How to use command line to recover Atakama files on a new workstation

Note: this document applies to the "Sand Viper" (v2.0.14425) or above version of Atakama.

You can recover access to your files if you have at least two keys. These keys can be any combination of mobile devices and paper keys. Review the various scenarios below and select the one that matches your current configuration.

Scenario #1 (1 mobile device, 1 paper key)

Requires:

A mobile device that was previously part of the user's Atakama Profile and holds the user's keys.
The recovery words (i.e., Key on Paper as per the image below) that were saved during the initial Atakama onboarding.
(Optional) Git Bash installed.

Steps:

Install Atakama on the workstation: Double-click the installer and proceed through the setup (Accept License, Select Installation Folder etc.) by clicking the "Next" button on each window and the "Install" button on the last. Uncheck the checkbox "Launch Atakama" on the last window and click the "Finish" button to complete the process. DO NOT launch Atakama.
Open any terminal.
Load the relevant profile from the mobile device and run one of the following commands:
- Command 1:
  1. atakama device add --method qr "My Smartphone"
  2. Open the Atakama Mobile App and scan the displayed QR code.
- Command 2:
  1. atakama device add --method url "My Smartphone"
  2. Copy the displayed URL link and send it to the mobile device.
  3. Enter Linking Code on Atakama mobile app.
Load the relevant profile from the device by executing the following command:
- atakama profile recovery load-profiles --device [id]
- Do not use the square brackets [ ] in the command itself.
- Note: the device ID should be typed as 4 words separated by dashes. The device ID is found in the Atakama Mobile app in the Settings tab under the "This Device" section.
List loaded profiles by executing the following command:
- atakama profile recovery list-profiles
Select the needed profile by executing the following command:
- atakama profile recovery select-profile --profile [id]
- Do not use the square brackets [ ] in the command itself.
- Note: Profile ID is a hexadecimal number listed in the output of the command executed in step 5.
Load the Key on Paper to the workstation by executing the following command:
- atakama profile recovery ingest-words [words]
- Note: Words should be typed as words separated by a single space (e.g., language anchor slush fox example region move thought castle elevator culture depend gentle length).
Check the recovery status by executing the following command:
- atakama profile recovery status
- The output should show recovery status 2/2
Finalize the recovery by executing the following command:
- atakama profile recovery finalize
- At this stage, a MofNop will be sent to the mobile device.
Approve the MofNop on the mobile device.
Create Vault and Personal Files folder.
1. Run atakama sg list to obtain the Personal Security Group ID and use it to create Vault and Personal Files folders.
2. Create the Vault folder: atakama secfolder create --backend-path "<BACKEND_PATH>" --sg <secgroupid> "<VAULT_PATH>"
  - Example: atakama secfolder create --backend-path "C:\Users\(username)\AppData\Local\Atakama\root" --sg 45528678107da9dce7dcc9505c7654cc "/"
3. To create the Personal Files folder: atakama secfolder create --backend-path "<BACKEND_PATH>" --sg <secgroupid> "<VAULT_PATH>"
  - Example: atakama secfolder create --backend-path C:\Users\(username) --sg 45528678107da9dce7dcc9505c7654cc "/Personal Files"
Kill all the background Atakama processes by executing the following command: atakama --shutdown force
Launch Atakama UI on desktop.
Click the "Secure Folders" tab.
Click “Add Secure Folders”.
Click “Join Secure Folders”.
For cloud folders, use the “Join via Atakama Cloud Sync” option to gain access to those locations. Use the “Browse to an existing Secure Folder” option for network folders.
The Activate Location window will appear after you've connected to a previous Secure Folder. Click "Activate Now".
Tap approve on the Atakama Mobile app.

Note: Repeat steps 14 to 18 to recover each of your Secure Folder locations.

Scenario #2 (two mobile devices)

Requires:

Two mobile devices that were previously part of the user's Atakama Profile and hold the user's keys.
(Optional) Git Bash installed (log lines do not appear when using Git Bash).

Steps:

1. Install Atakama on the workstation: Double-click the installer and proceed through the setup (Accept License, Select Installation Folder, etc.) by clicking the "Next" button on each window and the "Install" button on the last. Uncheck the checkbox "Launch Atakama" on the last window and click the "Finish" button to complete the process. DO NOT launch Atakama.

2. Open any Terminal.

3. Load the relevant profile from one of the mobile devices by running one of the following commands:

Option 1:

a. atakama device add --method qr "My Smartphone"
b. Open the Atakama Mobile app and scan the displayed QR code.

Option 2:

a. atakama device add --method url "My Smartphone"
b. Copy the displayed URL link and send it to the mobile device.

c. Enter Linking Code on Atakama mobile app.

4. Load the relevant profile from the device by executing the following command:

atakama profile recovery load-profiles --device [id] Do not use the square brackets [ ] in the command itself.
Note: the device ID should be typed as 4 words separated by dashes. The device ID is found in the Atakama Mobile app in the Settings tab under the "This Device" section.

5. List loaded profiles by executing the following command:

atakama profile recovery list-profiles

6. Select the needed profile by executing the following command:

atakama profile recovery select-profile --profile [id] Do not use the square brackets [ ] in the command itself.
Note: Profile ID is a hexadecimal number listed in the output of the command executed in step 5.

7. Link the second device by executing one of the following commands:

The second device name in the command should match its device name in the original Profile.
In order to obtain the second device name, run the command: "atakama device list"

Option 1:

atakama device link --method qr "My Smartphone2"
open the Atakama Mobile app and scan the displayed QR code.

Option 2:

atakama device link --method url "My Smartphone2"
Copy the displayed URL link and send it to the mobile device.
Enter Linking Code on Atakama mobile app.

8. Check the recovery status by executing the following command:

atakama profile recovery status (The output should show recovery status 2/2)

9. Finalize the recovery by executing the following command:

atakama profile recovery finalize
At this stage, a MofNop will be sent to both mobile devices.

10. Approve the MofNop.

11. Create Vault and Personal Files folder.

1. Run atakama sg list command to obtain the Personal Security Group ID and use it to create Vault and Personal Files folders.

2. To create the Vault folder: atakama secfolder create --backend-path "<BACKEND_PATH>" --sg <secgroupid> "<VAULT_PATH>"

example:

atakama secfolder create --backend-path "C:\Users\(username)\AppData\Local\Atakama\root" --sg 45528678107da9dce7dcc9505c7654cc "/"

3. To create the Personal Files folder: atakama secfolder create --backend-path "<BACKEND_PATH>" --sg <secgroupid> "<VAULT_PATH>"

example:

atakama secfolder create --backend-path C:\Users\(username) --sg 45528678107da9dce7dcc9505c7654cc "/Personal Files"

12. Launch Atakama UI on desktop.

13. Click the "Secure Folders" tab.

14. Click “Add Secure Folders”.

15. Click “Join Secure Folders”.

16. For cloud folders, use the “Join via Atakama Cloud Sync” option to access those locations. Use the “Browse to an existing Secure Folder” option for network folders.

17. The Activate Location window will appear after you've connected to a previous Secure Folder. Click "Activate Now".

18. Tap approve on the Atakama Mobile app.

Note: Repeat steps 13 to 17 to recover each of your Secure Folder locations.

Scenario #3 (two paper keys [converted to 2 Mobile devices])

Requires:

- Two keys on paper that were previously part of the user's profile.

- The checkbox to synchronize Atakama profile data in the Secure Folder configuration menu is checked.

- (Optional) Git Bash installed (log lines do not appear when using Git Bash).

Steps:

1. Install Atakama on the workstation: Double-click the installer and proceed through the setup (Accept License, Select Installation Folder etc.) by clicking the "Next" button on each window and the "Install" button on the last. Uncheck the checkbox "Launch Atakama" on the last window and click the "Finish" button to complete the process. DO NOT launch Atakama.

2. Open any Terminal.

3. Load the relevant profile from a Secure Folder by executing the following command:

atakama profile recovery load-profiles --folder [path] Do not use the square brackets [ ] in the command itself.
Note: path - use the path of either the root of a Secure Folder backend or the .atakamasharedb directory itself.

4. List loaded profiles by executing the following command:

atakama profile recovery list-profiles

5. Select the relevant profile by executing the following command:

atakama profile recovery select-profile --profile [id] Do not use the square brackets [ ] in the command itself.
Note: Profile ID is a hexadecimal number listed in the output of the command executed in step 4.

6. Link the first device to a workstation by loading the first Key on Paper and then executing the following commands:
Option 1:

atakama device add --recovery --method qr "My Smartphone 3"
Open the Atakama Mobile app and scan the displayed QR code.
atakama profile recovery stage-new-device --device [id] Do not use the square brackets [ ] in the command itself.

Option 2:

atakama device add --recovery --method url "My Smartphone 3"
Copy the displayed URL link and send it to the mobile device.
Enter Linking Code on the Atakama Mobile app.
atakama profile recovery stage-new-device --device [id] Do not use the square brackets [ ] in the command itself.

7. Repeat step 6 to link the second mobile device with the second Key on Paper.

8. Check recovery status by executing the following command:

atakama profile recovery status (The output should show recovery status 2/2)

9. Finalize the recovery by executing the following command:

atakama profile recovery finalize
At this stage a MofNop will be sent to both mobile devices.

10. Approve the MofNop.

11. Create Vault and Personal Files folder.

1. Run atakama sg list command to obtain the Personal Security Group ID and use it to create Vault and Personal Files folders.

2. To create the Vault folder: atakama secfolder create --backend-path "<BACKEND_PATH>" --sg <secgroupid> "<VAULT_PATH>"

example:

atakama secfolder create --backend-path "C:\Users\(username)\AppData\Local\Atakama\root" --sg 45528678107da9dce7dcc9505c7654cc "/"

3. To create the Personal Files folder: atakama secfolder create --backend-path "<BACKEND_PATH>" --sg <secgroupid> "<VAULT_PATH>"

example:

atakama secfolder create --backend-path C:\Users\(username) --sg 45528678107da9dce7dcc9505c7654cc "/Personal Files"

12. Launch Atakama UI on desktop.

13. Click the "Secure Folders" tab.

14. Click “Add Secure Folders”.

15. Click “Join Secure Folders”.

16. For cloud folders, use the “Join via Atakama Cloud Sync” option to access those locations. Use the “Browse to an existing Secure Folder” option for network folders.

17. The Activate Location window will appear after you've connected to a previous Secure Folder. Click "Activate Now".

18. Tap approve on the Atakama Mobile app.

Note: Repeat steps 13 to 17 to recover each of your Secure Folder locations.

Scenario #4 (two paper keys- [converted to 1 Workstation and 1 Mobile])

Requires:

- Two keys on paper that were previously part of the user's profile.

- The checkbox to synchronize Atakama profile data in the Secure Folder configuration menu is checked.

- (Optional) Git Bash installed (log lines do not appear when using Git Bash).

Steps:

1. Install Atakama on the workstation: Double-click the installer and proceed through the setup (Accept License, Select Installation Folder, etc.) by clicking the "Next" button on each window and the "Install" button on the last. Uncheck the "Launch Atakama" checkbox on the last window and click the "Finish" button to complete the process. DO NOT launch Atakama.

2. Open any Terminal.

3. Load the relevant profile from a Secure Folder by executing the following command:

atakama profile recovery load-profiles --folder [path] Do not use the square brackets [ ] in the command itself.
Note: path - use the path of either the root of a Secure Folder backend or the .atakamasharedb directory itself.

4. List loaded profiles by executing the following command:

atakama profile recovery list-profiles

5. Select the relevant profile by executing the following command:

atakama profile recovery select-profile --profile [id] Do not use the square brackets [ ] in the command itself.
Note: Profile ID is a hexadecimal number listed in the output of the command executed in step 4.

6. Load the first Key on Paper to the workstation by executing the following command:

atakama profile recovery ingest-words [words] Do not use the square brackets [ ] in the command itself.
Note: Words should be typed as words separated by a single space (e.g., language anchor slush fox example region move thought castle elevator culture depend gentle length).

7. Link the mobile device with the second Key on Paper by executing one of the following commands:

Option 1:

atakama device add --recovery --method qr "My Smartphone 3"
Open the Atakama Mobile app and scan the displayed QR code.
atakama profile recovery stage-new-device --device [id] Do not use the square brackets [ ] in the command itself.

Option 2:

atakama device add --recovery --method url "My Smartphone 3"
Copy the displayed URL link and send it to the mobile device.
Enter Linking Code on the Atakama Mobile app.
atakama profile recovery stage-new-device --device [id] Do not use the square brackets [ ] in the command itself.

8. Check the recovery status by executing the following command:

atakama profile recovery status (The output should show recovery status 2/2)

9. Finalize the recovery by executing the following command:

atakama profile recovery finalize
At this stage, a MofNop will be sent to a mobile device.

10. Approve the MofNop.

11. Create Vault and Personal Files folder.

1. Run atakama sg list command to obtain the Personal Security Group ID and use it to create Vault and Personal Files folders.

2. To create the Vault folder: atakama secfolder create --backend-path "<BACKEND_PATH>" --sg <secgroupid> "<VAULT_PATH>"

example:

atakama secfolder create --backend-path "C:\Users\(username)\AppData\Local\Atakama\root" --sg 45528678107da9dce7dcc9505c7654cc "/"

3. To create the Personal Files folder: atakama secfolder create --backend-path "<BACKEND_PATH>" --sg <secgroupid> "<VAULT_PATH>"

example:

atakama secfolder create --backend-path C:\Users\(username) --sg 45528678107da9dce7dcc9505c7654cc "/Personal Files"

12. Launch Atakama UI on desktop.

13. Click the "Secure Folders" tab.

14. Click “Add Secure Folders”.

15. Click “Join Secure Folders”.

16. For cloud folders, use the “Join via Atakama Cloud Sync” option to access those locations. Use the “Browse to an existing Secure Folder” option for network folders.

17. The Activate Location window will appear after you've connected to a previous Secure Folder. Click "Activate Now".

17. Tap approve on the Atakama Mobile app.

Note: Repeat steps 13 to 17 to recover each of your Secure Folder locations.