Data and credentials
Understand where workspace data and API keys live, how they are protected at rest, and how to back up and restore your desk.
All workspace data and credentials stay on your machine — Qoc never transmits keys or positions to any external service except the venues you explicitly connect.
Workspace layout on disk
Your workspace is a directory of plain files organized under a git-like history. The root contains desk.toml; subdirectories hold structured data. You own every file — back them up, version them, or inspect them with any text tool.
Workspace directory reference
| Path | Contents | Sensitive? |
|---|---|---|
| desk.toml | Connector and guard configuration | No (no secrets inline) |
| entities/ | Named entities (portfolios, watchlists, rules) | No |
| inbox/ | Incoming fills and venue events | No |
| issues/ | Agent task backlog | No |
| schedules/ | Scheduled task definitions | No |
| snapshots/ | Point-in-time NAV and position captures | Sensitive (financial data) |
| research/ | Agent-authored research documents | No |
| orders/ | Proposed, approved, filled, and cancelled orders | Sensitive (financial data) |
Credentials and the secret store
API keys and auth tokens are never written into desk.toml. They are referenced by environment variable name ({ env = "EQ_API_KEY" }) or by a path in a secret store. At startup, Qoc resolves references and holds credentials in memory; they are not logged or persisted to disk in plaintext.
Supported secret sources in V0.73.0: environment variables, Docker secrets, and files on a tmpfs mount. A plugin interface for external secret managers is on the roadmap.
Referencing secrets in desk.toml
# 1. Environment variable (simplest)
[connector.auth]
api_key = { env = "EQ_API_KEY" }
# 2. Docker secret file
[connector.auth]
api_key = { file = "/run/secrets/eq_api_key" }
# 3. Inline file path (use tmpfs for sensitive hosts)
[connector.auth]
api_key = { file = "/dev/shm/eq_api_key.txt" }Encryption at rest
Qoc encrypts the orders/ and snapshots/ directories at rest using AES-256-GCM with a key derived from your auth token. If the auth token is rotated, Qoc re-encrypts existing data before completing the rotation.
The qoc_state Docker volume (connector session state) is also encrypted. Plain workspace files (desk.toml, research/, issues/) are not encrypted — they contain no secrets and benefit from being readable by standard tools.
Backing up your workspace
- 1
Stop or pause the agent
Run
qoc run pauseto stop the agent loop without stopping the container. This prevents concurrent writes during the backup. - 2
Archive the workspace directory
Copy the entire workspace directory to your backup destination. Include the
.gitdirectory if present — it contains the full workspace history. - 3
Back up the auth token separately
Store the auth token in a separate, secure location from the workspace. Without it you cannot decrypt
orders/orsnapshots/from a backup. - 4
Resume the agent
Run
qoc run resumeto restart the agent loop. Qoc will reconcile positions with connected venues and resume normal operation.
Losing the auth token means losing encrypted history
The auth token is the only input to the encryption key derivation. If you lose the token and your backup of it, you cannot recover the contents of orders/ or snapshots/. Store the token in at least two independent locations.
What leaves the machine
Qoc makes outbound network calls only to: connected venue APIs (as directed by the agent), the tunnel relay (if tunnel is enabled), and any MCP tool endpoints you configure. No telemetry, no analytics, no data is transmitted to Qoc Inc. servers.