Sync Devices: Generating Passwords for Sync Apps

When you want to connect a sync app like rclone or open Drive in Finder, you don't use your normal TrekMail password. You generate a separate one — a device password — that lives on the Sync devices page in the dashboard.

This guide walks through that page: why each device gets its own password, the choices you make on the form, and what happens when you revoke one.

Why a separate password per device

Your dashboard password is the one that opens everything: domains, mailboxes, billing, the account itself. Putting it into a sync client on a laptop you might lose, a phone you might trade in, or a backup script someone else has access to is a risk you don't need to take.

Device passwords solve this in three small ways:

1. Each device gets its own. Lose the laptop, revoke that one device — your other apps stay connected. No reset cascade.
2. They carry only the permissions you pick. A read-only password on your phone can browse your Drive but can't delete anything by accident. A backup script with edit permission can write files but can't see your billing history.
3. They're shown once and never stored as plain text. TrekMail keeps a hash. If someone ever breaches the dashboard, they get a hash they can't reverse — not the password.

The trade-off: you have to actually go to the Sync devices page and generate one. That's the page this guide is about.

Where to find it

There are now two places to manage sync devices, depending on who you are:

From the dashboard (account owners and admins)

In the dashboard sidebar, click Drive. Inside the Drive toolbar (top of the file list), look for a small button labelled Sync devices with a refresh-arrows icon next to it. Click it. You can also navigate directly to /drive/devices.

The dashboard view is the complete picture: it lists every sync device in the account, whether the account owner created it from the dashboard or a mailbox user created their own from inside webmail. Each row shows a small badge under the device name:

• 🖥 Created via dashboard — issued by an account admin from the dashboard.
• ✉️ Created via webmail (name@example.com) — issued by the mailbox user themselves from their webmail. The mailbox address is shown so you know exactly which account they were signed into when they created it.

This split matters when you're auditing access or revoking after someone leaves: you see the full inventory from one screen, and you can revoke any row — even ones a mailbox user created — without needing their password.

From webmail (mailbox users without dashboard access)

Sub-mailbox users who never log into the dashboard can still manage their own sync passwords directly inside webmail. Open webmail, click Drive in the sidebar, and use the Sync devices button in the Drive toolbar. The Drive file list is replaced inline with the Sync devices view — no new page, no dashboard navigation, no separate sign-in.

The webmail surface is scoped to that mailbox only:

• The device password is locked to the signed-in mailbox. The user can't grant access to anything outside their own mailbox Drive.
• Only mailbox-level permissions appear (View / Edit / Share / Empty trash inside one mailbox). Account-wide scopes are not offered — that's deliberately an admin-only decision.
• A per-mailbox cap of 50 devices applies, separate from the account-wide cap, so one mailbox can't fill the table for everyone else.

The form, the one-time password reveal, the device list, and the Revoke flow all behave the same as the dashboard version — just trimmed to what makes sense for a mailbox user.

The list of existing devices

When you open the page, you'll see:

• Your Drive server URL at the top in a copy-able indigo box. This is the URL you paste into every sync app: https://YOUR-DOMAIN/dav/files/account/. It's the same for every device password you create.
• A list of devices below the URL banner, one row per password. Each row shows the name you gave the device, what it's allowed to do (in plain words like "View files" or "Edit mailbox files"), when it was last used, and its current status (Active, Expired, or Revoked).
• A "Revoke" button on each active row — one click stops that password from working immediately.

If you've never connected anything, you'll see a "Nothing connected yet" empty state instead, with a button that opens the same form described below.

Adding a new device

Click + Add new device in the top-right. A modal opens with these choices:

What is this device? A name only you see — something you'll recognise later when you decide what to revoke. "Office MacBook", "Phone backup", "rclone on home server". Up to 64 characters. The placeholder shows "e.g. Work laptop".

Names must be unique among your active devices (per-mailbox in webmail; per scope in dashboard). If you try to reuse the name of a device that's still active, the form rejects it with a hint to pick a different one or revoke the old one first. Revoked names free up immediately, so re-using "MacBook" after retiring an old laptop is fine.

What can this device do? A list of permissions. By default, View files and Edit files are checked — this is the right combination for most desktop sync apps (rclone, Finder, Explorer, Cyberduck). The full list is grouped:

• View files — see and download files in your Drive.
• Edit files — upload, rename, move, and trash files.
• Create share links — generate public download links for files.
• Empty trash — permanently delete files. Marked destructive with a red ring, off by default. Sync apps almost never need this.

If you check the Limit to a specific mailbox section below, an extra set of mailbox-only permissions appears (View mailbox files, Edit mailbox files, Share mailbox files, Empty mailbox trash). These only apply when the password is restricted to one mailbox.

Limit to a specific mailbox (optional) Collapsed by default. Click to expand if you want this device to see only one mailbox's Drive — useful when you're handing the password to someone who shouldn't have access to the rest of the account. Pick the mailbox from the searchable list (works even with 100+ mailboxes), then leave the per-mailbox permissions as their defaults.

When does it stop working? A row of buttons: 30 days, 90 days, 1 year, Never. 1 year is the recommended default — sync passwords that never expire are a long-tail risk after a device is gone. Pick a shorter window for temporary use (a contractor's laptop, a one-off backup), or "Never" if you've thought about it.

Generate password Click and the modal closes. The new password appears in an amber banner at the top of the page in a dsync_… format. This is the only time you'll see it. Copy it now into your password manager, into rclone config, into the Finder credentials dialog — wherever it's going. After you leave the page, TrekMail can't show it again.

If you forget to copy it, no harm done — revoke the password and create a new one.

Revoking a device

When you no longer need a device — or you've lost the laptop, or someone left the team — click Revoke on its row. A small confirmation opens; click Revoke password to confirm. The password stops working immediately, including for any in-flight sync. The next request from that device gets a 401 sign-in failure.

Revoked devices stay in the list as a permanent record. You can see when they were last used, which helps if you're investigating a suspicious access pattern. They count against the limit (50 per scope on the dashboard, 50 per mailbox in webmail), so if you're churning through devices you may eventually want to delete old revoked rows — but for normal use 50 is far more than you'll need.

Cross-surface revocation works in both directions. A row created from webmail can be revoked from the dashboard (handy when a mailbox user has left or lost a device and the admin needs to lock things down). The reverse — revoking a dashboard-created row from webmail — only works if the row was scoped to the mailbox in the first place; account-wide rows are not visible in the webmail surface and stay admin-only.

Common patterns

A few setups people land on after using the page for a while:

• One per machine, named after the machine. "Office MacBook", "Home iMac", "Linux backup server". Easy to audit. Easy to revoke when a machine is retired.
• One per app, when one machine runs several. "MacBook — rclone", "MacBook — Finder". Lets you revoke rclone without breaking Finder. Useful when you trust an app differently from another.
• Short-lived passwords for contractors. 30 days, view-only, limited to one mailbox. They get what they need, expiry handles the cleanup automatically.

What's next

Once you have a device password, the platform-specific setup guides take it from here:

• Connect Drive in macOS Finder
• Connect Drive in Windows Explorer
• Connect Drive with Cyberduck
• Connect Drive with rclone
• Connect Drive on Android with DAVx⁵
• Connect Drive on iPhone with Documents

If something doesn't work, Drive Sync Troubleshooting covers the common fixes — and almost always the answer is "generate a fresh device password and try again".