macOS) / Ctrl+Shift+L (Windows/Linux)
• Menu: Click the lock icon in the sidebar header.

Tip

Build a habit of pressing Cmd+Shift+L before you step away, just like Cmd+L to lock your screen. The two pair well together.

Unlocking After Auto-Lock

When the vault is locked, you’ll see the unlock screen. You have two options:

1. Master password — type your password and press Enter.
2. Biometric — if biometric unlock is enrolled, use Touch ID or Windows Hello.

Your editor state is preserved. After unlocking, you’ll return to the same page and cursor position you were at before the lock.

What Happens to Revealed Secrets

When the vault locks (auto or manual):

• All revealed secret cards are collapsed.
• Decrypted values are zeroed from memory using the zeroize crate.
• Clipboard contents from secret copies are cleared.
• The next time you reveal a secret, it’s decrypted fresh from disk.

This means even if someone attached a memory debugger to the process, there would be no plaintext secret data to find after a lock.

Recommendations

Caution

Setting auto-lock to Never means your vault stays unlocked indefinitely. Only use this if you’re in a physically secure environment with full-disk encryption enabled and a screen lock configured at the OS level.

For most users, we recommend:

• 5 minutes if you store high-value secrets (production API keys, financial credentials).
• 15 minutes if you use Claspt as a daily reference tool during development.
• Pair with OS screen lock — auto-lock protects against someone accessing Claspt specifically, but your OS screen lock protects against all apps. Use both.