The secret storage is a mechanism for the frontend to store the cryptographic secrets of an account. It replaces the previous secret backup mechanism.
These secrets are encrypted by the frontend with a key called account root key, sometimes abbreviated as root key.
The root key itself is stored in the secret storage, encrypted with the password hash (the output of Argon2 over the user's password).
To migrate an account that is still using the secret backup mechanism.
accesstoken(opaque token) (ACR >= 2):
midclaim as an identity id linked to the account.
tokentype: must be
X-CSRF-Token: a token to prevent from CSRF attacks.
Note: for organizations,
vault_key will not be present.