saveoursecrets
diff --git a/‎crates/account/src/account.rs
Lines changed: 19 additions & 18 deletions b/‎crates/account/src/account.rs
Lines changed: 19 additions & 18 deletions
diff --git a/‎crates/backend/src/access_point.rs
Lines changed: 1 addition & 2 deletions b/‎crates/backend/src/access_point.rs
Lines changed: 1 addition & 2 deletions
diff --git a/‎crates/backend/src/folder.rs
Lines changed: 49 additions & 34 deletions b/‎crates/backend/src/folder.rs
Lines changed: 49 additions & 34 deletions
diff --git a/‎crates/ipc/src/web_service/web_accounts.rs
Lines changed: 12 additions & 8 deletions b/‎crates/ipc/src/web_service/web_accounts.rs
Lines changed: 12 additions & 8 deletions
@@ -1730,20 +1730,19 @@ impl Account for LocalAccount {
 
     async fn identity_folder_summary(&self) -> Result<Summary> {
         let authenticated_user = self.storage.authenticated_user()?;
-        Ok(authenticated_user.identity()?.vault().summary().clone())
+        Ok(authenticated_user.identity()?.summary().await)
     }
 
     async fn reload_identity_folder(&mut self) -> Result<()> {
         let authenticated_user = self.storage.authenticated_user_mut()?;
 
         // Reload the vault on disc
         let path = self.paths.identity_vault();
-        authenticated_user
-            .identity_mut()?
-            .folder
-            .keeper_mut()
-            .reload_vault(path)
-            .await?;
+
+        let folder = authenticated_user.identity()?.folder();
+        let access_point = folder.access_point();
+        let mut access_point = access_point.lock().await;
+        access_point.reload_vault(path).await?;
 
         // Reload the event log merkle tree
         // TODO: we could only load commits from HEAD here
@@ -1797,10 +1796,13 @@ impl Account for LocalAccount {
         let (meta, seed, keys) = {
             let authenticated_user = self.storage.authenticated_user()?;
             let identity = authenticated_user.identity()?;
-            let input = identity.keeper();
-            let seed = input.vault().seed().cloned();
-            let meta = input.vault_meta().await?;
-            let keys = input.vault().keys().cloned().collect::<Vec<_>>();
+            let folder = identity.folder();
+            let access_point = folder.access_point();
+            let access_point = access_point.lock().await;
+            let seed = access_point.vault().seed().cloned();
+            let meta = access_point.vault_meta().await?;
+            let keys =
+                access_point.vault().keys().cloned().collect::<Vec<_>>();
             (meta, seed, keys)
         };
 
@@ -1822,10 +1824,13 @@ impl Account for LocalAccount {
         {
             let authenticated_user = self.storage.authenticated_user()?;
             let identity = authenticated_user.identity()?;
+            let folder = identity.folder();
+            let access_point = folder.access_point();
+            let access_point = access_point.lock().await;
 
             for key in keys {
                 let (meta, secret, _) =
-                    identity.keeper().read_secret(&key).await?.unwrap();
+                    access_point.read_secret(&key).await?.unwrap();
                 let secret_data = SecretRow::new(key, meta, secret);
                 output.create_secret(&secret_data).await?;
             }
@@ -2390,12 +2395,8 @@ impl Account for LocalAccount {
         &self,
         folder_id: &VaultId,
         secret_id: &SecretId,
-    ) -> std::result::Result<Option<(VaultCommit, ReadEvent)>, Self::Error>
-    {
-        Ok(match self.storage.raw_secret(folder_id, secret_id).await? {
-            Some((commit, event)) => Some((commit.into_owned(), event)),
-            None => None,
-        })
+    ) -> Result<Option<(VaultCommit, ReadEvent)>> {
+        Ok(self.storage.raw_secret(folder_id, secret_id).await?)
     }
 
     async fn delete_secret(
 
@@ -11,7 +11,6 @@ use sos_vault::{
     secret::{Secret, SecretMeta, SecretRow},
     AccessPoint, SecretAccess, Summary, Vault, VaultMeta,
 };
-use std::borrow::Cow;
 use std::path::Path;
 
 /// Backend storage access point.
@@ -129,7 +128,7 @@ impl SecretAccess for BackendAccessPoint {
     async fn raw_secret(
         &self,
         id: &SecretId,
-    ) -> Result<Option<(Cow<'_, VaultCommit>, ReadEvent)>> {
+    ) -> Result<Option<(VaultCommit, ReadEvent)>> {
         Ok(self.0.raw_secret(id).await?)
     }
 
 
@@ -23,12 +23,13 @@ use sos_vault::{
     VaultCommit, VaultId, VaultMeta,
 };
 use sos_vfs as vfs;
-use std::{borrow::Cow, path::Path, sync::Arc};
-use tokio::sync::RwLock;
+use std::{path::Path, sync::Arc};
+use tokio::sync::{Mutex, RwLock};
 
 /// Folder is a combined vault and event log.
+#[derive(Clone)]
 pub struct Folder {
-    pub(crate) keeper: AccessPoint,
+    pub(crate) access_point: Arc<Mutex<AccessPoint>>,
     events: Arc<RwLock<FolderEventLog>>,
 }
 
@@ -64,10 +65,10 @@ impl Folder {
         };
 
         let mirror = VaultFileWriter::<Error>::new(path.as_ref());
-        let keeper =
+        let access_point =
             VaultAccessPoint::<Error>::new_mirror(vault, Box::new(mirror));
 
-        Ok(Self::init(AccessPoint::new(keeper), event_log))
+        Ok(Self::init(AccessPoint::new(access_point), event_log))
     }
 
     /// Create a new folder from a database table.
@@ -126,33 +127,29 @@ impl Folder {
         }
 
         let mirror = VaultDatabaseWriter::<Error>::new(client, folder_id);
-        let keeper =
+        let access_point =
             VaultAccessPoint::<Error>::new_mirror(vault, Box::new(mirror));
 
-        Ok(Self::init(AccessPoint::new(keeper), event_log))
+        Ok(Self::init(AccessPoint::new(access_point), event_log))
     }
 
     /// Create a new folder.
-    fn init(keeper: AccessPoint, events: FolderEventLog) -> Self {
+    fn init(access_point: AccessPoint, events: FolderEventLog) -> Self {
         Self {
-            keeper,
+            access_point: Arc::new(Mutex::new(access_point)),
             events: Arc::new(RwLock::new(events)),
         }
     }
 
     /// Folder identifier.
-    pub fn id(&self) -> &VaultId {
-        self.keeper.id()
+    pub async fn id(&self) -> VaultId {
+        let access_point = self.access_point.lock().await;
+        *access_point.id()
     }
 
-    /// AccessPoint for this folder.
-    pub fn keeper(&self) -> &AccessPoint {
-        &self.keeper
-    }
-
-    /// Mutable access point for this folder.
-    pub fn keeper_mut(&mut self) -> &mut AccessPoint {
-        &mut self.keeper
+    /// Access point for this folder.
+    pub fn access_point(&self) -> Arc<Mutex<AccessPoint>> {
+        self.access_point.clone()
     }
 
     /// Clone of the event log.
@@ -165,20 +162,23 @@ impl Folder {
         &mut self,
         key: &AccessKey,
     ) -> crate::Result<VaultMeta> {
-        Ok(self.keeper.unlock(key).await?)
+        let mut access_point = self.access_point.lock().await;
+        Ok(access_point.unlock(key).await?)
     }
 
     /// Lock the folder.
-    pub fn lock(&mut self) {
-        self.keeper.lock();
+    pub async fn lock(&mut self) {
+        let mut access_point = self.access_point.lock().await;
+        access_point.lock();
     }
 
     /// Create a secret.
     pub async fn create_secret(
         &mut self,
         secret_data: &SecretRow,
     ) -> crate::Result<WriteEvent> {
-        let event = self.keeper.create_secret(secret_data).await?;
+        let mut access_point = self.access_point.lock().await;
+        let event = access_point.create_secret(secret_data).await?;
         let mut events = self.events.write().await;
         events.apply(vec![&event]).await?;
         Ok(event)
@@ -189,15 +189,17 @@ impl Folder {
         &self,
         id: &SecretId,
     ) -> crate::Result<Option<(SecretMeta, Secret, ReadEvent)>> {
-        Ok(self.keeper.read_secret(id).await?)
+        let access_point = self.access_point.lock().await;
+        Ok(access_point.read_secret(id).await?)
     }
 
     /// Read the encrypted contents of a secret.
     pub async fn raw_secret(
         &self,
         id: &SecretId,
-    ) -> crate::Result<Option<(Cow<'_, VaultCommit>, ReadEvent)>> {
-        Ok(self.keeper.raw_secret(id).await?)
+    ) -> crate::Result<Option<(VaultCommit, ReadEvent)>> {
+        let access_point = self.access_point.lock().await;
+        Ok(access_point.raw_secret(id).await?)
     }
 
     /// Update a secret.
@@ -207,8 +209,9 @@ impl Folder {
         secret_meta: SecretMeta,
         secret: Secret,
     ) -> crate::Result<Option<WriteEvent>> {
+        let mut access_point = self.access_point.lock().await;
         if let Some(event) =
-            self.keeper.update_secret(id, secret_meta, secret).await?
+            access_point.update_secret(id, secret_meta, secret).await?
         {
             let mut events = self.events.write().await;
             events.apply(vec![&event]).await?;
@@ -223,7 +226,8 @@ impl Folder {
         &mut self,
         id: &SecretId,
     ) -> Result<Option<WriteEvent>> {
-        if let Some(event) = self.keeper.delete_secret(id).await? {
+        let mut access_point = self.access_point.lock().await;
+        if let Some(event) = access_point.delete_secret(id).await? {
             let mut events = self.events.write().await;
             events.apply(vec![&event]).await?;
             Ok(Some(event))
@@ -237,7 +241,10 @@ impl Folder {
         &mut self,
         name: impl AsRef<str>,
     ) -> Result<WriteEvent> {
-        self.keeper.set_vault_name(name.as_ref().to_owned()).await?;
+        let mut access_point = self.access_point.lock().await;
+        access_point
+            .set_vault_name(name.as_ref().to_owned())
+            .await?;
         let event = WriteEvent::SetVaultName(name.as_ref().to_owned());
         let mut events = self.events.write().await;
         events.apply(vec![&event]).await?;
@@ -249,7 +256,8 @@ impl Folder {
         &mut self,
         flags: VaultFlags,
     ) -> Result<WriteEvent> {
-        self.keeper.set_vault_flags(flags.clone()).await?;
+        let mut access_point = self.access_point.lock().await;
+        access_point.set_vault_flags(flags.clone()).await?;
         let event = WriteEvent::SetVaultFlags(flags);
         let mut events = self.events.write().await;
         events.apply(vec![&event]).await?;
@@ -258,7 +266,8 @@ impl Folder {
 
     /// Description of this folder.
     pub async fn description(&self) -> Result<String> {
-        let meta = self.keeper.vault_meta().await?;
+        let access_point = self.access_point.lock().await;
+        let meta = access_point.vault_meta().await?;
         Ok(meta.description().to_owned())
     }
 
@@ -267,14 +276,18 @@ impl Folder {
         &mut self,
         description: impl AsRef<str>,
     ) -> Result<WriteEvent> {
-        let mut meta = self.keeper.vault_meta().await?;
+        let mut meta = {
+            let access_point = self.access_point.lock().await;
+            access_point.vault_meta().await?
+        };
         meta.set_description(description.as_ref().to_owned());
         self.set_meta(&meta).await
     }
 
     /// Set the folder meta data.
     pub async fn set_meta(&mut self, meta: &VaultMeta) -> Result<WriteEvent> {
-        let event = self.keeper.set_vault_meta(meta).await?;
+        let mut access_point = self.access_point.lock().await;
+        let event = access_point.set_vault_meta(meta).await?;
         let mut events = self.events.write().await;
         events.apply(vec![&event]).await?;
         Ok(event)
@@ -322,6 +335,8 @@ impl Folder {
 
 impl From<Folder> for Vault {
     fn from(value: Folder) -> Self {
-        value.keeper.into()
+        let mutex = Arc::into_inner(value.access_point).unwrap();
+        let access_point = mutex.into_inner();
+        access_point.into()
     }
 }
@@ -315,9 +315,10 @@ where
                             if let Some(folder) =
                                 storage.folders().get(&folder_id)
                             {
-                                let keeper = folder.keeper();
+                                let access_point = folder.access_point();
+                                let access_point = access_point.lock().await;
                                 let mut index = index.write().await;
-                                index.add_folder(keeper).await?;
+                                index.add_folder(&*access_point).await?;
                             }
                         }
                         AccountEvent::DeleteFolder(_) => {
@@ -334,18 +335,20 @@ where
                 if let Some(folder) =
                     storage.folders_mut().get_mut(&folder_id)
                 {
-                    let keeper = folder.keeper_mut();
+                    let access_point = folder.access_point();
+                    let mut access_point = access_point.lock().await;
 
                     // Must reload the vault before updating the
                     // search index
                     let path = paths.vault_path(folder_id);
-                    keeper.reload_vault(path).await?;
+                    access_point.reload_vault(path).await?;
 
                     for event in events {
                         match event {
                             WriteEvent::CreateSecret(secret_id, _) => {
-                                if let Some((meta, secret, _)) =
-                                    keeper.read_secret(secret_id).await?
+                                if let Some((meta, secret, _)) = access_point
+                                    .read_secret(secret_id)
+                                    .await?
                                 {
                                     let mut index = index.write().await;
                                     index.add(
@@ -354,8 +357,9 @@ where
                                 }
                             }
                             WriteEvent::UpdateSecret(secret_id, _) => {
-                                if let Some((meta, secret, _)) =
-                                    keeper.read_secret(secret_id).await?
+                                if let Some((meta, secret, _)) = access_point
+                                    .read_secret(secret_id)
+                                    .await?
                                 {
                                     let mut index = index.write().await;
                                     index.update(