A Resilio Sync key (formerly known as a "secret") is a unique alphanumeric string used to link and synchronize folders between devices without relying on a central cloud server. Each key acts as a specific identifier for a shared folder, determining how other devices can interact with that data. Key Types and Capabilities
Depending on how you want to share your files, you can generate different types of keys:
Read & Write Key: The standard key for personal use across your own devices. It allows full bidirectional syncing, meaning any changes made on one device are instantly reflected on all others.
Read-Only Key: Ideal for sharing content with others when you don't want them to modify your original files. Peers with this key can download updates but cannot upload or change the source data.
Encrypted Key: This allows you to sync data to a third-party or untrusted device (like a rented server) without the owner of that device being able to view your files. The data remains encrypted on that specific "node".
Approval Key: A security-focused option that requires you to manually approve any new peer before they can begin syncing, even if they have the key. How it Works
Generation: When you add a folder to Resilio Sync, the app automatically generates these unique keys.
Linking: You enter the key on another device (phone, laptop, or NAS) to "bind" it to that folder.
Direct Transfer: Once linked, devices use the BitTorrent protocol to find each other and transfer data directly over your local network or the internet.
Note for Linux Users: If you are installing Resilio Sync via a package manager like apt, you may also encounter a GPG Signing Key. This is a different type of "key" used by your operating system to verify that the software package is authentic and hasn't been tampered with. Migrating from Dropbox - The Atomic Birdhouse
The blue LED on the NAS drive blinked steadily, a heartbeat of data in the darkness of the basement server room.
Elias rubbed his tired eyes. For three weeks, the "Phantom Archive" had been taunting him. It was a ghost in the machine—a folder structure that existed on the local network, consuming terabytes of space, yet contained files that no one could open. They were opaque blocks of data, labeled with random hashes.
His boss, Marcus, wanted it deleted. "It's dead weight, Elias. Purge it. We need the space for the new backups."
But Elias was an archivist at heart. He hated unfinished stories. He popped the drive out of the bay and connected it directly to his diagnostic terminal. He wasn't looking for a file; he was looking for a signature. A creation stamp. A log.
After an hour of digging through hexadecimal code, he found it buried in a master manifest file. It wasn't a password, nor a standard encryption key. It was a single line of text, preceded by a protocol header he hadn't seen in years.
Sync_Read_Only_Key: BQZH...
"Resilio," Elias whispered.
It was peer-to-peer syncing technology, the kind used to move massive datasets across the globe without a central server. The files weren't just random garbage; they were fragments waiting to be reassembled. The drive wasn't a storage unit; it was a node in a mesh.
Elias hesitated. Security protocols screamed at him not to plug an unknown key into a networked machine. But curiosity won. He installed the client on an isolated sandbox VM and pasted the key into the dialogue box. resilio sync key
He hit Enter.
For ten seconds, nothing happened. The status bar read: Connecting to Peers...
Then, a notification pinged.
1 Peer Found.
Elias leaned closer to the screen. The peer wasn't on the local network. The IP address resolved to a location in a different time zone. The transfer began instantly. Unlike a standard download, which trickled data from a central server, this was an avalanche. The client identified the blocks on Elias's local drive and realized it didn't need to download them; it only needed the "key" to unlock them, and the missing metadata from the remote peer.
The file names began to resolve from gibberish into English.
Project_Kite_Phase1.mp4
Audio_Log_032.wav
Coordinates.dat
The speed was terrifying. The Resilio protocol didn't care about latency; it split the files into chunks and grabbed them from whichever peer had them fastest. In this case, the remote peer was seeding the structure, and Elias's local drive was the leecher.
Suddenly, the basement lights flickered. The bandwidth usage spiked. The files were opening.
Elias clicked on the first video file as it finished finalizing.
It was security footage. Black and white, grainy. The timestamp was from five years ago—the date of the "Great Data Loss" incident that had crippled the company before Elias was hired. The footage showed the server room. A man in a hoodie was standing exactly where Elias was standing now. He was unplugging drives, not to steal them, but to hook them up to a laptop.
The audio log finished syncing. Elias played it.
“This is my insurance,” a voice said. It was Marcus, the current boss. But his voice was younger, panicked. “If I sync this to the offsite node, the corruption will spread to the backup, and we lose everything. I have to sever the connection. I’m generating a Read-Only key. If I lock the door, the data stays here, safe, until someone finds the key. Don't let the audit find this.”
Elias froze. The "Phantom Archive" wasn't a virus. It was a cover-up. Marcus had accidentally corrupted the main database years ago and, in a panic, had hidden the evidence of the clean-up in a proprietary, encrypted peer-to-peer sync folder, hoping no one would recognize the protocol. He had left the data on a decommissioned drive, thinking it was offline and safe.
But the "key" was the bridge. The remote peer that had just connected... Elias looked at the IP address again. It resolved to a residential ISP.
The sync completed.
Status: Sync Complete. Connected to 1 Peer.
Elias’s screen flashed a new notification. The remote peer had detected the sync completion. A Resilio Sync key (formerly known as a
A chat window opened within the Resilio client—an
Under the Base32 encoding lies a binary payload containing:
| Field | Length | Purpose | |-------|--------|---------| | Key Type Flag | 1 byte | Distinguishes Full Access vs Read-Only keys. | | Random Entropy | 32 bytes | Cryptographic random seed used to derive the actual master key. | | Checksum | 4 bytes | Truncated SHA-256 hash of previous bytes for error detection. |
The total binary length before Base32 encoding is 37 bytes (1+32+4). Base32 encoding of 37 bytes yields 59.2 characters; after padding and formatting (5-character groups), the final 33-character representation emerges.
Resilio Sync implements two distinct key variants:
In modern versions of Resilio Sync, you rarely see the raw 33-character key. Instead, the software uses Magnet Links. A magnet link contains the hash of the key plus additional metadata. For example:
magnet:?xt=urn:btih:standardresilio&xs=https://sync.co/link&dn=MyFolder
However, whether you use the raw text key or a magnet link, the underlying principle remains the same: The key is the authority.
When you enter a key, you are "linking" a local folder to a remote identity. If you disconnect (remove the folder from Resilio), that key becomes invalid for that device. You cannot "reconnect" to a history; you must re-index the data.
Resilio Sync replaces user accounts with cryptographic keys. Every folder you sync generates a unique, 33-character secret key. This key serves three functions simultaneously:
The key serves as a lookup token in the distributed hash table (DHT). Peers wishing to find other members of the same sync folder:
Because the DHT lookup key is a hash of the shared secret, the folder’s existence is effectively hidden from parties who do not possess the key.
(Related search suggestions available.)
Once upon a time, in a digital world cluttered with slow clouds and expensive storage fees, a photographer named Sam faced a crisis: how to move terabytes of high-res wedding photos between an office workstation and a laptop at home without waiting days for a cloud upload.
Sam discovered Resilio Sync, a tool that skipped the cloud entirely by using peer-to-peer (P2P) technology. Instead of uploading to a central server, Sam’s devices talked directly to each other.
The "hero" of this story was the Resilio Sync Key. Here is how it worked:
The Key to the Kingdom: When Sam selected a folder of photos to sync, the app generated a unique alphanumeric Sync Key (or secret).
The Secret Handshake: Sam copied this key and entered it into the Resilio app on the laptop. Instantly, the two devices found each other across the internet and began transferring files at maximum hardware speed.
Permission Levels: Sam realized there were different types of keys: Full Access Key (RW - Read/Write) : Allows
Read/Write Key: Allowed the laptop to both receive photos and delete or edit them back on the workstation.
Read-Only Key: Perfect for sharing a portfolio with a client; they could download the photos, but couldn't accidentally delete Sam's originals.
No Middleman: Because the key established a direct, encrypted link, Sam didn’t have to worry about a cloud company's security or storage limits.
By using the Resilio Sync Key, Sam turned a mesh of devices into a private, high-speed network, keeping data safe and syncing in real-time. Real-time file sync for creative teams - Resilio
Resilio Platform offers end-to-end encryption to ensure that files are secure during transit and at rest.
Resilio Sync , keys (formerly known as "secrets") are alphanumeric strings used to identify shared folders, encrypt data, and find peers across a network. Each key's first letter designates its specific permission type and functionality within the mesh. Resilio Sync Core Key Types
Resilio Sync generates several types of keys based on the level of access required: Read-Write (Starts with 'A' or 'D')
: Allows peers to both send and receive file updates. Changes made on one device sync to all others. are for standard folders.
are for encrypted folders, allowing peers to seed data to encrypted nodes. Read-Only (Starts with 'B' or 'E')
: Allows a device to receive updates but prevents any local changes from syncing back to other peers. are the standard read-only version.
allow a peer to download and decrypt data from encrypted nodes. Encrypted (Starts with 'F')
: Designed for offsite backups or cloud storage where the hosting device can store and seed data but cannot decrypt filenames or content. One-Time (Starts with 'C')
: Valid for a single use or a limited duration (e.g., 24 hours). Once used to establish a connection, the host client sends the permanent Read-Write or Read-Only key over a secure channel. Key Structure and Security Composition
: Standard keys typically consist of 33 characters, including capital letters (A–Z) and numbers (2–7). Generation : Keys are created using cryptographic algorithms to ensure uniqueness and security. Encryption : Data in transit is encrypted using keys derived from these folder secrets. How to Use Keys Understanding the Sync Encrypted Folder | Resilio Blog 22 Jan 2016 —
These are alphanumeric strings generated by Resilio Sync to identify specific folders and manage access between peers.
Structure: Keys consist of capital letters (A–Z) and numbers (2–7). They typically contain a 1-character prefix followed by a 32-character Base32 encoded sequence. Key Types by Prefix: A or D: Read/Write keys. B or E: Read-Only keys. F: Encrypted Read-Only keys. C: One-time use keys.
Security: Data is encrypted end-to-end using AES-128. Resilio’s infrastructure cannot see or access your files because the keys are known only to the peers. 2. License Keys
These are files or codes used to activate Pro, Business, or Family versions of the software. Understanding the Sync Encrypted Folder | Resilio Blog