Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/N3XT3R1337/RiftCE/llms.txt

Use this file to discover all available pages before exploring further.

Rift CE stores all account cookies, passwords, and metadata in a single encrypted binary file at %LocalAppData%\RiftCE\accounts.dat. The entire accounts JSON is encrypted before being written to disk — nothing in the file is readable without decrypting it first, and nothing ever leaves your machine. You can choose between two encryption modes in Settings → Encryption.

Encryption modes

Windows Data Protection API is the default encryption mode. The operating system handles all key management transparently — Rift CE passes the raw JSON bytes to the Windows CryptProtectData API and stores the opaque result.How it works:
  • Encryption and decryption are scoped to your current Windows user profile. The underlying key is derived from your Windows login credentials by the OS.
  • No key is stored in the application or on disk. The OS unlocks the data automatically when you are logged in as the same user.
  • Decryption calls ProtectedData.Unprotect with DataProtectionScope.CurrentUser, which means the data is tied to your specific user account on your specific machine.
When to use it:DPAPI is appropriate for the vast majority of users. If you only ever access Rift CE from one Windows user account, you get strong encryption with zero configuration.
DPAPI-encrypted data cannot be decrypted on a different machine or a different Windows user account, even on the same machine. Copying accounts.dat to another computer or restoring it after a Windows reinstall will result in a decryption failure and an empty vault. Always export to JSON before migrating.

What is encrypted

The encryption covers the full accounts JSON — every field on every account, including:
  • Username and user ID
  • Security token (.ROBLOSECURITY cookie)
  • Password (if SavePasswords is enabled)
  • Group, tags, notes, and any custom fields
There are no plaintext fields in accounts.dat. The file is binary and opaque without the correct decryption context.

What is not stored remotely

Rift CE is entirely local. No account data, cookies, or encryption keys are sent to any server. The only outbound network requests made by Rift CE are to the Roblox API on your behalf (for health checks, presence, launching, and cookie refresh) and optionally to Discord webhooks if you configure them.

Changing the encryption mode

1

Open Settings

Click Settings in the sidebar.
2

Find the Encryption section

Scroll to the Encryption section and select either Dpapi or Aes256 from the dropdown.
3

Restart Rift CE

Close and reopen Rift CE. The vault will be re-encrypted with the new mode the next time it is saved.
Changing the encryption mode re-encrypts the vault on the next save. If you change from DPAPI to AES-256 and then move the file to another machine, make sure you have the correct key configured on the destination before opening Rift CE there.

Backup encryption

Backup files in %LocalAppData%\RiftCE\backups\ are copies of accounts.dat and are encrypted with whichever mode was active at the time the backup was created. A backup created while using DPAPI mode is subject to the same portability limitations as the main vault — see Backups.

Build docs developers (and LLMs) love

Get started for freeTalk to us