> ## Documentation Index
> Fetch the complete documentation index at: https://docs.zerokeyusb.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a Backup

> Export all your credentials as CSV over USB serial. Screen by screen, from the menu to the saved file.

A backup protects you against loss or damage of the device. ZeroKeyUSB makes the process **deliberate**: no credential leaves the device until you physically press the authorization button.

<Warning>
  The backup is emitted as **plaintext** over USB serial. Encrypt it right after capturing it (GPG, age, 7z with password…) and store it offline.
</Warning>

***

## Before you start

| You need                       | For                                                              |
| ------------------------------ | ---------------------------------------------------------------- |
| The device unlocked            | Export only works with the PIN already entered                   |
| A serial tool                  | Web manager, `screen`, `minicom`, PuTTY or similar at 115200 bps |
| A safe place to store the file | Encrypted disk, locked SD card, etc.                             |

***

## Step 1 — Open the menu

From the first credential, press **Left**. (You can also get there by pressing **Right** from the last credential → "Add New" → Right.) See [Navigate the menu](/getting-started/menu-navigation) if in doubt.

<img src="https://mintcdn.com/depbit/oytr8oqa2a1UzETJ/images/steps/creating-backups-01-from-cred.svg?fit=max&auto=format&n=oytr8oqa2a1UzETJ&q=85&s=5f26d05f9d673640a2d23cfc8eaa0cde" alt="Open menu from credential 1" width="884" height="283" data-path="images/steps/creating-backups-01-from-cred.svg" />

*Press **Left** while on credential 1.*

***

## Step 2 — Select "Backup"

In the root menu, **Backup** is selected by default. Press **Center** to enter the submenu.

<img src="https://mintcdn.com/depbit/oytr8oqa2a1UzETJ/images/steps/creating-backups-02-backup-menu.svg?fit=max&auto=format&n=oytr8oqa2a1UzETJ&q=85&s=3bbbcd48937c3978c4ad4f205f3bd73a" alt="Root menu with Backup selected" width="884" height="283" data-path="images/steps/creating-backups-02-backup-menu.svg" />

*Press **Center**.*

***

## Step 3 — Select "Export"

Inside Backup you have `Import`, `Export` and `< Back`. Press **Down** once to highlight `Export`, then **Center**.

<img src="https://mintcdn.com/depbit/oytr8oqa2a1UzETJ/images/steps/creating-backups-03-export-selected.svg?fit=max&auto=format&n=oytr8oqa2a1UzETJ&q=85&s=2f1bfed105f95705ee043732b1ed973d" alt="Export selected" width="884" height="283" data-path="images/steps/creating-backups-03-export-selected.svg" />

*Press **Down** to reach `Export`, then **Center** to activate.*

***

## Step 4 — Physical authorization

After pressing Center, the authorization screen appears. This is a **security measure**: the device doesn't export until you hold Center for more than 800 ms (you'll see the large button halo).

<img src="https://mintcdn.com/depbit/oytr8oqa2a1UzETJ/images/steps/creating-backups-04-authorization.svg?fit=max&auto=format&n=oytr8oqa2a1UzETJ&q=85&s=131bd084094a87c07d5f37bd221448ec" alt="Authorization screen" width="884" height="283" data-path="images/steps/creating-backups-04-authorization.svg" />

*Before continuing, open your serial terminal on the host and connect to the device (115200 bps), or open the [web manager](https://zerokeyusb.com/manager). When it's ready to receive, **hold Center for \~1 second**.*

<Tip>
  Changed your mind? **Release before 800 ms** or press **Left** — the operation is cancelled and you return to the menu.
</Tip>

***

## Step 5 — Send progress

After authorizing, the device starts decrypting each slot (one by one with AES-128 CBC) and sending it over USB-CDC as a CSV line. The screen shows the progress.

<img src="https://mintcdn.com/depbit/oytr8oqa2a1UzETJ/images/steps/creating-backups-05-progress.svg?fit=max&auto=format&n=oytr8oqa2a1UzETJ&q=85&s=ec8a3709e6284abc3c952a38074b4c3b" alt="Export progress" width="884" height="283" data-path="images/steps/creating-backups-05-progress.svg" />

*You don't have to press anything. The device walks through all 62 slots and on completion shows "Export complete" for 1 second before returning to the menu.*

***

## Step 6 — Capture the CSV on the host

While the device sends, on your serial terminal you'll see lines appear:

```csv theme={null}
62
0,Google,user1,contrasena1,JBSWY3DPEHPK3PXP
1,Apple,user2,password,
2,Netflix,user3,Atalaya,
3,github,user4,no me acuerdo,JBSWY3DPEHPK3PXP;algo=SHA256
4,Amazon,comprador99,123456,
...
```

| Field        | Meaning                                                   |
| ------------ | --------------------------------------------------------- |
| Line 0       | Total number of slots (always `62`)                       |
| `slotIndex`  | 0–61                                                      |
| `site`       | Site (≤16 chars)                                          |
| `username`   | Username (≤16 chars)                                      |
| `password`   | Password                                                  |
| `totpSecret` | Optional — Base32 (with optional `;algo=SHA256`) or empty |

Save the whole output to a file (`zerokeyusb-2026-05-27.csv`, for example). The web manager has a "Save" button that does this for you.

***

## Step 7 — Encrypt immediately

<Warning>
  The CSV you just saved contains **all** your passwords in cleartext. Encrypt it as soon as you've captured it and delete the unencrypted version.
</Warning>

```bash theme={null}
# Option A: GPG (symmetric, AES-256)
gpg -c --cipher-algo AES256 zerokeyusb-2026-05-27.csv
shred -u zerokeyusb-2026-05-27.csv

# Option B: age with passphrase
age -p -o zerokeyusb-2026-05-27.csv.age zerokeyusb-2026-05-27.csv
shred -u zerokeyusb-2026-05-27.csv

# Option C: 7z with a strong password (Windows)
7z a -p -mhe=on zerokeyusb-2026-05-27.7z zerokeyusb-2026-05-27.csv
del zerokeyusb-2026-05-27.csv
```

***

## When to back up

| When                                          | Why                              |
| --------------------------------------------- | -------------------------------- |
| After adding or importing several credentials | So you don't lose new work       |
| Before factory reset or firmware reflashing   | The reset is irreversible        |
| Before any **Danger** submenu action          | Same                             |
| Periodically                                  | As part of your security routine |

***

## Best practices

| Practice                                 | Why                                            |
| ---------------------------------------- | ---------------------------------------------- |
| Encrypt right away                       | Plain CSV is a huge risk                       |
| Store in ≥ 2 separate physical locations | Protects against single-disk/cloud failure     |
| Test a restore now and then              | Guarantees the file is usable when you need it |
| Shred old backups                        | Reduces exposure window                        |
| Name with date (`YYYY-MM-DD`)            | So you know which is most recent               |

***

## Next steps

<CardGroup cols={2}>
  <Card title="Import credentials" icon="cloud-arrow-up" href="/getting-started/importing-credentials">
    Restore from a backup or migrate from another manager.
  </Card>

  <Card title="Navigate the menu" icon="bars" href="/getting-started/menu-navigation">
    Learn the rest of the menu options.
  </Card>
</CardGroup>