Export Options
How HearthGate separates backups, logs, connection packages, encrypted bundles, and plain artifacts.
Choose the right export for the material
HearthGate separates settings backups, connection logs, connection packages, ZIP bundles, CSV logs, and standalone artifacts so you can choose the right transport for the sensitivity of each file. In HearthGate 1.3, the encrypted settings backup carries more policy state, so moving a hardened setup to another Mac is less manual.
| Format | At-rest protection | What it carries |
|---|---|---|
| Settings backup (.hgex) | Password-protected backup file | Includes server settings, app preferences, allowed keys, key limits, key quota state, disabled-key parking, and network-security policy. It does not include private keys, passphrases, or audit-event rows. |
| Connection log archive (.hglog) | Password-protected log file | Includes connection history such as session times, source IPs, users, auth methods, ports, fingerprints, and process IDs. Audit trail rows stay local for now. |
| Connection package (.hearthgate-connection) | Plain owner-only file or password-protected file | Shares the details another HearthGate user needs to connect. It can include a private key and passphrase, so password protection is the safer default. |
| Cross-platform ZIP bundle | AES-256 encrypted ZIP with tamper detection | One file for Windows, macOS, or Linux recipients: private key, ready-to-run script, and a human-readable how-to. Strong random passwords are recommended. |
| Spreadsheet log export (.csv) | Plain spreadsheet file | Opens in Excel, Numbers, or Google Sheets. It contains connection logs only, not audit trail rows, and should travel over a trusted channel. |
| Standalone key, script, QR | Plain trusted-channel artifacts | Private keys, scripts, and QR codes are convenient for AirDrop, USB, or encrypted messaging. QR and plain connection packages can carry the full share details. |
Rule of thumb: use password-protected exports for anything that carries a private key, passphrase, or connection package. Plain JSON, CSV, scripts, private-key files, and QR codes are for channels you already trust.
Password-protected HearthGate files
Built-in tamper detection
Settings backups, log archives, and encrypted connection packages fail to open if the file is changed or the password is wrong.
Encrypted ZIP bundle
Built-in tamper detection
The recipient gets one protected bundle, and extraction fails if the encrypted contents were modified.
Trusted-channel formats
For paths you already control
Scripts, CSVs, and QR codes prioritize practicality; open in Excel, run as a script, scan a QR. They're meant for transports you trust: AirDrop between your own devices, an end-to-end encrypted message, a USB stick. Need encryption at rest? Use the password-protected files or the encrypted ZIP bundle; both are one click away in the same UI.