diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 773454e39..8a464f599 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -92,6 +92,16 @@ jobs:
             * [ ] add Linux appimage, zsync file and signature file
             * [ ] add Windows installer and signature file
             * [ ] add MacOs disk image and signature file
+
+            ## What's new
+
+            ## Bugfixes
+
+            ## Misc
+
+            ---
+
+            :scroll: A complete list of closed issues is available [here](LINK)
           draft: true
           prerelease: false
       - name: Upload buildkit-linux.zip to GitHub Releases
diff --git a/.gitignore b/.gitignore
index 900a21ae0..d0e6b59a3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -21,5 +21,6 @@ pom.xml.versionsBackup
 .idea/compiler.xml
 .idea/encodings.xml
 .idea/jarRepositories.xml
+.idea/uiDesigner.xml
 .idea/**/libraries/
 *.iml
\ No newline at end of file
diff --git a/README.md b/README.md
index d5cf5ea8e..dccec1091 100644
--- a/README.md
+++ b/README.md
@@ -48,7 +48,7 @@ Download native binaries of Cryptomator on [cryptomator.org](https://cryptomator
 
 ## Features
 
-- Works with Dropbox, Google Drive, OneDrive, ownCloud, Nextcloud and any other cloud storage service which synchronizes with a local directory
+- Works with Dropbox, Google Drive, OneDrive, MEGA, pCloud, ownCloud, Nextcloud and any other cloud storage service which synchronizes with a local directory
 - Open Source means: No backdoors, control is better than trust
 - Client-side: No accounts, no data shared with any online service
 - Totally transparent: Just work on the virtual drive as if it were a USB flash drive
diff --git a/main/commons/src/main/java/org/cryptomator/common/CommonsModule.java b/main/commons/src/main/java/org/cryptomator/common/CommonsModule.java
index 2a0a42ecb..f8e0e8078 100644
--- a/main/commons/src/main/java/org/cryptomator/common/CommonsModule.java
+++ b/main/commons/src/main/java/org/cryptomator/common/CommonsModule.java
@@ -15,6 +15,7 @@ import org.cryptomator.common.settings.SettingsProvider;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultComponent;
 import org.cryptomator.common.vaults.VaultListManager;
+import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.cryptomator.frontend.webdav.WebDavServer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -25,6 +26,8 @@ import javafx.beans.binding.Binding;
 import javafx.beans.binding.Bindings;
 import javafx.collections.ObservableList;
 import java.net.InetSocketAddress;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.util.Comparator;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
@@ -55,6 +58,22 @@ public abstract class CommonsModule {
 				""";
 	}
 
+	@Provides
+	@Singleton
+	static SecureRandom provideCSPRNG() {
+		try {
+			return SecureRandom.getInstanceStrong();
+		} catch (NoSuchAlgorithmException e) {
+			throw new IllegalStateException("A strong algorithm must exist in every Java platform.", e);
+		}
+	}
+
+	@Provides
+	@Singleton
+	static MasterkeyFileAccess provideMasterkeyFileAccess(SecureRandom csprng) {
+		return new MasterkeyFileAccess(Constants.PEPPER, csprng);
+	}
+
 	@Provides
 	@Singleton
 	@Named("SemVer")
diff --git a/main/commons/src/main/java/org/cryptomator/common/Constants.java b/main/commons/src/main/java/org/cryptomator/common/Constants.java
index 432cd08e5..06dedfc2d 100644
--- a/main/commons/src/main/java/org/cryptomator/common/Constants.java
+++ b/main/commons/src/main/java/org/cryptomator/common/Constants.java
@@ -3,5 +3,8 @@ package org.cryptomator.common;
 public interface Constants {
 
 	String MASTERKEY_FILENAME = "masterkey.cryptomator";
+	String MASTERKEY_BACKUP_SUFFIX = ".bkup";
+	String VAULTCONFIG_FILENAME = "vault.cryptomator";
+	byte[] PEPPER = new byte[0];
 
 }
diff --git a/main/commons/src/main/java/org/cryptomator/common/settings/VaultSettings.java b/main/commons/src/main/java/org/cryptomator/common/settings/VaultSettings.java
index 1b93d0901..1db67d4d5 100644
--- a/main/commons/src/main/java/org/cryptomator/common/settings/VaultSettings.java
+++ b/main/commons/src/main/java/org/cryptomator/common/settings/VaultSettings.java
@@ -28,7 +28,7 @@ public class VaultSettings {
 	public static final boolean DEFAULT_USES_INDIVIDUAL_MOUNTPATH = false;
 	public static final boolean DEFAULT_USES_READONLY_MODE = false;
 	public static final String DEFAULT_MOUNT_FLAGS = "";
-	public static final int DEFAULT_FILENAME_LENGTH_LIMIT = -1;
+	public static final int DEFAULT_MAX_CLEARTEXT_FILENAME_LENGTH = -1;
 	public static final WhenUnlocked DEFAULT_ACTION_AFTER_UNLOCK = WhenUnlocked.ASK;
 	public static final boolean DEFAULT_LOCK_AFTER_TIME = false;
 	public static final int DEFAULT_LOCK_TIME_IN_MINUTES = 30;
@@ -45,7 +45,7 @@ public class VaultSettings {
 	private final StringProperty customMountPath = new SimpleStringProperty();
 	private final BooleanProperty usesReadOnlyMode = new SimpleBooleanProperty(DEFAULT_USES_READONLY_MODE);
 	private final StringProperty mountFlags = new SimpleStringProperty(DEFAULT_MOUNT_FLAGS);
-	private final IntegerProperty filenameLengthLimit = new SimpleIntegerProperty(DEFAULT_FILENAME_LENGTH_LIMIT);
+	private final IntegerProperty maxCleartextFilenameLength = new SimpleIntegerProperty(DEFAULT_MAX_CLEARTEXT_FILENAME_LENGTH);
 	private final ObjectProperty<WhenUnlocked> actionAfterUnlock = new SimpleObjectProperty<>(DEFAULT_ACTION_AFTER_UNLOCK);
 	private final BooleanProperty lockAfterTime = new SimpleBooleanProperty(DEFAULT_LOCK_AFTER_TIME);
 	private final IntegerProperty lockTimeInMinutes = new SimpleIntegerProperty(DEFAULT_LOCK_TIME_IN_MINUTES);
@@ -57,7 +57,7 @@ public class VaultSettings {
 	}
 
 	Observable[] observables() {
-		return new Observable[]{path, displayName, winDriveLetter, unlockAfterStartup, revealAfterMount, useCustomMountPath, customMountPath, usesReadOnlyMode, mountFlags, filenameLengthLimit, actionAfterUnlock,  lockAfterTime, lockTimeInMinutes};
+		return new Observable[]{path, displayName, winDriveLetter, unlockAfterStartup, revealAfterMount, useCustomMountPath, customMountPath, usesReadOnlyMode, mountFlags, maxCleartextFilenameLength, actionAfterUnlock,  lockAfterTime, lockTimeInMinutes};
 	}
 
 	public static VaultSettings withRandomId() {
@@ -146,8 +146,8 @@ public class VaultSettings {
 		return mountFlags;
 	}
 
-	public IntegerProperty filenameLengthLimit() {
-		return filenameLengthLimit;
+	public IntegerProperty maxCleartextFilenameLength() {
+		return maxCleartextFilenameLength;
 	}
 
 	public ObjectProperty<WhenUnlocked> actionAfterUnlock() {
diff --git a/main/commons/src/main/java/org/cryptomator/common/settings/VaultSettingsJsonAdapter.java b/main/commons/src/main/java/org/cryptomator/common/settings/VaultSettingsJsonAdapter.java
index ffff021e2..26aa3d51c 100644
--- a/main/commons/src/main/java/org/cryptomator/common/settings/VaultSettingsJsonAdapter.java
+++ b/main/commons/src/main/java/org/cryptomator/common/settings/VaultSettingsJsonAdapter.java
@@ -29,7 +29,7 @@ class VaultSettingsJsonAdapter {
 		out.name("customMountPath").value(value.customMountPath().get());
 		out.name("usesReadOnlyMode").value(value.usesReadOnlyMode().get());
 		out.name("mountFlags").value(value.mountFlags().get());
-		out.name("filenameLengthLimit").value(value.filenameLengthLimit().get());
+		out.name("maxCleartextFilenameLength").value(value.maxCleartextFilenameLength().get());
 		out.name("actionAfterUnlock").value(value.actionAfterUnlock().get().name());
 		out.name("lockAfterTime").value(value.lockAfterTime().get());
 		out.name("lockTimeInMinutes").value(value.lockTimeInMinutes().get());
@@ -48,7 +48,7 @@ class VaultSettingsJsonAdapter {
 		boolean useCustomMountPath = VaultSettings.DEFAULT_USES_INDIVIDUAL_MOUNTPATH;
 		boolean usesReadOnlyMode = VaultSettings.DEFAULT_USES_READONLY_MODE;
 		String mountFlags = VaultSettings.DEFAULT_MOUNT_FLAGS;
-		int filenameLengthLimit = VaultSettings.DEFAULT_FILENAME_LENGTH_LIMIT;
+		int maxCleartextFilenameLength = VaultSettings.DEFAULT_MAX_CLEARTEXT_FILENAME_LENGTH;
 		WhenUnlocked actionAfterUnlock = VaultSettings.DEFAULT_ACTION_AFTER_UNLOCK;
 		boolean lockAfterTime = VaultSettings.DEFAULT_LOCK_AFTER_TIME;
 		int lockTimeInMinutes = VaultSettings.DEFAULT_LOCK_TIME_IN_MINUTES;
@@ -68,7 +68,7 @@ class VaultSettingsJsonAdapter {
 				case "individualMountPath", "customMountPath" -> customMountPath = in.nextString();
 				case "usesReadOnlyMode" -> usesReadOnlyMode = in.nextBoolean();
 				case "mountFlags" -> mountFlags = in.nextString();
-				case "filenameLengthLimit" -> filenameLengthLimit = in.nextInt();
+				case "maxCleartextFilenameLength" -> maxCleartextFilenameLength = in.nextInt();
 				case "actionAfterUnlock" -> actionAfterUnlock = parseActionAfterUnlock(in.nextString());
 				case "lockAfterTime" -> lockAfterTime = in.nextBoolean();
 				case "lockTimeInMinutes" -> lockTimeInMinutes = in.nextInt();
@@ -94,7 +94,7 @@ class VaultSettingsJsonAdapter {
 		vaultSettings.customMountPath().set(customMountPath);
 		vaultSettings.usesReadOnlyMode().set(usesReadOnlyMode);
 		vaultSettings.mountFlags().set(mountFlags);
-		vaultSettings.filenameLengthLimit().set(filenameLengthLimit);
+		vaultSettings.maxCleartextFilenameLength().set(maxCleartextFilenameLength);
 		vaultSettings.actionAfterUnlock().set(actionAfterUnlock);
 		vaultSettings.lockAfterTime().set(lockAfterTime);
 		vaultSettings.lockTimeInMinutes().set(lockTimeInMinutes);
diff --git a/main/commons/src/main/java/org/cryptomator/common/vaults/DokanyVolume.java b/main/commons/src/main/java/org/cryptomator/common/vaults/DokanyVolume.java
index a33dbd5ee..c998761d0 100644
--- a/main/commons/src/main/java/org/cryptomator/common/vaults/DokanyVolume.java
+++ b/main/commons/src/main/java/org/cryptomator/common/vaults/DokanyVolume.java
@@ -5,15 +5,15 @@ import org.cryptomator.common.mountpoint.MountPointChooser;
 import org.cryptomator.common.settings.VaultSettings;
 import org.cryptomator.common.settings.VolumeImpl;
 import org.cryptomator.cryptofs.CryptoFileSystem;
+import org.cryptomator.frontend.dokany.DokanyMountFailedException;
 import org.cryptomator.frontend.dokany.Mount;
 import org.cryptomator.frontend.dokany.MountFactory;
-import org.cryptomator.frontend.dokany.MountFailedException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
 import javax.inject.Named;
-import java.util.concurrent.ExecutorService;
+import java.util.function.Consumer;
 
 public class DokanyVolume extends AbstractVolume {
 
@@ -22,15 +22,13 @@ public class DokanyVolume extends AbstractVolume {
 	private static final String FS_TYPE_NAME = "CryptomatorFS";
 
 	private final VaultSettings vaultSettings;
-	private final MountFactory mountFactory;
 
 	private Mount mount;
 
 	@Inject
-	public DokanyVolume(VaultSettings vaultSettings, ExecutorService executorService, @Named("orderedMountPointChoosers") Iterable<MountPointChooser> choosers) {
+	public DokanyVolume(VaultSettings vaultSettings, @Named("orderedMountPointChoosers") Iterable<MountPointChooser> choosers) {
 		super(choosers);
 		this.vaultSettings = vaultSettings;
-		this.mountFactory = new MountFactory(executorService);
 	}
 
 	@Override
@@ -39,11 +37,11 @@ public class DokanyVolume extends AbstractVolume {
 	}
 
 	@Override
-	public void mount(CryptoFileSystem fs, String mountFlags) throws InvalidMountPointException, VolumeException {
+	public void mount(CryptoFileSystem fs, String mountFlags, Consumer<Throwable> onExitAction) throws InvalidMountPointException, VolumeException {
 		this.mountPoint = determineMountPoint();
 		try {
-			this.mount = mountFactory.mount(fs.getPath("/"), mountPoint, vaultSettings.mountName().get(), FS_TYPE_NAME, mountFlags.strip());
-		} catch (MountFailedException e) {
+			this.mount = MountFactory.mount(fs.getPath("/"), mountPoint, vaultSettings.mountName().get(), FS_TYPE_NAME, mountFlags.strip(), onExitAction);
+		} catch (DokanyMountFailedException e) {
 			if (vaultSettings.getCustomMountPath().isPresent()) {
 				LOG.warn("Failed to mount vault into {}. Is this directory currently accessed by another process (e.g. Windows Explorer)?", mountPoint);
 			}
diff --git a/main/commons/src/main/java/org/cryptomator/common/vaults/FuseVolume.java b/main/commons/src/main/java/org/cryptomator/common/vaults/FuseVolume.java
index 5400f8ff2..a1579fdaf 100644
--- a/main/commons/src/main/java/org/cryptomator/common/vaults/FuseVolume.java
+++ b/main/commons/src/main/java/org/cryptomator/common/vaults/FuseVolume.java
@@ -6,8 +6,8 @@ import org.cryptomator.common.mountpoint.InvalidMountPointException;
 import org.cryptomator.common.mountpoint.MountPointChooser;
 import org.cryptomator.common.settings.VolumeImpl;
 import org.cryptomator.cryptofs.CryptoFileSystem;
-import org.cryptomator.frontend.fuse.mount.CommandFailedException;
 import org.cryptomator.frontend.fuse.mount.EnvironmentVariables;
+import org.cryptomator.frontend.fuse.mount.FuseMountException;
 import org.cryptomator.frontend.fuse.mount.FuseMountFactory;
 import org.cryptomator.frontend.fuse.mount.FuseNotSupportedException;
 import org.cryptomator.frontend.fuse.mount.Mount;
@@ -20,6 +20,7 @@ import javax.inject.Named;
 import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.function.Consumer;
 import java.util.regex.Pattern;
 
 public class FuseVolume extends AbstractVolume {
@@ -35,20 +36,21 @@ public class FuseVolume extends AbstractVolume {
 	}
 
 	@Override
-	public void mount(CryptoFileSystem fs, String mountFlags) throws InvalidMountPointException, VolumeException {
+	public void mount(CryptoFileSystem fs, String mountFlags, Consumer<Throwable> onExitAction) throws InvalidMountPointException, VolumeException {
 		this.mountPoint = determineMountPoint();
-
-		mount(fs.getPath("/"), mountFlags);
+		mount(fs.getPath("/"), mountFlags, onExitAction);
 	}
 
-	private void mount(Path root, String mountFlags) throws VolumeException {
+	private void mount(Path root, String mountFlags, Consumer<Throwable> onExitAction) throws VolumeException {
 		try {
 			Mounter mounter = FuseMountFactory.getMounter();
 			EnvironmentVariables envVars = EnvironmentVariables.create() //
-					.withFlags(splitFlags(mountFlags)).withMountPoint(mountPoint) //
+					.withFlags(splitFlags(mountFlags)) //
+					.withMountPoint(mountPoint) //
+					.withFileNameTranscoder(mounter.defaultFileNameTranscoder()) //
 					.build();
-			this.mount = mounter.mount(root, envVars);
-		} catch (CommandFailedException | FuseNotSupportedException e) {
+			this.mount = mounter.mount(root, envVars, onExitAction);
+		} catch ( FuseMountException | FuseNotSupportedException e) {
 			throw new VolumeException("Unable to mount Filesystem", e);
 		}
 	}
@@ -89,8 +91,7 @@ public class FuseVolume extends AbstractVolume {
 	public synchronized void unmountForced() throws VolumeException {
 		try {
 			mount.unmountForced();
-			mount.close();
-		} catch (CommandFailedException e) {
+		} catch (FuseMountException e) {
 			throw new VolumeException(e);
 		}
 		cleanupMountPoint();
@@ -100,8 +101,7 @@ public class FuseVolume extends AbstractVolume {
 	public synchronized void unmount() throws VolumeException {
 		try {
 			mount.unmount();
-			mount.close();
-		} catch (CommandFailedException e) {
+		} catch (FuseMountException e) {
 			throw new VolumeException(e);
 		}
 		cleanupMountPoint();
diff --git a/main/commons/src/main/java/org/cryptomator/common/vaults/LockNotCompletedException.java b/main/commons/src/main/java/org/cryptomator/common/vaults/LockNotCompletedException.java
new file mode 100644
index 000000000..237630da0
--- /dev/null
+++ b/main/commons/src/main/java/org/cryptomator/common/vaults/LockNotCompletedException.java
@@ -0,0 +1,12 @@
+package org.cryptomator.common.vaults;
+
+public class LockNotCompletedException extends Exception {
+
+	public LockNotCompletedException(String reason) {
+		super(reason);
+	}
+
+	public LockNotCompletedException(Throwable cause) {
+		super(cause);
+	}
+}
diff --git a/main/commons/src/main/java/org/cryptomator/common/vaults/Vault.java b/main/commons/src/main/java/org/cryptomator/common/vaults/Vault.java
index 98a6cf21b..02fd03600 100644
--- a/main/commons/src/main/java/org/cryptomator/common/vaults/Vault.java
+++ b/main/commons/src/main/java/org/cryptomator/common/vaults/Vault.java
@@ -17,10 +17,12 @@ import org.cryptomator.cryptofs.CryptoFileSystem;
 import org.cryptomator.cryptofs.CryptoFileSystemProperties;
 import org.cryptomator.cryptofs.CryptoFileSystemProperties.FileSystemFlags;
 import org.cryptomator.cryptofs.CryptoFileSystemProvider;
-import org.cryptomator.cryptofs.common.Constants;
+import org.cryptomator.cryptofs.VaultConfig;
+import org.cryptomator.cryptofs.VaultConfig.UnverifiedVaultConfig;
 import org.cryptomator.cryptofs.common.FileSystemCapabilityChecker;
 import org.cryptomator.cryptolib.api.CryptoException;
-import org.cryptomator.cryptolib.api.InvalidPassphraseException;
+import org.cryptomator.cryptolib.api.MasterkeyLoader;
+import org.cryptomator.cryptolib.api.MasterkeyLoadingFailedException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -35,28 +37,29 @@ import javafx.beans.property.BooleanProperty;
 import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.SimpleBooleanProperty;
 import java.io.IOException;
-import java.nio.file.NoSuchFileException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.EnumSet;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.Set;
+import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicReference;
 
-import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
-
 @PerVault
 public class Vault {
 
 	private static final Logger LOG = LoggerFactory.getLogger(Vault.class);
 	private static final Path HOME_DIR = Paths.get(SystemUtils.USER_HOME);
+	private static final int UNLIMITED_FILENAME_LENGTH = Integer.MAX_VALUE;
 
 	private final VaultSettings vaultSettings;
 	private final Provider<Volume> volumeProvider;
 	private final StringBinding defaultMountFlags;
 	private final AtomicReference<CryptoFileSystem> cryptoFileSystem;
-	private final ObjectProperty<VaultState> state;
+	private final VaultState state;
 	private final ObjectProperty<Exception> lastKnownException;
 	private final VaultStats stats;
 	private final StringBinding displayName;
@@ -74,7 +77,7 @@ public class Vault {
 	private volatile Volume volume;
 
 	@Inject
-	Vault(VaultSettings vaultSettings, Provider<Volume> volumeProvider, @DefaultMountFlags StringBinding defaultMountFlags, AtomicReference<CryptoFileSystem> cryptoFileSystem, ObjectProperty<VaultState> state, @Named("lastKnownException") ObjectProperty<Exception> lastKnownException, VaultStats stats) {
+	Vault(VaultSettings vaultSettings, Provider<Volume> volumeProvider, @DefaultMountFlags StringBinding defaultMountFlags, AtomicReference<CryptoFileSystem> cryptoFileSystem, VaultState state, @Named("lastKnownException") ObjectProperty<Exception> lastKnownException, VaultStats stats) {
 		this.vaultSettings = vaultSettings;
 		this.volumeProvider = volumeProvider;
 		this.defaultMountFlags = defaultMountFlags;
@@ -99,24 +102,31 @@ public class Vault {
 	// Commands
 	// ********************************************************************************/
 
-	private CryptoFileSystem createCryptoFileSystem(CharSequence passphrase) throws NoSuchFileException, IOException, InvalidPassphraseException, CryptoException {
+	private CryptoFileSystem createCryptoFileSystem(MasterkeyLoader keyLoader) throws IOException, MasterkeyLoadingFailedException {
 		Set<FileSystemFlags> flags = EnumSet.noneOf(FileSystemFlags.class);
 		if (vaultSettings.usesReadOnlyMode().get()) {
 			flags.add(FileSystemFlags.READONLY);
+		} else if(vaultSettings.maxCleartextFilenameLength().get() == -1) {
+			LOG.debug("Determining cleartext filename length limitations...");
+			var checker = new FileSystemCapabilityChecker();
+			int shorteningThreshold = getUnverifiedVaultConfig().allegedShorteningThreshold();
+			int ciphertextLimit = checker.determineSupportedCiphertextFileNameLength(getPath());
+			if (ciphertextLimit < shorteningThreshold) {
+				int cleartextLimit = checker.determineSupportedCleartextFileNameLength(getPath());
+				vaultSettings.maxCleartextFilenameLength().set(cleartextLimit);
+			} else {
+				vaultSettings.maxCleartextFilenameLength().setValue(UNLIMITED_FILENAME_LENGTH);
+			}
 		}
-		if (!flags.contains(FileSystemFlags.READONLY) && vaultSettings.filenameLengthLimit().get() == -1) {
-			LOG.debug("Determining file name length limitations...");
-			int limit = new FileSystemCapabilityChecker().determineSupportedFileNameLength(getPath());
-			vaultSettings.filenameLengthLimit().set(limit);
-			LOG.info("Storing file name length limit of {}", limit);
+
+		if (vaultSettings.maxCleartextFilenameLength().get() < UNLIMITED_FILENAME_LENGTH) {
+			LOG.warn("Limiting cleartext filename length on this device to {}.", vaultSettings.maxCleartextFilenameLength().get());
 		}
-		assert vaultSettings.filenameLengthLimit().get() > 0;
+
 		CryptoFileSystemProperties fsProps = CryptoFileSystemProperties.cryptoFileSystemProperties() //
-				.withPassphrase(passphrase) //
+				.withKeyLoader(keyLoader) //
 				.withFlags(flags) //
-				.withMasterkeyFilename(MASTERKEY_FILENAME) //
-				.withMaxPathLength(vaultSettings.filenameLengthLimit().get() + Constants.MAX_ADDITIONAL_PATH_LENGTH) //
-				.withMaxNameLength(vaultSettings.filenameLengthLimit().get()) //
+				.withMaxCleartextNameLength(vaultSettings.maxCleartextFilenameLength().get()) //
 				.build();
 		return CryptoFileSystemProvider.newFileSystem(getPath(), fsProps);
 	}
@@ -133,29 +143,51 @@ public class Vault {
 		}
 	}
 
-	public synchronized void unlock(CharSequence passphrase) throws CryptoException, IOException, VolumeException, InvalidMountPointException {
-		if (cryptoFileSystem.get() == null) {
-			CryptoFileSystem fs = createCryptoFileSystem(passphrase);
-			cryptoFileSystem.set(fs);
-			try {
-				volume = volumeProvider.get();
-				volume.mount(fs, getEffectiveMountFlags());
-			} catch (Exception e) {
-				destroyCryptoFileSystem();
-				throw e;
-			}
-		} else {
+	public synchronized void unlock(MasterkeyLoader keyLoader) throws CryptoException, IOException, VolumeException, InvalidMountPointException {
+		if (cryptoFileSystem.get() != null) {
 			throw new IllegalStateException("Already unlocked.");
 		}
+		CryptoFileSystem fs = createCryptoFileSystem(keyLoader);
+		boolean success = false;
+		try {
+			cryptoFileSystem.set(fs);
+			volume = volumeProvider.get();
+			volume.mount(fs, getEffectiveMountFlags(), this::lockOnVolumeExit);
+			success = true;
+		} finally {
+			if (!success) {
+				destroyCryptoFileSystem();
+			}
+		}
 	}
 
-	public synchronized void lock(boolean forced) throws VolumeException {
+	private void lockOnVolumeExit(Throwable t) {
+		LOG.info("Unmounted vault '{}'", getDisplayName());
+		destroyCryptoFileSystem();
+		state.set(VaultState.Value.LOCKED);
+		if (t != null) {
+			LOG.warn("Unexpected unmount and lock of vault " + getDisplayName(), t);
+		}
+	}
+
+	public synchronized void lock(boolean forced) throws VolumeException, LockNotCompletedException {
+		//initiate unmount
 		if (forced && volume.supportsForcedUnmount()) {
 			volume.unmountForced();
 		} else {
 			volume.unmount();
 		}
-		destroyCryptoFileSystem();
+
+		//wait for lockOnVolumeExit to be executed
+		try {
+			boolean locked = state.awaitState(VaultState.Value.LOCKED, 3000, TimeUnit.MILLISECONDS);
+			if (!locked) {
+				throw new LockNotCompletedException("Locking of vault " + this.getDisplayName() + " still in progress.");
+			}
+		} catch (InterruptedException e) {
+			Thread.currentThread().interrupt();
+			throw new LockNotCompletedException(e);
+		}
 	}
 
 	public void reveal(Volume.Revealer vaultRevealer) throws VolumeException {
@@ -166,16 +198,12 @@ public class Vault {
 	// Observable Properties
 	// *******************************************************************************
 
-	public ObjectProperty<VaultState> stateProperty() {
+	public VaultState stateProperty() {
 		return state;
 	}
 
-	public VaultState getState() {
-		return state.get();
-	}
-
-	public void setState(VaultState value) {
-		state.setValue(value);
+	public VaultState.Value getState() {
+		return state.getValue();
 	}
 
 	public ObjectProperty<Exception> lastKnownExceptionProperty() {
@@ -195,7 +223,7 @@ public class Vault {
 	}
 
 	public boolean isLocked() {
-		return state.get() == VaultState.LOCKED;
+		return state.get() == VaultState.Value.LOCKED;
 	}
 
 	public BooleanBinding processingProperty() {
@@ -203,7 +231,7 @@ public class Vault {
 	}
 
 	public boolean isProcessing() {
-		return state.get() == VaultState.PROCESSING;
+		return state.get() == VaultState.Value.PROCESSING;
 	}
 
 	public BooleanBinding unlockedProperty() {
@@ -211,7 +239,7 @@ public class Vault {
 	}
 
 	public boolean isUnlocked() {
-		return state.get() == VaultState.UNLOCKED;
+		return state.get() == VaultState.Value.UNLOCKED;
 	}
 
 	public BooleanBinding missingProperty() {
@@ -219,7 +247,7 @@ public class Vault {
 	}
 
 	public boolean isMissing() {
-		return state.get() == VaultState.MISSING;
+		return state.get() == VaultState.Value.MISSING;
 	}
 
 	public BooleanBinding needsMigrationProperty() {
@@ -227,7 +255,7 @@ public class Vault {
 	}
 
 	public boolean isNeedsMigration() {
-		return state.get() == VaultState.NEEDS_MIGRATION;
+		return state.get() == VaultState.Value.NEEDS_MIGRATION;
 	}
 
 	public BooleanBinding unknownErrorProperty() {
@@ -235,7 +263,7 @@ public class Vault {
 	}
 
 	public boolean isUnknownError() {
-		return state.get() == VaultState.ERROR;
+		return state.get() == VaultState.Value.ERROR;
 	}
 
 	public StringBinding displayNameProperty() {
@@ -251,7 +279,7 @@ public class Vault {
 	}
 
 	public String getAccessPoint() {
-		if (state.get() == VaultState.UNLOCKED) {
+		if (state.getValue() == VaultState.Value.UNLOCKED) {
 			assert volume != null;
 			return volume.getMountPoint().orElse(Path.of("")).toString();
 		} else {
@@ -299,6 +327,12 @@ public class Vault {
 		return stats;
 	}
 
+	public UnverifiedVaultConfig getUnverifiedVaultConfig() throws IOException {
+		Path configPath = getPath().resolve(org.cryptomator.common.Constants.VAULTCONFIG_FILENAME);
+		String token = Files.readString(configPath, StandardCharsets.US_ASCII);
+		return VaultConfig.decode(token);
+	}
+
 	public Observable[] observables() {
 		return new Observable[]{state};
 	}
diff --git a/main/commons/src/main/java/org/cryptomator/common/vaults/VaultComponent.java b/main/commons/src/main/java/org/cryptomator/common/vaults/VaultComponent.java
index debfab3ed..47be62520 100644
--- a/main/commons/src/main/java/org/cryptomator/common/vaults/VaultComponent.java
+++ b/main/commons/src/main/java/org/cryptomator/common/vaults/VaultComponent.java
@@ -26,7 +26,7 @@ public interface VaultComponent {
 		Builder vaultSettings(VaultSettings vaultSettings);
 
 		@BindsInstance
-		Builder initialVaultState(VaultState vaultState);
+		Builder initialVaultState(VaultState.Value vaultState);
 
 		@BindsInstance
 		Builder initialErrorCause(@Nullable @Named("lastKnownException") Exception initialErrorCause);
diff --git a/main/commons/src/main/java/org/cryptomator/common/vaults/VaultListManager.java b/main/commons/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
index b7c10a4d4..d5038630a 100644
--- a/main/commons/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
+++ b/main/commons/src/main/java/org/cryptomator/common/vaults/VaultListManager.java
@@ -11,6 +11,7 @@ package org.cryptomator.common.vaults;
 import org.cryptomator.common.settings.Settings;
 import org.cryptomator.common.settings.VaultSettings;
 import org.cryptomator.cryptofs.CryptoFileSystemProvider;
+import org.cryptomator.cryptofs.DirStructure;
 import org.cryptomator.cryptofs.migration.Migrators;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -20,14 +21,16 @@ import javax.inject.Singleton;
 import javafx.collections.FXCollections;
 import javafx.collections.ObservableList;
 import java.io.IOException;
+import java.nio.file.Files;
 import java.nio.file.NoSuchFileException;
 import java.nio.file.Path;
 import java.util.Collection;
 import java.util.Optional;
 import java.util.ResourceBundle;
-import java.util.stream.Collectors;
 
 import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
+import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
+import static org.cryptomator.common.vaults.VaultState.Value.ERROR;
 
 @Singleton
 public class VaultListManager {
@@ -52,19 +55,18 @@ public class VaultListManager {
 		return vaultList;
 	}
 
-	public Vault add(Path pathToVault) throws NoSuchFileException {
+	public Vault add(Path pathToVault) throws IOException {
 		Path normalizedPathToVault = pathToVault.normalize().toAbsolutePath();
-		if (!CryptoFileSystemProvider.containsVault(normalizedPathToVault, MASTERKEY_FILENAME)) {
+		if (CryptoFileSystemProvider.checkDirStructureForVault(normalizedPathToVault, VAULTCONFIG_FILENAME, MASTERKEY_FILENAME) == DirStructure.UNRELATED) {
 			throw new NoSuchFileException(normalizedPathToVault.toString(), null, "Not a vault directory");
 		}
-		Optional<Vault> alreadyExistingVault = get(normalizedPathToVault);
-		if (alreadyExistingVault.isPresent()) {
-			return alreadyExistingVault.get();
-		} else {
-			Vault newVault = create(newVaultSettings(normalizedPathToVault));
-			vaultList.add(newVault);
-			return newVault;
-		}
+
+		return get(normalizedPathToVault) //
+				.orElseGet(() -> {
+					Vault newVault = create(newVaultSettings(normalizedPathToVault));
+					vaultList.add(newVault);
+					return newVault;
+				});
 	}
 
 	private VaultSettings newVaultSettings(Path path) {
@@ -94,43 +96,45 @@ public class VaultListManager {
 	private Vault create(VaultSettings vaultSettings) {
 		VaultComponent.Builder compBuilder = vaultComponentBuilder.vaultSettings(vaultSettings);
 		try {
-			VaultState vaultState = determineVaultState(vaultSettings.path().get());
+			VaultState.Value vaultState = determineVaultState(vaultSettings.path().get());
 			compBuilder.initialVaultState(vaultState);
 		} catch (IOException e) {
 			LOG.warn("Failed to determine vault state for " + vaultSettings.path().get(), e);
-			compBuilder.initialVaultState(VaultState.ERROR);
+			compBuilder.initialVaultState(ERROR);
 			compBuilder.initialErrorCause(e);
 		}
 		return compBuilder.build().vault();
 	}
 
-	public static VaultState redetermineVaultState(Vault vault) {
-		VaultState previousState = vault.getState();
+	public static VaultState.Value redetermineVaultState(Vault vault) {
+		VaultState state = vault.stateProperty();
+		VaultState.Value previousState = state.getValue();
 		return switch (previousState) {
 			case LOCKED, NEEDS_MIGRATION, MISSING -> {
 				try {
-					VaultState determinedState = determineVaultState(vault.getPath());
-					vault.setState(determinedState);
+					var determinedState = determineVaultState(vault.getPath());
+					state.set(determinedState);
 					yield determinedState;
 				} catch (IOException e) {
 					LOG.warn("Failed to determine vault state for " + vault.getPath(), e);
-					vault.setState(VaultState.ERROR);
+					state.set(ERROR);
 					vault.setLastKnownException(e);
-					yield VaultState.ERROR;
+					yield ERROR;
 				}
 			}
 			case ERROR, UNLOCKED, PROCESSING -> previousState;
 		};
 	}
 
-	private static VaultState determineVaultState(Path pathToVault) throws IOException {
-		if (!CryptoFileSystemProvider.containsVault(pathToVault, MASTERKEY_FILENAME)) {
-			return VaultState.MISSING;
-		} else if (Migrators.get().needsMigration(pathToVault, MASTERKEY_FILENAME)) {
-			return VaultState.NEEDS_MIGRATION;
-		} else {
-			return VaultState.LOCKED;
+	private static VaultState.Value determineVaultState(Path pathToVault) throws IOException {
+		if (!Files.exists(pathToVault)) {
+			return VaultState.Value.MISSING;
 		}
+		return switch (CryptoFileSystemProvider.checkDirStructureForVault(pathToVault, VAULTCONFIG_FILENAME, MASTERKEY_FILENAME)) {
+			case VAULT -> VaultState.Value.LOCKED;
+			case UNRELATED -> VaultState.Value.MISSING;
+			case MAYBE_LEGACY -> Migrators.get().needsMigration(pathToVault, VAULTCONFIG_FILENAME, MASTERKEY_FILENAME) ? VaultState.Value.NEEDS_MIGRATION : VaultState.Value.MISSING;
+		};
 	}
 
 }
diff --git a/main/commons/src/main/java/org/cryptomator/common/vaults/VaultModule.java b/main/commons/src/main/java/org/cryptomator/common/vaults/VaultModule.java
index 56a2814cf..901ee7f42 100644
--- a/main/commons/src/main/java/org/cryptomator/common/vaults/VaultModule.java
+++ b/main/commons/src/main/java/org/cryptomator/common/vaults/VaultModule.java
@@ -40,12 +40,6 @@ public class VaultModule {
 		return new AtomicReference<>();
 	}
 
-	@Provides
-	@PerVault
-	public ObjectProperty<VaultState> provideVaultState(VaultState initialState) {
-		return new SimpleObjectProperty<>(initialState);
-	}
-
 	@Provides
 	@Named("lastKnownException")
 	@PerVault
@@ -53,7 +47,6 @@ public class VaultModule {
 		return new SimpleObjectProperty<>(initialErrorCause);
 	}
 
-
 	@Provides
 	public Volume provideVolume(Settings settings, WebDavVolume webDavVolume, FuseVolume fuseVolume, DokanyVolume dokanyVolume) {
 		VolumeImpl preferredImpl = settings.preferredVolumeImpl().get();
@@ -105,7 +98,6 @@ public class VaultModule {
 		flags.append(" -oatomic_o_trunc");
 		flags.append(" -oauto_xattr");
 		flags.append(" -oauto_cache");
-		flags.append(" -omodules=iconv,from_code=UTF-8,to_code=UTF-8-MAC"); // show files names in Unicode NFD encoding
 		flags.append(" -onoappledouble"); // vastly impacts performance for some reason...
 		flags.append(" -odefault_permissions"); // let the kernel assume permissions based on file attributes etc
 
diff --git a/main/commons/src/main/java/org/cryptomator/common/vaults/VaultState.java b/main/commons/src/main/java/org/cryptomator/common/vaults/VaultState.java
index fa5e6c295..801ea7653 100644
--- a/main/commons/src/main/java/org/cryptomator/common/vaults/VaultState.java
+++ b/main/commons/src/main/java/org/cryptomator/common/vaults/VaultState.java
@@ -1,34 +1,141 @@
 package org.cryptomator.common.vaults;
 
-public enum VaultState {
-	/**
-	 * No vault found at the provided path
-	 */
-	MISSING,
+import com.google.common.base.Preconditions;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.inject.Inject;
+import javafx.application.Platform;
+import javafx.beans.value.ObservableObjectValue;
+import javafx.beans.value.ObservableValueBase;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicReference;
+import java.util.concurrent.locks.Condition;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
+
+@PerVault
+public class VaultState extends ObservableValueBase<VaultState.Value> implements ObservableObjectValue<VaultState.Value> {
+
+	private static final Logger LOG = LoggerFactory.getLogger(VaultState.class);
+
+	public enum Value {
+		/**
+		 * No vault found at the provided path
+		 */
+		MISSING,
+
+		/**
+		 * Vault requires migration to a newer vault format
+		 */
+		NEEDS_MIGRATION,
+
+		/**
+		 * Vault ready to be unlocked
+		 */
+		LOCKED,
+
+		/**
+		 * Vault in transition between two other states
+		 */
+		PROCESSING,
+
+		/**
+		 * Vault is unlocked
+		 */
+		UNLOCKED,
+
+		/**
+		 * Unknown state due to preceeding unrecoverable exceptions.
+		 */
+		ERROR;
+	}
+
+	private final AtomicReference<Value> value;
+	private final Lock lock = new ReentrantLock();
+	private final Condition valueChanged = lock.newCondition();
+
+	@Inject
+	public VaultState(VaultState.Value initialValue) {
+		this.value = new AtomicReference<>(initialValue);
+	}
+
+	@Override
+	public Value get() {
+		return getValue();
+	}
+
+	@Override
+	public Value getValue() {
+		return value.get();
+	}
 
 	/**
-	 * Vault requires migration to a newer vault format
+	 * Transitions from <code>fromState</code> to <code>toState</code>.
+	 *
+	 * @param fromState Previous state
+	 * @param toState New state
+	 * @return <code>true</code> if successful
 	 */
-	NEEDS_MIGRATION,
+	public boolean transition(Value fromState, Value toState) {
+		Preconditions.checkArgument(fromState != toState, "fromState must be different than toState");
+		boolean success = value.compareAndSet(fromState, toState);
+		if (success) {
+			fireValueChangedEvent();
+		} else {
+			LOG.debug("Failed transiting into state {}: Expected state was not{}.", fromState, toState);
+		}
+		return success;
+	}
+
+	public void set(Value newState) {
+		var oldState = value.getAndSet(newState);
+		if (oldState != newState) {
+			fireValueChangedEvent();
+		}
+	}
 
 	/**
-	 * Vault ready to be unlocked
+	 * Waits for the specified time, until the desired state is reached.
+	 *
+	 * @param desiredState what state to wait for
+	 * @param time the maximum time to wait
+	 * @param unit the time unit of the {@code time} argument
+	 * @return {@code false} if the waiting time detectably elapsed before reaching {@code desiredState}
+	 * @throws InterruptedException if the current thread is interrupted
 	 */
-	LOCKED,
+	public boolean awaitState(Value desiredState, long time, TimeUnit unit) throws InterruptedException {
+		lock.lock();
+		try {
+			long remaining = TimeUnit.NANOSECONDS.convert(time, unit);
+			while (value.get() != desiredState) {
+				if (remaining <= 0L) {
+					return false;
+				}
+				remaining = valueChanged.awaitNanos(remaining);
+			}
+			return true;
+		} finally {
+			lock.unlock();
+		}
+	}
 
-	/**
-	 * Vault in transition between two other states
-	 */
-	PROCESSING,
-
-	/**
-	 * Vault is unlocked
-	 */
-	UNLOCKED,
-
-	/**
-	 * Unknown state due to preceeding unrecoverable exceptions.
-	 */
-	ERROR;
+	private void signal() {
+		lock.lock();
+		try {
+			valueChanged.signalAll();
+		} finally {
+			lock.unlock();
+		}
+	}
 
+	@Override
+	protected void fireValueChangedEvent() {
+		signal();
+		if (Platform.isFxApplicationThread()) {
+			super.fireValueChangedEvent();
+		} else {
+			Platform.runLater(super::fireValueChangedEvent);
+		}
+	}
 }
diff --git a/main/commons/src/main/java/org/cryptomator/common/vaults/VaultStats.java b/main/commons/src/main/java/org/cryptomator/common/vaults/VaultStats.java
index 46cf31991..6dc86e8be 100644
--- a/main/commons/src/main/java/org/cryptomator/common/vaults/VaultStats.java
+++ b/main/commons/src/main/java/org/cryptomator/common/vaults/VaultStats.java
@@ -26,7 +26,7 @@ public class VaultStats {
 	private static final Logger LOG = LoggerFactory.getLogger(VaultStats.class);
 
 	private final AtomicReference<CryptoFileSystem> fs;
-	private final ObjectProperty<VaultState> state;
+	private final VaultState state;
 	private final ScheduledService<Optional<CryptoFileSystemStats>> updateService;
 	private final LongProperty bytesPerSecondRead = new SimpleLongProperty();
 	private final LongProperty bytesPerSecondWritten = new SimpleLongProperty();
@@ -41,7 +41,7 @@ public class VaultStats {
 	private final LongProperty filesWritten = new SimpleLongProperty();
 
 	@Inject
-	VaultStats(AtomicReference<CryptoFileSystem> fs, ObjectProperty<VaultState> state, ExecutorService executor) {
+	VaultStats(AtomicReference<CryptoFileSystem> fs, VaultState state, ExecutorService executor) {
 		this.fs = fs;
 		this.state = state;
 		this.updateService = new UpdateStatsService();
@@ -52,13 +52,13 @@ public class VaultStats {
 	}
 
 	private void vaultStateChanged(@SuppressWarnings("unused") Observable observable) {
-		if (VaultState.UNLOCKED.equals(state.get())) {
+		if (VaultState.Value.UNLOCKED == state.get()) {
 			assert fs.get() != null;
 			LOG.debug("start recording stats");
-			updateService.restart();
+			Platform.runLater(() -> updateService.restart());
 		} else {
 			LOG.debug("stop recording stats");
-			updateService.cancel();
+			Platform.runLater(() -> updateService.cancel());
 		}
 	}
 
diff --git a/main/commons/src/main/java/org/cryptomator/common/vaults/Volume.java b/main/commons/src/main/java/org/cryptomator/common/vaults/Volume.java
index 74a307d5a..f608122bf 100644
--- a/main/commons/src/main/java/org/cryptomator/common/vaults/Volume.java
+++ b/main/commons/src/main/java/org/cryptomator/common/vaults/Volume.java
@@ -7,6 +7,8 @@ import org.cryptomator.cryptofs.CryptoFileSystem;
 import java.io.IOException;
 import java.nio.file.Path;
 import java.util.Optional;
+import java.util.concurrent.CompletionStage;
+import java.util.function.Consumer;
 import java.util.stream.Stream;
 
 /**
@@ -32,7 +34,7 @@ public interface Volume {
 	 * @param fs
 	 * @throws IOException
 	 */
-	void mount(CryptoFileSystem fs, String mountFlags) throws IOException, VolumeException, InvalidMountPointException;
+	void mount(CryptoFileSystem fs, String mountFlags, Consumer<Throwable> onExitAction) throws IOException, VolumeException, InvalidMountPointException;
 
 	/**
 	 * Reveals the mounted volume.
diff --git a/main/commons/src/main/java/org/cryptomator/common/vaults/WebDavVolume.java b/main/commons/src/main/java/org/cryptomator/common/vaults/WebDavVolume.java
index 8b4f27fdb..03c83377c 100644
--- a/main/commons/src/main/java/org/cryptomator/common/vaults/WebDavVolume.java
+++ b/main/commons/src/main/java/org/cryptomator/common/vaults/WebDavVolume.java
@@ -17,6 +17,7 @@ import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.nio.file.Path;
 import java.util.Optional;
+import java.util.function.Consumer;
 import java.util.function.Supplier;
 
 public class WebDavVolume implements Volume {
@@ -31,6 +32,7 @@ public class WebDavVolume implements Volume {
 	private WebDavServer server;
 	private WebDavServletController servlet;
 	private Mounter.Mount mount;
+	private Consumer<Throwable> onExitAction;
 
 	@Inject
 	public WebDavVolume(Provider<WebDavServer> serverProvider, VaultSettings vaultSettings, Settings settings, WindowsDriveLetters windowsDriveLetters) {
@@ -41,12 +43,13 @@ public class WebDavVolume implements Volume {
 	}
 
 	@Override
-	public void mount(CryptoFileSystem fs, String mountFlags) throws VolumeException {
+	public void mount(CryptoFileSystem fs, String mountFlags, Consumer<Throwable> onExitAction) throws VolumeException {
 		startServlet(fs);
 		mountServlet();
+		this.onExitAction = onExitAction;
 	}
 
-	private void startServlet(CryptoFileSystem fs){
+	private void startServlet(CryptoFileSystem fs) {
 		if (server == null) {
 			server = serverProvider.get();
 		}
@@ -66,7 +69,7 @@ public class WebDavVolume implements Volume {
 
 		//on windows, prevent an automatic drive letter selection in the upstream library. Either we choose already a specifc one or there is no free.
 		Supplier<String> driveLetterSupplier;
-		if(System.getProperty("os.name").toLowerCase().contains("windows") && vaultSettings.winDriveLetter().isEmpty().get()) {
+		if (System.getProperty("os.name").toLowerCase().contains("windows") && vaultSettings.winDriveLetter().isEmpty().get()) {
 			driveLetterSupplier = () -> windowsDriveLetters.getAvailableDriveLetter().orElse(null);
 		} else {
 			driveLetterSupplier = () -> vaultSettings.winDriveLetter().get();
@@ -101,6 +104,7 @@ public class WebDavVolume implements Volume {
 			throw new VolumeException(e);
 		}
 		cleanup();
+		onExitAction.accept(null);
 	}
 
 	@Override
@@ -111,6 +115,7 @@ public class WebDavVolume implements Volume {
 			throw new VolumeException(e);
 		}
 		cleanup();
+		onExitAction.accept(null);
 	}
 
 	@Override
diff --git a/main/pom.xml b/main/pom.xml
index 1e48da8a7..fdefe694b 100644
--- a/main/pom.xml
+++ b/main/pom.xml
@@ -25,29 +25,29 @@
 		<project.jdk.version>16</project.jdk.version>
 
 		<!-- cryptomator dependencies -->
-		<cryptomator.cryptofs.version>1.9.14</cryptomator.cryptofs.version>
+		<cryptomator.cryptofs.version>2.1.0-beta5</cryptomator.cryptofs.version>
 		<cryptomator.integrations.version>1.0.0-beta2</cryptomator.integrations.version>
 		<cryptomator.integrations.win.version>1.0.0-beta2</cryptomator.integrations.win.version>
 		<cryptomator.integrations.mac.version>1.0.0-beta2</cryptomator.integrations.mac.version>
 		<cryptomator.integrations.linux.version>1.0.0-beta1</cryptomator.integrations.linux.version>
-		<cryptomator.fuse.version>1.2.9</cryptomator.fuse.version>
-		<cryptomator.dokany.version>1.2.4</cryptomator.dokany.version>
-		<cryptomator.webdav.version>1.1.4</cryptomator.webdav.version>
+		<cryptomator.fuse.version>1.3.1</cryptomator.fuse.version>
+		<cryptomator.dokany.version>1.3.1</cryptomator.dokany.version>
+		<cryptomator.webdav.version>1.2.2</cryptomator.webdav.version>
 
 		<!-- 3rd party dependencies -->
-		<javafx.version>15</javafx.version>
+		<javafx.version>16</javafx.version>
 		<commons-lang3.version>3.11</commons-lang3.version>
-		<jwt.version>3.12.0</jwt.version>
+		<jwt.version>3.15.0</jwt.version>
 		<easybind.version>2.1.0</easybind.version>
-		<guava.version>30.0-jre</guava.version>
-		<dagger.version>2.32</dagger.version>
+		<guava.version>30.1.1-jre</guava.version>
+		<dagger.version>2.35.1</dagger.version>
 		<gson.version>2.8.6</gson.version>
 		<slf4j.version>1.7.30</slf4j.version>
 		<logback.version>1.2.3</logback.version>
 
 		<!-- test dependencies -->
-		<junit.jupiter.version>5.7.0</junit.jupiter.version>
-		<mockito.version>3.6.0</mockito.version>
+		<junit.jupiter.version>5.7.1</junit.jupiter.version>
+		<mockito.version>3.9.0</mockito.version>
 		<hamcrest.version>2.2</hamcrest.version>
 	</properties>
 
@@ -218,12 +218,6 @@
 				<scope>test</scope>
 			</dependency>
 
-			<!-- TODO: temporary fix for XXE attack, can be removed once java-jwt is updated -->
-			<dependency>
-				<groupId>com.fasterxml.jackson.core</groupId>
-				<artifactId>jackson-databind</artifactId>
-				<version>2.10.5.1</version>
-			</dependency>
 		</dependencies>
 	</dependencyManagement>
 
diff --git a/main/suppression.xml b/main/suppression.xml
index 6fe12f417..43acf2e8d 100644
--- a/main/suppression.xml
+++ b/main/suppression.xml
@@ -1,11 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- This file lists false positives found by org.owasp:dependency-check-maven build plugin -->
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
-	<suppress>
-		<notes><![CDATA[ Upstream fix backported from 2.11.0 to 2.10.5.1, see https://github.com/FasterXML/jackson-databind/issues/2589#issuecomment-714833837. ]]></notes>
-		<gav>com.fasterxml.jackson.core:jackson-databind:2.10.5.1</gav>
-		<cve>CVE-2020-25649</cve>
-	</suppress>
 	<suppress>
 		<notes><![CDATA[ Suppress known vulnerabilities in FUSE libraries for fuse-nio-adapter. For more info, see suppression.xml of https://github.com/cryptomator/fuse-nio-adapter ]]></notes>
 		<gav regex="true">^org\.cryptomator:fuse-nio-adapter:.*$</gav>
diff --git a/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultModule.java b/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultModule.java
index 42d243e80..8a5a776ea 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultModule.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/AddVaultModule.java
@@ -6,10 +6,10 @@ import dagger.Provides;
 import dagger.multibindings.IntoMap;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.ui.common.DefaultSceneFactory;
-import org.cryptomator.ui.common.FxmlLoaderFactory;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxControllerKey;
 import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlLoaderFactory;
 import org.cryptomator.ui.common.FxmlScene;
 import org.cryptomator.ui.common.NewPasswordController;
 import org.cryptomator.ui.common.PasswordStrengthUtil;
@@ -33,13 +33,6 @@ import java.util.ResourceBundle;
 @Module
 public abstract class AddVaultModule {
 
-	@Provides
-	@AddVaultWizardScoped
-	@Named("newPassword")
-	static ObjectProperty<CharSequence> provideNewPasswordProperty() {
-		return new SimpleObjectProperty<>("");
-	}
-
 	@Provides
 	@AddVaultWizardWindow
 	@AddVaultWizardScoped
@@ -167,8 +160,8 @@ public abstract class AddVaultModule {
 	@Provides
 	@IntoMap
 	@FxControllerKey(NewPasswordController.class)
-	static FxController provideNewPasswordController(ResourceBundle resourceBundle, PasswordStrengthUtil strengthRater, @Named("newPassword") ObjectProperty<CharSequence> password) {
-		return new NewPasswordController(resourceBundle, strengthRater, password);
+	static FxController provideNewPasswordController(ResourceBundle resourceBundle, PasswordStrengthUtil strengthRater) {
+		return new NewPasswordController(resourceBundle, strengthRater);
 	}
 
 	@Binds
diff --git a/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java b/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
index a5398d51b..214ed19b0 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/ChooseExistingVaultController.java
@@ -81,7 +81,7 @@ public class ChooseExistingVaultController implements FxController {
 				Vault newVault = vaultListManager.add(vaultPath.get());
 				vault.set(newVault);
 				window.setScene(successScene.get());
-			} catch (NoSuchFileException e) {
+			} catch (IOException e) {
 				LOG.error("Failed to open existing vault.", e);
 				errorComponent.cause(e).window(window).returnToScene(window.getScene()).build().showErrorScene();
 			}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/CreateNewVaultLocationController.java b/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/CreateNewVaultLocationController.java
index 4eeea5c3d..39e25d503 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/CreateNewVaultLocationController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/CreateNewVaultLocationController.java
@@ -1,10 +1,10 @@
 package org.cryptomator.ui.addvaultwizard;
 
 import dagger.Lazy;
-import org.cryptomator.ui.common.ErrorComponent;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
+import org.cryptomator.ui.controls.FontAwesome5IconView;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -15,21 +15,21 @@ import javafx.beans.binding.BooleanBinding;
 import javafx.beans.property.BooleanProperty;
 import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.SimpleBooleanProperty;
+import javafx.beans.property.SimpleObjectProperty;
 import javafx.beans.property.SimpleStringProperty;
 import javafx.beans.property.StringProperty;
 import javafx.beans.value.ObservableValue;
 import javafx.fxml.FXML;
+import javafx.scene.Node;
 import javafx.scene.Scene;
+import javafx.scene.control.Label;
 import javafx.scene.control.RadioButton;
 import javafx.scene.control.Toggle;
 import javafx.scene.control.ToggleGroup;
 import javafx.stage.DirectoryChooser;
 import javafx.stage.Stage;
 import java.io.File;
-import java.io.IOException;
-import java.nio.file.FileAlreadyExistsException;
 import java.nio.file.Files;
-import java.nio.file.NoSuchFileException;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.ResourceBundle;
@@ -43,55 +43,74 @@ public class CreateNewVaultLocationController implements FxController {
 	private final Stage window;
 	private final Lazy<Scene> chooseNameScene;
 	private final Lazy<Scene> choosePasswordScene;
-	private final ErrorComponent.Builder errorComponent;
 	private final LocationPresets locationPresets;
 	private final ObjectProperty<Path> vaultPath;
 	private final StringProperty vaultName;
 	private final ResourceBundle resourceBundle;
 	private final BooleanBinding validVaultPath;
 	private final BooleanProperty usePresetPath;
-	private final StringProperty warningText;
+	private final StringProperty statusText;
+	private final ObjectProperty<Node> statusGraphic;
 
 	private Path customVaultPath = DEFAULT_CUSTOM_VAULT_PATH;
+
+	//FXML
 	public ToggleGroup predefinedLocationToggler;
 	public RadioButton iclouddriveRadioButton;
 	public RadioButton dropboxRadioButton;
 	public RadioButton gdriveRadioButton;
 	public RadioButton onedriveRadioButton;
+	public RadioButton megaRadioButton;
+	public RadioButton pcloudRadioButton;
 	public RadioButton customRadioButton;
+	public Label vaultPathStatus;
+	public FontAwesome5IconView goodLocation;
+	public FontAwesome5IconView badLocation;
 
 	@Inject
-	CreateNewVaultLocationController(@AddVaultWizardWindow Stage window, @FxmlScene(FxmlFile.ADDVAULT_NEW_NAME) Lazy<Scene> chooseNameScene, @FxmlScene(FxmlFile.ADDVAULT_NEW_PASSWORD) Lazy<Scene> choosePasswordScene, ErrorComponent.Builder errorComponent, LocationPresets locationPresets, ObjectProperty<Path> vaultPath, @Named("vaultName") StringProperty vaultName, ResourceBundle resourceBundle) {
+	CreateNewVaultLocationController(@AddVaultWizardWindow Stage window, @FxmlScene(FxmlFile.ADDVAULT_NEW_NAME) Lazy<Scene> chooseNameScene, @FxmlScene(FxmlFile.ADDVAULT_NEW_PASSWORD) Lazy<Scene> choosePasswordScene, LocationPresets locationPresets, ObjectProperty<Path> vaultPath, @Named("vaultName") StringProperty vaultName, ResourceBundle resourceBundle) {
 		this.window = window;
 		this.chooseNameScene = chooseNameScene;
 		this.choosePasswordScene = choosePasswordScene;
-		this.errorComponent = errorComponent;
 		this.locationPresets = locationPresets;
 		this.vaultPath = vaultPath;
 		this.vaultName = vaultName;
 		this.resourceBundle = resourceBundle;
-		this.validVaultPath = Bindings.createBooleanBinding(this::isValidVaultPath, vaultPath);
+		this.validVaultPath = Bindings.createBooleanBinding(this::validateVaultPathAndSetStatus, this.vaultPath);
 		this.usePresetPath = new SimpleBooleanProperty();
-		this.warningText = new SimpleStringProperty();
+		this.statusText = new SimpleStringProperty();
+		this.statusGraphic = new SimpleObjectProperty<>();
 	}
 
-	private boolean isValidVaultPath() {
-		return vaultPath.get() != null && Files.notExists(vaultPath.get());
+	private boolean validateVaultPathAndSetStatus() {
+		final Path p = vaultPath.get();
+		if (p == null) {
+			statusText.set("Error: Path is NULL.");
+			statusGraphic.set(badLocation);
+			return false;
+		} else if (!Files.exists(p.getParent())) {
+			statusText.set(resourceBundle.getString("addvaultwizard.new.locationDoesNotExist"));
+			statusGraphic.set(badLocation);
+			return false;
+		} else if (!Files.isWritable(p.getParent())) {
+			statusText.set(resourceBundle.getString("addvaultwizard.new.locationIsNotWritable"));
+			statusGraphic.set(badLocation);
+			return false;
+		} else if (!Files.notExists(p)) {
+			statusText.set(resourceBundle.getString("addvaultwizard.new.fileAlreadyExists"));
+			statusGraphic.set(badLocation);
+			return false;
+		} else {
+			statusText.set(resourceBundle.getString("addvaultwizard.new.locationIsOk"));
+			statusGraphic.set(goodLocation);
+			return true;
+		}
 	}
 
 	@FXML
 	public void initialize() {
 		predefinedLocationToggler.selectedToggleProperty().addListener(this::togglePredefinedLocation);
 		usePresetPath.bind(predefinedLocationToggler.selectedToggleProperty().isNotEqualTo(customRadioButton));
-		vaultPath.addListener(this::vaultPathDidChange);
-	}
-
-	private void vaultPathDidChange(@SuppressWarnings("unused") ObservableValue<? extends Path> observable, @SuppressWarnings("unused") Path oldValue, Path newValue) {
-		if (!Files.notExists(newValue)) {
-			warningText.set(resourceBundle.getString("addvaultwizard.new.fileAlreadyExists"));
-		} else {
-			warningText.set(null);
-		}
 	}
 
 	private void togglePredefinedLocation(@SuppressWarnings("unused") ObservableValue<? extends Toggle> observable, @SuppressWarnings("unused") Toggle oldValue, Toggle newValue) {
@@ -103,6 +122,10 @@ public class CreateNewVaultLocationController implements FxController {
 			vaultPath.set(locationPresets.getGdriveLocation().resolve(vaultName.get()));
 		} else if (onedriveRadioButton.equals(newValue)) {
 			vaultPath.set(locationPresets.getOnedriveLocation().resolve(vaultName.get()));
+		} else if (megaRadioButton.equals(newValue)) {
+			vaultPath.set(locationPresets.getMegaLocation().resolve(vaultName.get()));
+		} else if (pcloudRadioButton.equals(newValue)) {
+			vaultPath.set(locationPresets.getPcloudLocation().resolve(vaultName.get()));
 		} else if (customRadioButton.equals(newValue)) {
 			vaultPath.set(customVaultPath.resolve(vaultName.get()));
 		}
@@ -115,21 +138,10 @@ public class CreateNewVaultLocationController implements FxController {
 
 	@FXML
 	public void next() {
-		try {
-			// check if we have write access AND the vaultPath doesn't already exist:
-			assert Files.isDirectory(vaultPath.get().getParent());
-			Path createdDir = Files.createDirectory(vaultPath.get());
-			Files.delete(createdDir); // assert: dir exists and is empty
+		if (validateVaultPathAndSetStatus()) {
 			window.setScene(choosePasswordScene.get());
-		} catch (FileAlreadyExistsException e) {
-			LOG.warn("Can not use already existing vault path {}", vaultPath.get());
-			warningText.set(resourceBundle.getString("addvaultwizard.new.fileAlreadyExists"));
-		} catch (NoSuchFileException e) {
-			LOG.warn("At least one path component does not exist of path {}", vaultPath.get());
-			warningText.set(resourceBundle.getString("addvaultwizard.new.locationDoesNotExist"));
-		} catch (IOException e) {
-			LOG.error("Failed to create and delete directory at chosen vault path.", e);
-			errorComponent.cause(e).window(window).returnToScene(window.getScene()).build().showErrorScene();
+		} else {
+			validVaultPath.invalidate();
 		}
 	}
 
@@ -179,19 +191,27 @@ public class CreateNewVaultLocationController implements FxController {
 		return usePresetPath.get();
 	}
 
-	public StringProperty warningTextProperty() {
-		return warningText;
+	public BooleanBinding anyRadioButtonSelectedProperty() {
+		return predefinedLocationToggler.selectedToggleProperty().isNotNull();
 	}
 
-	public String getWarningText() {
-		return warningText.get();
+	public boolean isAnyRadioButtonSelected() {
+		return anyRadioButtonSelectedProperty().get();
 	}
 
-	public BooleanBinding showWarningProperty() {
-		return warningText.isNotEmpty();
+	public StringProperty statusTextProperty() {
+		return statusText;
 	}
 
-	public boolean isShowWarning() {
-		return showWarningProperty().get();
+	public String getStatusText() {
+		return statusText.get();
+	}
+
+	public ObjectProperty<Node> statusGraphicProperty() {
+		return statusGraphic;
+	}
+
+	public Node getStatusGraphic() {
+		return statusGraphic.get();
 	}
 }
diff --git a/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/CreateNewVaultPasswordController.java b/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/CreateNewVaultPasswordController.java
index c4e226359..4b4e02ed2 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/CreateNewVaultPasswordController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/CreateNewVaultPasswordController.java
@@ -5,11 +5,18 @@ import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.cryptofs.CryptoFileSystemProperties;
 import org.cryptomator.cryptofs.CryptoFileSystemProvider;
+import org.cryptomator.cryptofs.VaultCipherCombo;
+import org.cryptomator.cryptolib.api.CryptoException;
+import org.cryptomator.cryptolib.api.Masterkey;
+import org.cryptomator.cryptolib.api.MasterkeyLoader;
+import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.cryptomator.ui.common.ErrorComponent;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
+import org.cryptomator.ui.common.NewPasswordController;
 import org.cryptomator.ui.common.Tasks;
+import org.cryptomator.ui.keyloading.masterkeyfile.MasterkeyFileLoadingStrategy;
 import org.cryptomator.ui.recoverykey.RecoveryKeyFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -17,7 +24,6 @@ import org.slf4j.LoggerFactory;
 import javax.inject.Inject;
 import javax.inject.Named;
 import javafx.beans.binding.Bindings;
-import javafx.beans.binding.BooleanBinding;
 import javafx.beans.binding.ObjectBinding;
 import javafx.beans.property.BooleanProperty;
 import javafx.beans.property.ObjectProperty;
@@ -31,13 +37,13 @@ import javafx.scene.control.ToggleGroup;
 import javafx.stage.Stage;
 import java.io.IOException;
 import java.io.UncheckedIOException;
+import java.net.URI;
 import java.nio.channels.WritableByteChannel;
 import java.nio.file.FileSystem;
 import java.nio.file.Files;
-import java.nio.file.NoSuchFileException;
 import java.nio.file.Path;
 import java.nio.file.StandardOpenOption;
-import java.util.Collections;
+import java.security.SecureRandom;
 import java.util.ResourceBundle;
 import java.util.concurrent.ExecutorService;
 
@@ -48,6 +54,7 @@ import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
 public class CreateNewVaultPasswordController implements FxController {
 
 	private static final Logger LOG = LoggerFactory.getLogger(CreateNewVaultPasswordController.class);
+	private static final URI DEFAULT_KEY_ID = URI.create(MasterkeyFileLoadingStrategy.SCHEME + ":" + MASTERKEY_FILENAME); // TODO better place?
 
 	private final Stage window;
 	private final Lazy<Scene> chooseLocationScene;
@@ -62,8 +69,9 @@ public class CreateNewVaultPasswordController implements FxController {
 	private final StringProperty recoveryKeyProperty;
 	private final VaultListManager vaultListManager;
 	private final ResourceBundle resourceBundle;
-	private final ObjectProperty<CharSequence> password;
 	private final ReadmeGenerator readmeGenerator;
+	private final SecureRandom csprng;
+	private final MasterkeyFileAccess masterkeyFileAccess;
 	private final BooleanProperty processing;
 	private final BooleanProperty readyToCreateVault;
 	private final ObjectBinding<ContentDisplay> createVaultButtonState;
@@ -71,9 +79,10 @@ public class CreateNewVaultPasswordController implements FxController {
 	public ToggleGroup recoveryKeyChoice;
 	public Toggle showRecoveryKey;
 	public Toggle skipRecoveryKey;
+	public NewPasswordController newPasswordSceneController;
 
 	@Inject
-	CreateNewVaultPasswordController(@AddVaultWizardWindow Stage window, @FxmlScene(FxmlFile.ADDVAULT_NEW_LOCATION) Lazy<Scene> chooseLocationScene, @FxmlScene(FxmlFile.ADDVAULT_NEW_RECOVERYKEY) Lazy<Scene> recoveryKeyScene, @FxmlScene(FxmlFile.ADDVAULT_SUCCESS) Lazy<Scene> successScene, ErrorComponent.Builder errorComponent, ExecutorService executor, RecoveryKeyFactory recoveryKeyFactory, @Named("vaultName") StringProperty vaultName, ObjectProperty<Path> vaultPath, @AddVaultWizardWindow ObjectProperty<Vault> vault, @Named("recoveryKey") StringProperty recoveryKey, VaultListManager vaultListManager, ResourceBundle resourceBundle, @Named("newPassword") ObjectProperty<CharSequence> password, ReadmeGenerator readmeGenerator) {
+	CreateNewVaultPasswordController(@AddVaultWizardWindow Stage window, @FxmlScene(FxmlFile.ADDVAULT_NEW_LOCATION) Lazy<Scene> chooseLocationScene, @FxmlScene(FxmlFile.ADDVAULT_NEW_RECOVERYKEY) Lazy<Scene> recoveryKeyScene, @FxmlScene(FxmlFile.ADDVAULT_SUCCESS) Lazy<Scene> successScene, ErrorComponent.Builder errorComponent, ExecutorService executor, RecoveryKeyFactory recoveryKeyFactory, @Named("vaultName") StringProperty vaultName, ObjectProperty<Path> vaultPath, @AddVaultWizardWindow ObjectProperty<Vault> vault, @Named("recoveryKey") StringProperty recoveryKey, VaultListManager vaultListManager, ResourceBundle resourceBundle, ReadmeGenerator readmeGenerator, SecureRandom csprng, MasterkeyFileAccess masterkeyFileAccess) {
 		this.window = window;
 		this.chooseLocationScene = chooseLocationScene;
 		this.recoveryKeyScene = recoveryKeyScene;
@@ -87,8 +96,9 @@ public class CreateNewVaultPasswordController implements FxController {
 		this.recoveryKeyProperty = recoveryKey;
 		this.vaultListManager = vaultListManager;
 		this.resourceBundle = resourceBundle;
-		this.password = password;
 		this.readmeGenerator = readmeGenerator;
+		this.csprng = csprng;
+		this.masterkeyFileAccess = masterkeyFileAccess;
 		this.processing = new SimpleBooleanProperty();
 		this.readyToCreateVault = new SimpleBooleanProperty();
 		this.createVaultButtonState = Bindings.createObjectBinding(this::getCreateVaultButtonState, processing);
@@ -96,8 +106,11 @@ public class CreateNewVaultPasswordController implements FxController {
 
 	@FXML
 	public void initialize() {
-		BooleanBinding isValidNewPassword = Bindings.createBooleanBinding(() -> password.get() != null && password.get().length() > 0, password);
-		readyToCreateVault.bind(isValidNewPassword.and(recoveryKeyChoice.selectedToggleProperty().isNotNull()).and(processing.not()));
+		readyToCreateVault.bind(newPasswordSceneController.passwordsMatchAndSufficientProperty().and(recoveryKeyChoice.selectedToggleProperty().isNotNull()).and(processing.not()));
+		window.setOnHiding(event -> {
+			newPasswordSceneController.passwordField.wipe();
+			newPasswordSceneController.reenterField.wipe();
+		});
 	}
 
 	@FXML
@@ -130,8 +143,8 @@ public class CreateNewVaultPasswordController implements FxController {
 		Path pathToVault = vaultPathProperty.get();
 		processing.set(true);
 		Tasks.create(() -> {
-			initializeVault(pathToVault, password.get());
-			return recoveryKeyFactory.createRecoveryKey(pathToVault, password.get());
+			initializeVault(pathToVault);
+			return recoveryKeyFactory.createRecoveryKey(pathToVault, newPasswordSceneController.passwordField.getCharacters());
 		}).onSuccess(recoveryKey -> {
 			initializationSucceeded(pathToVault);
 			recoveryKeyProperty.set(recoveryKey);
@@ -148,7 +161,7 @@ public class CreateNewVaultPasswordController implements FxController {
 		Path pathToVault = vaultPathProperty.get();
 		processing.set(true);
 		Tasks.create(() -> {
-			initializeVault(pathToVault, password.get());
+			initializeVault(pathToVault);
 		}).onSuccess(() -> {
 			initializationSucceeded(pathToVault);
 			window.setScene(successScene.get());
@@ -160,24 +173,35 @@ public class CreateNewVaultPasswordController implements FxController {
 		}).runOnce(executor);
 	}
 
-	private void initializeVault(Path path, CharSequence passphrase) throws IOException {
-		CryptoFileSystemProvider.initialize(path, MASTERKEY_FILENAME, passphrase);
-		CryptoFileSystemProperties fsProps = CryptoFileSystemProperties.cryptoFileSystemProperties() //
-				.withPassphrase(passphrase) //
-				.withFlags(Collections.emptySet()) //
-				.withMasterkeyFilename(MASTERKEY_FILENAME) //
-				.build();
+	private void initializeVault(Path path) throws IOException {
+		// 1. write masterkey:
+		Path masterkeyFilePath = path.resolve(MASTERKEY_FILENAME);
+		try (Masterkey masterkey = Masterkey.generate(csprng)) {
+			masterkeyFileAccess.persist(masterkey, masterkeyFilePath, newPasswordSceneController.passwordField.getCharacters());
 
-		String vaultReadmeFileName = resourceBundle.getString("addvault.new.readme.accessLocation.fileName");
-		try (FileSystem fs = CryptoFileSystemProvider.newFileSystem(path, fsProps); // 
-			 WritableByteChannel ch = Files.newByteChannel(fs.getPath("/", vaultReadmeFileName), StandardOpenOption.CREATE_NEW, StandardOpenOption.WRITE)) {
-			ch.write(US_ASCII.encode(readmeGenerator.createVaultAccessLocationReadmeRtf()));
+			// 2. initialize vault:
+			try {
+				MasterkeyLoader loader = ignored -> masterkey.clone();
+				CryptoFileSystemProperties fsProps = CryptoFileSystemProperties.cryptoFileSystemProperties().withCipherCombo(VaultCipherCombo.SIV_CTRMAC).withKeyLoader(loader).build();
+				CryptoFileSystemProvider.initialize(path, fsProps, DEFAULT_KEY_ID);
+
+				// 3. write vault-internal readme file:
+				String vaultReadmeFileName = resourceBundle.getString("addvault.new.readme.accessLocation.fileName");
+				try (FileSystem fs = CryptoFileSystemProvider.newFileSystem(path, fsProps); //
+					 WritableByteChannel ch = Files.newByteChannel(fs.getPath("/", vaultReadmeFileName), StandardOpenOption.CREATE_NEW, StandardOpenOption.WRITE)) {
+					ch.write(US_ASCII.encode(readmeGenerator.createVaultAccessLocationReadmeRtf()));
+				}
+			} catch (CryptoException e) {
+				throw new IOException("Failed initialize vault.", e);
+			}
 		}
 
+		// 4. write vault-external readme file:
 		String storagePathReadmeFileName = resourceBundle.getString("addvault.new.readme.storageLocation.fileName");
 		try (WritableByteChannel ch = Files.newByteChannel(path.resolve(storagePathReadmeFileName), StandardOpenOption.CREATE_NEW, StandardOpenOption.WRITE)) {
 			ch.write(US_ASCII.encode(readmeGenerator.createVaultStorageLocationReadmeRtf()));
 		}
+
 		LOG.info("Created vault at {}", path);
 	}
 
@@ -185,7 +209,7 @@ public class CreateNewVaultPasswordController implements FxController {
 		try {
 			Vault newVault = vaultListManager.add(pathToVault);
 			vaultProperty.set(newVault);
-		} catch (NoSuchFileException e) {
+		} catch (IOException e) {
 			throw new UncheckedIOException(e);
 		}
 	}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/LocationPresets.java b/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/LocationPresets.java
index b9f796043..6cec655cb 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/LocationPresets.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/addvaultwizard/LocationPresets.java
@@ -16,15 +16,21 @@ public class LocationPresets {
 	private static final String[] DROPBOX_LOCATIONS = {"~/Dropbox"};
 	private static final String[] GDRIVE_LOCATIONS = {"~/Google Drive"};
 	private static final String[] ONEDRIVE_LOCATIONS = {"~/OneDrive"};
+	private static final String[] MEGA_LOCATIONS = {"~/MEGA"};
+	private static final String[] PCLOUD_LOCATIONS = {"~/pCloudDrive"};
 
 	private final ReadOnlyObjectProperty<Path> iclouddriveLocation;
 	private final ReadOnlyObjectProperty<Path> dropboxLocation;
 	private final ReadOnlyObjectProperty<Path> gdriveLocation;
 	private final ReadOnlyObjectProperty<Path> onedriveLocation;
+	private final ReadOnlyObjectProperty<Path> megaLocation;
+	private final ReadOnlyObjectProperty<Path> pcloudLocation;
 	private final BooleanBinding foundIclouddrive;
 	private final BooleanBinding foundDropbox;
 	private final BooleanBinding foundGdrive;
 	private final BooleanBinding foundOnedrive;
+	private final BooleanBinding foundMega;
+	private final BooleanBinding foundPcloud;
 
 	@Inject
 	public LocationPresets() {
@@ -32,10 +38,14 @@ public class LocationPresets {
 		this.dropboxLocation = new SimpleObjectProperty<>(existingWritablePath(DROPBOX_LOCATIONS));
 		this.gdriveLocation = new SimpleObjectProperty<>(existingWritablePath(GDRIVE_LOCATIONS));
 		this.onedriveLocation = new SimpleObjectProperty<>(existingWritablePath(ONEDRIVE_LOCATIONS));
+		this.megaLocation = new SimpleObjectProperty<>(existingWritablePath(MEGA_LOCATIONS));
+		this.pcloudLocation = new SimpleObjectProperty<>(existingWritablePath(PCLOUD_LOCATIONS));
 		this.foundIclouddrive = iclouddriveLocation.isNotNull();
 		this.foundDropbox = dropboxLocation.isNotNull();
 		this.foundGdrive = gdriveLocation.isNotNull();
 		this.foundOnedrive = onedriveLocation.isNotNull();
+		this.foundMega = megaLocation.isNotNull();
+		this.foundPcloud = pcloudLocation.isNotNull();
 	}
 
 	private static Path existingWritablePath(String... candidates) {
@@ -122,4 +132,36 @@ public class LocationPresets {
 		return foundOnedrive.get();
 	}
 
+	public ReadOnlyObjectProperty<Path> megaLocationProperty() {
+		return megaLocation;
+	}
+
+	public Path getMegaLocation() {
+		return megaLocation.get();
+	}
+
+	public BooleanBinding foundMegaProperty() {
+		return foundMega;
+	}
+
+	public boolean isFoundMega() {
+		return foundMega.get();
+	}
+
+	public ReadOnlyObjectProperty<Path> pcloudLocationProperty() {
+		return pcloudLocation;
+	}
+
+	public Path getPcloudLocation() {
+		return pcloudLocation.get();
+	}
+
+	public BooleanBinding foundPcloudProperty() {
+		return foundPcloud;
+	}
+
+	public boolean isFoundPcloud() {
+		return foundPcloud.get();
+	}
+
 }
diff --git a/main/ui/src/main/java/org/cryptomator/ui/changepassword/ChangePasswordController.java b/main/ui/src/main/java/org/cryptomator/ui/changepassword/ChangePasswordController.java
index 52cfe2b81..ccc0184ac 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/changepassword/ChangePasswordController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/changepassword/ChangePasswordController.java
@@ -2,29 +2,33 @@ package org.cryptomator.ui.changepassword;
 
 import org.cryptomator.common.keychain.KeychainManager;
 import org.cryptomator.common.vaults.Vault;
-import org.cryptomator.cryptofs.CryptoFileSystemProvider;
+import org.cryptomator.cryptofs.common.MasterkeyBackupHelper;
+import org.cryptomator.cryptolib.api.CryptoException;
 import org.cryptomator.cryptolib.api.InvalidPassphraseException;
+import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.cryptomator.integrations.keychain.KeychainAccessException;
 import org.cryptomator.ui.common.Animations;
 import org.cryptomator.ui.common.ErrorComponent;
 import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.common.NewPasswordController;
 import org.cryptomator.ui.controls.NiceSecurePasswordField;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
-import javax.inject.Named;
-import javafx.beans.binding.Bindings;
 import javafx.beans.binding.BooleanBinding;
-import javafx.beans.property.ObjectProperty;
 import javafx.fxml.FXML;
 import javafx.scene.control.Button;
 import javafx.scene.control.CheckBox;
 import javafx.stage.Stage;
 import java.io.IOException;
-import java.nio.CharBuffer;
-import java.util.Optional;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.StandardCopyOption;
+import java.nio.file.StandardOpenOption;
+import java.security.SecureRandom;
 
+import static org.cryptomator.common.Constants.MASTERKEY_BACKUP_SUFFIX;
 import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
 
 @ChangePasswordScoped
@@ -34,29 +38,36 @@ public class ChangePasswordController implements FxController {
 
 	private final Stage window;
 	private final Vault vault;
-	private final ObjectProperty<CharSequence> newPassword;
 	private final ErrorComponent.Builder errorComponent;
 	private final KeychainManager keychain;
+	private final SecureRandom csprng;
+	private final MasterkeyFileAccess masterkeyFileAccess;
 
 	public NiceSecurePasswordField oldPasswordField;
 	public CheckBox finalConfirmationCheckbox;
 	public Button finishButton;
+	public NewPasswordController newPasswordController;
 
 	@Inject
-	public ChangePasswordController(@ChangePasswordWindow Stage window, @ChangePasswordWindow Vault vault, @Named("newPassword") ObjectProperty<CharSequence> newPassword, ErrorComponent.Builder errorComponent, KeychainManager keychain) {
+	public ChangePasswordController(@ChangePasswordWindow Stage window, @ChangePasswordWindow Vault vault, ErrorComponent.Builder errorComponent, KeychainManager keychain, SecureRandom csprng, MasterkeyFileAccess masterkeyFileAccess) {
 		this.window = window;
 		this.vault = vault;
-		this.newPassword = newPassword;
 		this.errorComponent = errorComponent;
 		this.keychain = keychain;
+		this.csprng = csprng;
+		this.masterkeyFileAccess = masterkeyFileAccess;
 	}
 
 	@FXML
 	public void initialize() {
 		BooleanBinding checkboxNotConfirmed = finalConfirmationCheckbox.selectedProperty().not();
 		BooleanBinding oldPasswordFieldEmpty = oldPasswordField.textProperty().isEmpty();
-		BooleanBinding newPasswordInvalid = Bindings.createBooleanBinding(() -> newPassword.get() == null || newPassword.get().length() == 0, newPassword);
-		finishButton.disableProperty().bind(checkboxNotConfirmed.or(oldPasswordFieldEmpty).or(newPasswordInvalid));
+		finishButton.disableProperty().bind(checkboxNotConfirmed.or(oldPasswordFieldEmpty).or(newPasswordController.passwordsMatchAndSufficientProperty().not()));
+		window.setOnHiding(event -> {
+			oldPasswordField.wipe();
+			newPasswordController.passwordField.wipe();
+			newPasswordController.reenterField.wipe();
+		});
 	}
 
 	@FXML
@@ -67,24 +78,31 @@ public class ChangePasswordController implements FxController {
 	@FXML
 	public void finish() {
 		try {
-			CryptoFileSystemProvider.changePassphrase(vault.getPath(), MASTERKEY_FILENAME, oldPasswordField.getCharacters(), newPassword.get());
+			CharSequence oldPassphrase = oldPasswordField.getCharacters();
+			CharSequence newPassphrase = newPasswordController.passwordField.getCharacters();
+			Path masterkeyPath = vault.getPath().resolve(MASTERKEY_FILENAME);
+			byte[] oldMasterkeyBytes = Files.readAllBytes(masterkeyPath);
+			byte[] newMasterkeyBytes = masterkeyFileAccess.changePassphrase(oldMasterkeyBytes, oldPassphrase, newPassphrase);
+			Path backupKeyPath = vault.getPath().resolve(MASTERKEY_FILENAME + MasterkeyBackupHelper.generateFileIdSuffix(oldMasterkeyBytes) + MASTERKEY_BACKUP_SUFFIX);
+			Files.move(masterkeyPath, backupKeyPath, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.ATOMIC_MOVE);
+			Files.write(masterkeyPath, newMasterkeyBytes, StandardOpenOption.CREATE_NEW, StandardOpenOption.WRITE);
 			LOG.info("Successfully changed password for {}", vault.getDisplayName());
-			window.close();
 			updatePasswordInSystemkeychain();
-		} catch (IOException e) {
-			LOG.error("IO error occured during password change. Unable to perform operation.", e);
-			errorComponent.cause(e).window(window).returnToScene(window.getScene()).build().showErrorScene();
+			window.close();
 		} catch (InvalidPassphraseException e) {
 			Animations.createShakeWindowAnimation(window).play();
 			oldPasswordField.selectAll();
 			oldPasswordField.requestFocus();
+		} catch (IOException | CryptoException e) {
+			LOG.error("Password change failed. Unable to perform operation.", e);
+			errorComponent.cause(e).window(window).returnToScene(window.getScene()).build().showErrorScene();
 		}
 	}
 
 	private void updatePasswordInSystemkeychain() {
-		if (keychain.isSupported()) {
+		if (keychain.isSupported() && !keychain.isLocked()) {
 			try {
-				keychain.changePassphrase(vault.getId(), CharBuffer.wrap(newPassword.get()));
+				keychain.changePassphrase(vault.getId(), newPasswordController.passwordField.getCharacters());
 				LOG.info("Successfully updated password in system keychain for {}", vault.getDisplayName());
 			} catch (KeychainAccessException e) {
 				LOG.error("Failed to update password in system keychain.", e);
diff --git a/main/ui/src/main/java/org/cryptomator/ui/changepassword/ChangePasswordModule.java b/main/ui/src/main/java/org/cryptomator/ui/changepassword/ChangePasswordModule.java
index e80871208..d95b19410 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/changepassword/ChangePasswordModule.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/changepassword/ChangePasswordModule.java
@@ -5,10 +5,10 @@ import dagger.Module;
 import dagger.Provides;
 import dagger.multibindings.IntoMap;
 import org.cryptomator.ui.common.DefaultSceneFactory;
-import org.cryptomator.ui.common.FxmlLoaderFactory;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxControllerKey;
 import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlLoaderFactory;
 import org.cryptomator.ui.common.FxmlScene;
 import org.cryptomator.ui.common.NewPasswordController;
 import org.cryptomator.ui.common.PasswordStrengthUtil;
@@ -16,8 +16,6 @@ import org.cryptomator.ui.common.StageFactory;
 
 import javax.inject.Named;
 import javax.inject.Provider;
-import javafx.beans.property.ObjectProperty;
-import javafx.beans.property.SimpleObjectProperty;
 import javafx.scene.Scene;
 import javafx.stage.Modality;
 import javafx.stage.Stage;
@@ -27,13 +25,6 @@ import java.util.ResourceBundle;
 @Module
 abstract class ChangePasswordModule {
 
-	@Provides
-	@ChangePasswordScoped
-	@Named("newPassword")
-	static ObjectProperty<CharSequence> provideNewPasswordProperty() {
-		return new SimpleObjectProperty<>("");
-	}
-
 	@Provides
 	@ChangePasswordWindow
 	@ChangePasswordScoped
@@ -71,8 +62,8 @@ abstract class ChangePasswordModule {
 	@Provides
 	@IntoMap
 	@FxControllerKey(NewPasswordController.class)
-	static FxController provideNewPasswordController(ResourceBundle resourceBundle, PasswordStrengthUtil strengthRater, @Named("newPassword") ObjectProperty<CharSequence> password) {
-		return new NewPasswordController(resourceBundle, strengthRater, password);
+	static FxController provideNewPasswordController(ResourceBundle resourceBundle, PasswordStrengthUtil strengthRater) {
+		return new NewPasswordController(resourceBundle, strengthRater);
 	}
 
 }
diff --git a/main/ui/src/main/java/org/cryptomator/ui/common/FxmlFile.java b/main/ui/src/main/java/org/cryptomator/ui/common/FxmlFile.java
index 4d429ab7d..b8d5bbff0 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/common/FxmlFile.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/common/FxmlFile.java
@@ -11,6 +11,8 @@ public enum FxmlFile {
 	CHANGEPASSWORD("/fxml/changepassword.fxml"), //
 	ERROR("/fxml/error.fxml"), //
 	FORGET_PASSWORD("/fxml/forget_password.fxml"), //
+	HEALTH_START("/fxml/health_start.fxml"), //
+	HEALTH_CHECK_LIST("/fxml/health_check_list.fxml"), //
 	LOCK_FORCED("/fxml/lock_forced.fxml"), //
 	LOCK_FAILED("/fxml/lock_failed.fxml"), //
 	MAIN_WINDOW("/fxml/main_window.fxml"), //
@@ -26,8 +28,9 @@ public enum FxmlFile {
 	RECOVERYKEY_RESET_PASSWORD("/fxml/recoverykey_reset_password.fxml"), //
 	RECOVERYKEY_SUCCESS("/fxml/recoverykey_success.fxml"), //
 	REMOVE_VAULT("/fxml/remove_vault.fxml"), //
-	UNLOCK("/fxml/unlock.fxml"),
+	UNLOCK_ENTER_PASSWORD("/fxml/unlock_enter_password.fxml"),
 	UNLOCK_INVALID_MOUNT_POINT("/fxml/unlock_invalid_mount_point.fxml"), //
+	UNLOCK_SELECT_MASTERKEYFILE("/fxml/unlock_select_masterkeyfile.fxml"), //
 	UNLOCK_SUCCESS("/fxml/unlock_success.fxml"), //
 	VAULT_OPTIONS("/fxml/vault_options.fxml"), //
 	VAULT_STATISTICS("/fxml/stats.fxml"), //
diff --git a/main/ui/src/main/java/org/cryptomator/ui/common/NewPasswordController.java b/main/ui/src/main/java/org/cryptomator/ui/common/NewPasswordController.java
index b7bf48870..13e59f2cd 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/common/NewPasswordController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/common/NewPasswordController.java
@@ -8,7 +8,8 @@ import javafx.beans.Observable;
 import javafx.beans.binding.Bindings;
 import javafx.beans.binding.BooleanBinding;
 import javafx.beans.property.IntegerProperty;
-import javafx.beans.property.ObjectProperty;
+import javafx.beans.property.ReadOnlyBooleanProperty;
+import javafx.beans.property.ReadOnlyBooleanWrapper;
 import javafx.beans.property.SimpleIntegerProperty;
 import javafx.fxml.FXML;
 import javafx.scene.control.Label;
@@ -18,8 +19,8 @@ public class NewPasswordController implements FxController {
 
 	private final ResourceBundle resourceBundle;
 	private final PasswordStrengthUtil strengthRater;
-	private final ObjectProperty<CharSequence> password;
 	private final IntegerProperty passwordStrength = new SimpleIntegerProperty(-1);
+	private final ReadOnlyBooleanWrapper passwordsMatchAndSufficient = new ReadOnlyBooleanWrapper();
 
 	public NiceSecurePasswordField passwordField;
 	public NiceSecurePasswordField reenterField;
@@ -31,10 +32,9 @@ public class NewPasswordController implements FxController {
 	public FontAwesome5IconView passwordMatchCheckmark;
 	public FontAwesome5IconView passwordMatchCross;
 
-	public NewPasswordController(ResourceBundle resourceBundle, PasswordStrengthUtil strengthRater, ObjectProperty<CharSequence> password) {
+	public NewPasswordController(ResourceBundle resourceBundle, PasswordStrengthUtil strengthRater) {
 		this.resourceBundle = resourceBundle;
 		this.strengthRater = strengthRater;
-		this.password = password;
 	}
 
 	@FXML
@@ -44,7 +44,7 @@ public class NewPasswordController implements FxController {
 		passwordStrengthLabel.graphicProperty().bind(Bindings.createObjectBinding(this::getIconViewForPasswordStrengthLabel, passwordField.textProperty(), passwordStrength));
 		passwordStrengthLabel.textProperty().bind(EasyBind.map(passwordStrength, strengthRater::getStrengthDescription));
 
-		BooleanBinding passwordsMatch = Bindings.createBooleanBinding(this::hasSamePasswordInBothFields, passwordField.textProperty(), reenterField.textProperty());
+		BooleanBinding passwordsMatch = Bindings.createBooleanBinding(this::passwordFieldsMatch, passwordField.textProperty(), reenterField.textProperty());
 		BooleanBinding reenterFieldNotEmpty = reenterField.textProperty().isNotEmpty();
 		passwordMatchLabel.visibleProperty().bind(reenterFieldNotEmpty);
 		passwordMatchLabel.graphicProperty().bind(Bindings.when(passwordsMatch.and(reenterFieldNotEmpty)).then(passwordMatchCheckmark).otherwise(passwordMatchCross));
@@ -54,6 +54,7 @@ public class NewPasswordController implements FxController {
 		reenterField.textProperty().addListener(this::passwordsDidChange);
 	}
 
+
 	private FontAwesome5IconView getIconViewForPasswordStrengthLabel() {
 		if (passwordField.getCharacters().length() == 0) {
 			return null;
@@ -67,17 +68,19 @@ public class NewPasswordController implements FxController {
 	}
 
 	private void passwordsDidChange(@SuppressWarnings("unused") Observable observable) {
-		if (hasSamePasswordInBothFields() && strengthRater.fulfillsMinimumRequirements(passwordField.getCharacters())) {
-			password.set(passwordField.getCharacters());
-		} else {
-			password.set("");
+		if (passwordFieldsMatch() && strengthRater.fulfillsMinimumRequirements(passwordField.getCharacters())) {
+			passwordsMatchAndSufficient.setValue(true);
 		}
 	}
 
-	private boolean hasSamePasswordInBothFields() {
+	private boolean passwordFieldsMatch() {
 		return CharSequence.compare(passwordField.getCharacters(), reenterField.getCharacters()) == 0;
 	}
 
+	public ReadOnlyBooleanProperty passwordsMatchAndSufficientProperty() {
+		return passwordsMatchAndSufficient.getReadOnlyProperty();
+	}
+
 	/* Getter/Setter */
 
 	public IntegerProperty passwordStrengthProperty() {
diff --git a/main/ui/src/main/java/org/cryptomator/ui/common/VaultService.java b/main/ui/src/main/java/org/cryptomator/ui/common/VaultService.java
index 57393b858..b81ddec49 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/common/VaultService.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/common/VaultService.java
@@ -1,5 +1,6 @@
 package org.cryptomator.ui.common;
 
+import org.cryptomator.common.vaults.LockNotCompletedException;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultState;
 import org.cryptomator.common.vaults.Volume;
@@ -175,24 +176,29 @@ public class VaultService {
 		}
 
 		@Override
-		protected Vault call() throws Volume.VolumeException {
+		protected Vault call() throws Volume.VolumeException, LockNotCompletedException {
 			vault.lock(forced);
 			return vault;
 		}
 
 		@Override
 		protected void scheduled() {
-			vault.setState(VaultState.PROCESSING);
+			vault.stateProperty().transition(VaultState.Value.UNLOCKED, VaultState.Value.PROCESSING);
 		}
 
 		@Override
 		protected void succeeded() {
-			vault.setState(VaultState.LOCKED);
+			vault.stateProperty().transition(VaultState.Value.PROCESSING, VaultState.Value.LOCKED);
 		}
 
 		@Override
 		protected void failed() {
-			vault.setState(VaultState.UNLOCKED);
+			vault.stateProperty().transition(VaultState.Value.PROCESSING, VaultState.Value.UNLOCKED);
+		}
+
+		@Override
+		protected void cancelled() {
+			vault.stateProperty().transition(VaultState.Value.PROCESSING, VaultState.Value.UNLOCKED);
 		}
 
 	}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/controls/FontAwesome5Icon.java b/main/ui/src/main/java/org/cryptomator/ui/controls/FontAwesome5Icon.java
index 1c799d56d..91865c02e 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/controls/FontAwesome5Icon.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/controls/FontAwesome5Icon.java
@@ -6,8 +6,10 @@ package org.cryptomator.ui.controls;
 public enum FontAwesome5Icon {
 	ANCHOR("\uF13D"), //
 	ARROW_UP("\uF062"), //
+	BAN("\uF05E"), //
 	BUG("\uF188"), //
 	CHECK("\uF00C"), //
+	CLOCK("\uF017"), //
 	COG("\uF013"), //
 	COGS("\uF085"), //
 	COPY("\uF0C5"), //
diff --git a/main/ui/src/main/java/org/cryptomator/ui/controls/FormattedLabel.java b/main/ui/src/main/java/org/cryptomator/ui/controls/FormattedLabel.java
index c99cc62ea..04ed7e477 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/controls/FormattedLabel.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/controls/FormattedLabel.java
@@ -12,6 +12,7 @@ public class FormattedLabel extends Label {
 
 	private final StringProperty format = new SimpleStringProperty("");
 	private final ObjectProperty<Object> arg1 = new SimpleObjectProperty<>();
+	private final ObjectProperty<Object> arg2 = new SimpleObjectProperty<>();
 	// add arg2, arg3, ... on demand
 
 	public FormattedLabel() {
@@ -19,11 +20,11 @@ public class FormattedLabel extends Label {
 	}
 
 	protected StringBinding createStringBinding() {
-		return Bindings.createStringBinding(this::updateText, format, arg1);
+		return Bindings.createStringBinding(this::updateText, format, arg1, arg2);
 	}
 
 	private String updateText() {
-		return String.format(format.get(), arg1.get());
+		return String.format(format.get(), arg1.get(), arg2.get());
 	}
 
 	/* Observables */
@@ -51,4 +52,16 @@ public class FormattedLabel extends Label {
 	public void setArg1(Object arg1) {
 		this.arg1.set(arg1);
 	}
+
+	public ObjectProperty<Object> arg2Property() {
+		return arg2;
+	}
+
+	public Object getArg2() {
+		return arg2.get();
+	}
+
+	public void setArg2(Object arg2) {
+		this.arg2.set(arg2);
+	}
 }
diff --git a/main/ui/src/main/java/org/cryptomator/ui/controls/SecurePasswordField.java b/main/ui/src/main/java/org/cryptomator/ui/controls/SecurePasswordField.java
index 0fde886f6..3689b7e6e 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/controls/SecurePasswordField.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/controls/SecurePasswordField.java
@@ -123,7 +123,7 @@ public class SecurePasswordField extends TextField {
 	}
 
 	private void updateCapsLocked() {
-		// AWT code needed until https://bugs.openjdk.java.net/browse/JDK-8090882 is closed:
+		//TODO: fixed in JavaFX 17. AWT code needed until update (see https://bugs.openjdk.java.net/browse/JDK-8259680)
 		capsLocked.set(isFocused() && Toolkit.getDefaultToolkit().getLockingKeyState(java.awt.event.KeyEvent.VK_CAPS_LOCK));
 	}
 
diff --git a/main/ui/src/main/java/org/cryptomator/ui/fxapp/FxApplication.java b/main/ui/src/main/java/org/cryptomator/ui/fxapp/FxApplication.java
index cc6e97d72..a19a13bf1 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/fxapp/FxApplication.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/fxapp/FxApplication.java
@@ -14,11 +14,13 @@ import org.cryptomator.common.settings.Settings;
 import org.cryptomator.common.settings.UiTheme;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultListManager;
+import org.cryptomator.common.vaults.VaultState;
 import org.cryptomator.integrations.tray.TrayIntegrationProvider;
 import org.cryptomator.integrations.uiappearance.Theme;
 import org.cryptomator.integrations.uiappearance.UiAppearanceException;
 import org.cryptomator.integrations.uiappearance.UiAppearanceListener;
 import org.cryptomator.integrations.uiappearance.UiAppearanceProvider;
+import org.cryptomator.ui.common.ErrorComponent;
 import org.cryptomator.ui.common.VaultService;
 import org.cryptomator.ui.lock.LockComponent;
 import org.cryptomator.ui.mainwindow.MainWindowComponent;
@@ -47,8 +49,9 @@ public class FxApplication extends Application {
 	private final Lazy<MainWindowComponent> mainWindow;
 	private final Lazy<PreferencesComponent> preferencesWindow;
 	private final Lazy<QuitComponent> quitWindow;
-	private final Provider<UnlockComponent.Builder> unlockWindowBuilderProvider;
-	private final Provider<LockComponent.Builder> lockWindowBuilderProvider;
+	private final Provider<UnlockComponent.Builder> unlockWorkflowBuilderProvider;
+	private final Provider<LockComponent.Builder> lockWorkflowBuilderProvider;
+	private final ErrorComponent.Builder errorWindowBuilder;
 	private final Optional<TrayIntegrationProvider> trayIntegration;
 	private final Optional<UiAppearanceProvider> appearanceProvider;
 	private final VaultService vaultService;
@@ -60,13 +63,14 @@ public class FxApplication extends Application {
 	private final ScheduledExecutorService scheduledExecutorService;
 
 	@Inject
-	FxApplication(Settings settings, Lazy<MainWindowComponent> mainWindow, Lazy<PreferencesComponent> preferencesWindow, Provider<UnlockComponent.Builder> unlockWindowBuilderProvider, Provider<LockComponent.Builder> lockWindowBuilderProvider, Lazy<QuitComponent> quitWindow, Optional<TrayIntegrationProvider> trayIntegration, Optional<UiAppearanceProvider> appearanceProvider, VaultService vaultService, LicenseHolder licenseHolder, VaultListManager vaultListManager, ScheduledExecutorService scheduledExecutorService) {
+	FxApplication(Settings settings, Lazy<MainWindowComponent> mainWindow, Lazy<PreferencesComponent> preferencesWindow, Provider<UnlockComponent.Builder> unlockWorkflowBuilderProvider, Provider<LockComponent.Builder> lockWorkflowBuilderProvider, Lazy<QuitComponent> quitWindow, ErrorComponent.Builder errorWindowBuilder, Optional<TrayIntegrationProvider> trayIntegration, Optional<UiAppearanceProvider> appearanceProvider, VaultService vaultService, LicenseHolder licenseHolder, VaultListManager vaultListManager, ScheduledExecutorService scheduledExecutorService) {
 		this.settings = settings;
 		this.mainWindow = mainWindow;
 		this.preferencesWindow = preferencesWindow;
-		this.unlockWindowBuilderProvider = unlockWindowBuilderProvider;
-		this.lockWindowBuilderProvider = lockWindowBuilderProvider;
+		this.unlockWorkflowBuilderProvider = unlockWorkflowBuilderProvider;
+		this.lockWorkflowBuilderProvider = lockWorkflowBuilderProvider;
 		this.quitWindow = quitWindow;
+		this.errorWindowBuilder = errorWindowBuilder;
 		this.trayIntegration = trayIntegration;
 		this.appearanceProvider = appearanceProvider;
 		this.vaultService = vaultService;
@@ -93,7 +97,7 @@ public class FxApplication extends Application {
 	}
 
 	private void hasVisibleStagesChanged(@SuppressWarnings("unused") ObservableValue<? extends Boolean> observableValue, @SuppressWarnings("unused") boolean oldValue, boolean newValue) {
-		LOG.warn("has visible stages: {}", newValue);
+		LOG.debug("has visible stages: {}", newValue);
 		if (newValue) {
 			trayIntegration.ifPresent(TrayIntegrationProvider::restoredFromTray);
 		} else {
@@ -120,16 +124,24 @@ public class FxApplication extends Application {
 
 	public void startUnlockWorkflow(Vault vault, Optional<Stage> owner) {
 		Platform.runLater(() -> {
-			unlockWindowBuilderProvider.get().vault(vault).owner(owner).build().startUnlockWorkflow();
-			LOG.debug("Showing UnlockWindow for {}", vault.getDisplayName());
+			if (vault.stateProperty().transition(VaultState.Value.LOCKED, VaultState.Value.PROCESSING)) {
+				unlockWorkflowBuilderProvider.get().vault(vault).owner(owner).build().startUnlockWorkflow();
+				LOG.debug("Start unlock workflow for {}", vault.getDisplayName());
+			} else {
+				showMainWindow().thenAccept(mainWindow -> errorWindowBuilder.window(mainWindow).cause(new IllegalStateException("Unable to unlock vault in non-locked state.")));
+			}
 		});
 		checkAutolock(vault, owner);
 	}
 
 	public void startLockWorkflow(Vault vault, Optional<Stage> owner) {
 		Platform.runLater(() -> {
-			lockWindowBuilderProvider.get().vault(vault).owner(owner).build().startLockWorkflow();
-			LOG.debug("Start lock workflow for {}", vault.getDisplayName());
+			if (vault.stateProperty().transition(VaultState.Value.UNLOCKED, VaultState.Value.PROCESSING)) {
+				lockWorkflowBuilderProvider.get().vault(vault).owner(owner).build().startLockWorkflow();
+				LOG.debug("Start lock workflow for {}", vault.getDisplayName());
+			} else {
+				showMainWindow().thenAccept(mainWindow -> errorWindowBuilder.window(mainWindow).cause(new IllegalStateException("Unable to lock vault in non-unlocked state.")));
+			}
 		});
 	}
 
diff --git a/main/ui/src/main/java/org/cryptomator/ui/fxapp/UpdateCheckerModule.java b/main/ui/src/main/java/org/cryptomator/ui/fxapp/UpdateCheckerModule.java
index 596e704e9..ef8621f3b 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/fxapp/UpdateCheckerModule.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/fxapp/UpdateCheckerModule.java
@@ -15,6 +15,7 @@ import javafx.beans.property.StringProperty;
 import javafx.concurrent.ScheduledService;
 import javafx.concurrent.Task;
 import javafx.util.Duration;
+import java.io.UncheckedIOException;
 import java.net.URI;
 import java.net.http.HttpClient;
 import java.net.http.HttpRequest;
@@ -39,8 +40,13 @@ public abstract class UpdateCheckerModule {
 
 	@Provides
 	@FxApplicationScoped
-	static HttpClient provideHttpClient() {
-		return HttpClient.newHttpClient();
+	static Optional<HttpClient> provideHttpClient() {
+		try {
+			return Optional.of(HttpClient.newHttpClient());
+		} catch (UncheckedIOException e) {
+			LOG.error("HttpClient for update check cannot be created.", e);
+			return Optional.empty();
+		}
 	}
 
 	@Provides
@@ -66,11 +72,20 @@ public abstract class UpdateCheckerModule {
 
 	@Provides
 	@FxApplicationScoped
-	static ScheduledService<String> provideCheckForUpdatesService(ExecutorService executor, HttpClient httpClient, HttpRequest checkForUpdatesRequest, @Named("checkForUpdatesInterval") ObjectBinding<Duration> period) {
+	static ScheduledService<String> provideCheckForUpdatesService(ExecutorService executor, Optional<HttpClient> httpClient, HttpRequest checkForUpdatesRequest, @Named("checkForUpdatesInterval") ObjectBinding<Duration> period) {
 		ScheduledService<String> service = new ScheduledService<>() {
 			@Override
 			protected Task<String> createTask() {
-				return new UpdateCheckerTask(httpClient, checkForUpdatesRequest);
+				if (httpClient.isPresent()) {
+					return new UpdateCheckerTask(httpClient.get(), checkForUpdatesRequest);
+				} else {
+					return new Task<>() {
+						@Override
+						protected String call() {
+							throw new NullPointerException("No HttpClient present.");
+						}
+					};
+				}
 			}
 		};
 		service.setOnFailed(event -> LOG.error("Failed to execute update service", service.getException()));
diff --git a/main/ui/src/main/java/org/cryptomator/ui/health/BatchService.java b/main/ui/src/main/java/org/cryptomator/ui/health/BatchService.java
new file mode 100644
index 000000000..f3968c27d
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/health/BatchService.java
@@ -0,0 +1,36 @@
+package org.cryptomator.ui.health;
+
+import com.google.common.base.Preconditions;
+import com.google.common.base.Suppliers;
+import dagger.Lazy;
+
+import javax.inject.Inject;
+import javafx.concurrent.Service;
+import javafx.concurrent.Task;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.concurrent.ExecutorService;
+import java.util.function.Supplier;
+
+public class BatchService extends Service<Void> {
+
+	private final Iterator<HealthCheckTask> remainingTasks;
+
+	@Inject
+	public BatchService(Iterable<HealthCheckTask> tasks) {
+		this.remainingTasks = tasks.iterator();
+	}
+
+	@Override
+	protected Task<Void> createTask() {
+		Preconditions.checkState(remainingTasks.hasNext(), "No remaining tasks");
+		return remainingTasks.next();
+	}
+
+	@Override
+	protected void succeeded() {
+		if (remainingTasks.hasNext()) {
+			this.restart();
+		}
+	}
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/health/CheckDetailController.java b/main/ui/src/main/java/org/cryptomator/ui/health/CheckDetailController.java
new file mode 100644
index 000000000..d579ff709
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/health/CheckDetailController.java
@@ -0,0 +1,170 @@
+package org.cryptomator.ui.health;
+
+import com.tobiasdiez.easybind.EasyBind;
+import com.tobiasdiez.easybind.EasyObservableList;
+import com.tobiasdiez.easybind.Subscription;
+import com.tobiasdiez.easybind.optional.OptionalBinding;
+import org.cryptomator.cryptofs.health.api.DiagnosticResult;
+import org.cryptomator.ui.common.FxController;
+
+import javax.inject.Inject;
+import javafx.beans.binding.Binding;
+import javafx.beans.property.ObjectProperty;
+import javafx.beans.value.ObservableValue;
+import javafx.collections.FXCollections;
+import javafx.concurrent.Worker;
+import javafx.fxml.FXML;
+import javafx.scene.control.ListView;
+import java.util.function.Function;
+import java.util.stream.Stream;
+
+@HealthCheckScoped
+public class CheckDetailController implements FxController {
+
+	private final EasyObservableList<DiagnosticResult> results;
+	private final OptionalBinding<Worker.State> taskState;
+	private final Binding<String> taskName;
+	private final Binding<Number> taskDuration;
+	private final ResultListCellFactory resultListCellFactory;
+	private final Binding<Boolean> taskRunning;
+	private final Binding<Boolean> taskScheduled;
+	private final Binding<Boolean> taskFinished;
+	private final Binding<Boolean> taskNotStarted;
+	private final Binding<Boolean> taskSucceeded;
+	private final Binding<Boolean> taskFailed;
+	private final Binding<Boolean> taskCancelled;
+	private final Binding<Number> countOfWarnSeverity;
+	private final Binding<Number> countOfCritSeverity;
+
+	public ListView<DiagnosticResult> resultsListView;
+	private Subscription resultSubscription;
+
+	@Inject
+	public CheckDetailController(ObjectProperty<HealthCheckTask> selectedTask, ResultListCellFactory resultListCellFactory) {
+		this.results = EasyBind.wrapList(FXCollections.observableArrayList());
+		this.taskState = EasyBind.wrapNullable(selectedTask).mapObservable(HealthCheckTask::stateProperty);
+		this.taskName = EasyBind.wrapNullable(selectedTask).map(HealthCheckTask::getTitle).orElse("");
+		this.taskDuration = EasyBind.wrapNullable(selectedTask).mapObservable(HealthCheckTask::durationInMillisProperty).orElse(-1L);
+		this.resultListCellFactory = resultListCellFactory;
+		this.taskRunning = EasyBind.wrapNullable(selectedTask).mapObservable(HealthCheckTask::runningProperty).orElse(false); //TODO: DOES NOT WORK
+		this.taskScheduled = taskState.map(Worker.State.SCHEDULED::equals).orElse(false);
+		this.taskNotStarted = taskState.map(Worker.State.READY::equals).orElse(false);
+		this.taskSucceeded = taskState.map(Worker.State.SUCCEEDED::equals).orElse(false);
+		this.taskFailed = taskState.map(Worker.State.FAILED::equals).orElse(false);
+		this.taskCancelled = taskState.map(Worker.State.CANCELLED::equals).orElse(false);
+		this.taskFinished = EasyBind.combine(taskSucceeded, taskFailed, taskCancelled, (a, b, c) -> a || b || c);
+		this.countOfWarnSeverity = results.reduce(countSeverity(DiagnosticResult.Severity.WARN));
+		this.countOfCritSeverity = results.reduce(countSeverity(DiagnosticResult.Severity.CRITICAL));
+		selectedTask.addListener(this::selectedTaskChanged);
+	}
+
+	private void selectedTaskChanged(ObservableValue<? extends HealthCheckTask> observable, HealthCheckTask oldValue, HealthCheckTask newValue) {
+		if (resultSubscription != null) {
+			resultSubscription.unsubscribe();
+		}
+		if (newValue != null) {
+			resultSubscription = EasyBind.bindContent(results, newValue.results());
+		}
+	}
+
+	private Function<Stream<? extends DiagnosticResult>, Long> countSeverity(DiagnosticResult.Severity severity) {
+		return stream -> stream.filter(item -> severity.equals(item.getServerity())).count();
+	}
+
+	@FXML
+	public void initialize() {
+		resultsListView.setItems(results);
+		resultsListView.setCellFactory(resultListCellFactory);
+	}
+
+	/* Getter/Setter */
+
+	public String getTaskName() {
+		return taskName.getValue();
+	}
+
+	public Binding<String> taskNameProperty() {
+		return taskName;
+	}
+
+	public Number getTaskDuration() {
+		return taskDuration.getValue();
+	}
+
+	public Binding<Number> taskDurationProperty() {
+		return taskDuration;
+	}
+
+	public long getCountOfWarnSeverity() {
+		return countOfWarnSeverity.getValue().longValue();
+	}
+
+	public Binding<Number> countOfWarnSeverityProperty() {
+		return countOfWarnSeverity;
+	}
+
+	public long getCountOfCritSeverity() {
+		return countOfCritSeverity.getValue().longValue();
+	}
+
+	public Binding<Number> countOfCritSeverityProperty() {
+		return countOfCritSeverity;
+	}
+
+	public boolean isTaskRunning() {
+		return taskRunning.getValue();
+	}
+
+	public Binding<Boolean> taskRunningProperty() {
+		return taskRunning;
+	}
+
+	public boolean isTaskFinished() {
+		return taskFinished.getValue();
+	}
+
+	public Binding<Boolean> taskFinishedProperty() {
+		return taskFinished;
+	}
+
+	public boolean isTaskScheduled() {
+		return taskScheduled.getValue();
+	}
+
+	public Binding<Boolean> taskScheduledProperty() {
+		return taskScheduled;
+	}
+
+	public boolean isTaskNotStarted() {
+		return taskNotStarted.getValue();
+	}
+
+	public Binding<Boolean> taskNotStartedProperty() {
+		return taskNotStarted;
+	}
+
+	public boolean isTaskSucceeded() {
+		return taskSucceeded.getValue();
+	}
+
+	public Binding<Boolean> taskSucceededProperty() {
+		return taskSucceeded;
+	}
+
+	public boolean isTaskFailed() {
+		return taskFailed.getValue();
+	}
+
+	public Binding<Boolean> taskFailedProperty() {
+		return taskFailed;
+	}
+
+	public boolean isTaskCancelled() {
+		return taskCancelled.getValue();
+	}
+
+	public Binding<Boolean> taskCancelledProperty() {
+		return taskCancelled;
+	}
+
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/health/CheckListCell.java b/main/ui/src/main/java/org/cryptomator/ui/health/CheckListCell.java
new file mode 100644
index 000000000..78f8b1b33
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/health/CheckListCell.java
@@ -0,0 +1,64 @@
+package org.cryptomator.ui.health;
+
+import org.cryptomator.ui.controls.FontAwesome5Icon;
+import org.cryptomator.ui.controls.FontAwesome5IconView;
+
+import javafx.beans.binding.Bindings;
+import javafx.beans.value.ObservableValue;
+import javafx.concurrent.Worker;
+import javafx.geometry.Insets;
+import javafx.geometry.Pos;
+import javafx.scene.Node;
+import javafx.scene.control.ContentDisplay;
+import javafx.scene.control.ListCell;
+
+class CheckListCell extends ListCell<HealthCheckTask> {
+
+	private final FontAwesome5IconView stateIcon = new FontAwesome5IconView();
+
+	CheckListCell() {
+		setPadding(new Insets(6));
+		setAlignment(Pos.CENTER_LEFT);
+		setContentDisplay(ContentDisplay.LEFT);
+	}
+
+	@Override
+	protected void updateItem(HealthCheckTask item, boolean empty) {
+		super.updateItem(item, empty);
+
+		if (item != null) {
+			textProperty().bind(item.titleProperty());
+			item.stateProperty().addListener(this::stateChanged);
+			graphicProperty().bind(Bindings.createObjectBinding(() -> graphicForState(item.getState()),item.stateProperty()));
+			stateIcon.setGlyph(glyphForState(item.getState()));
+		} else {
+			textProperty().unbind();
+			graphicProperty().unbind();
+			setGraphic(null);
+			setText(null);
+		}
+	}
+
+	private void stateChanged(ObservableValue<? extends Worker.State> observable, Worker.State oldState, Worker.State newState) {
+		stateIcon.setGlyph(glyphForState(newState));
+		stateIcon.setVisible(true);
+	}
+
+	private Node graphicForState(Worker.State state) {
+		return switch (state) {
+			case READY -> null;
+			case SCHEDULED, RUNNING, FAILED, CANCELLED, SUCCEEDED -> stateIcon;
+		};
+	}
+
+	private FontAwesome5Icon glyphForState(Worker.State state) {
+		return switch (state) {
+			case READY -> FontAwesome5Icon.COG; //just a placeholder
+			case SCHEDULED -> FontAwesome5Icon.CLOCK;
+			case RUNNING -> FontAwesome5Icon.SPINNER;
+			case FAILED -> FontAwesome5Icon.EXCLAMATION_TRIANGLE;
+			case CANCELLED -> FontAwesome5Icon.BAN;
+			case SUCCEEDED -> FontAwesome5Icon.CHECK;
+		};
+	}
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/health/CheckListController.java b/main/ui/src/main/java/org/cryptomator/ui/health/CheckListController.java
new file mode 100644
index 000000000..ccb41d56b
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/health/CheckListController.java
@@ -0,0 +1,180 @@
+package org.cryptomator.ui.health;
+
+import com.google.common.base.Preconditions;
+import com.tobiasdiez.easybind.EasyBind;
+import dagger.Lazy;
+import org.cryptomator.ui.common.ErrorComponent;
+import org.cryptomator.ui.common.FxController;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.inject.Inject;
+import javafx.beans.binding.Binding;
+import javafx.beans.binding.BooleanBinding;
+import javafx.beans.property.BooleanProperty;
+import javafx.beans.property.IntegerProperty;
+import javafx.beans.property.ObjectProperty;
+import javafx.beans.property.SimpleBooleanProperty;
+import javafx.beans.property.SimpleIntegerProperty;
+import javafx.beans.property.SimpleObjectProperty;
+import javafx.beans.value.ObservableValue;
+import javafx.collections.FXCollections;
+import javafx.collections.ObservableList;
+import javafx.concurrent.Worker;
+import javafx.event.ActionEvent;
+import javafx.fxml.FXML;
+import javafx.scene.control.CheckBox;
+import javafx.scene.control.ListView;
+import javafx.scene.control.cell.CheckBoxListCell;
+import javafx.stage.Stage;
+import javafx.util.StringConverter;
+import java.io.IOException;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ExecutorService;
+
+@HealthCheckScoped
+public class CheckListController implements FxController {
+
+	private static final Logger LOG = LoggerFactory.getLogger(CheckListController.class);
+	private static final Set<Worker.State> END_STATES = Set.of(Worker.State.FAILED, Worker.State.CANCELLED, Worker.State.SUCCEEDED);
+
+	private final Stage window;
+	private final ObservableList<HealthCheckTask> tasks;
+	private final ReportWriter reportWriter;
+	private final ExecutorService executorService;
+	private final ObjectProperty<HealthCheckTask> selectedTask;
+	private final Lazy<ErrorComponent.Builder> errorComponenBuilder;
+	private final SimpleObjectProperty<Worker<?>> runningTask;
+	private final Binding<Boolean> running;
+	private final Binding<Boolean> finished;
+	private final Map<HealthCheckTask, BooleanProperty> listPickIndicators;
+	private final IntegerProperty numberOfPickedChecks;
+	private final BooleanBinding anyCheckSelected;
+	private final BooleanProperty showResultScreen;
+
+	/* FXML */
+	public ListView<HealthCheckTask> checksListView;
+
+
+	@Inject
+	public CheckListController(@HealthCheckWindow Stage window, Lazy<Collection<HealthCheckTask>> tasks, ReportWriter reportWriteTask, ObjectProperty<HealthCheckTask> selectedTask, ExecutorService executorService, Lazy<ErrorComponent.Builder> errorComponenBuilder) {
+		this.window = window;
+		this.tasks = FXCollections.observableArrayList(tasks.get());
+		this.reportWriter = reportWriteTask;
+		this.executorService = executorService;
+		this.selectedTask = selectedTask;
+		this.errorComponenBuilder = errorComponenBuilder;
+		this.runningTask = new SimpleObjectProperty<>();
+		this.running = EasyBind.wrapNullable(runningTask).mapObservable(Worker::runningProperty).orElse(false);
+		this.finished = EasyBind.wrapNullable(runningTask).mapObservable(Worker::stateProperty).map(END_STATES::contains).orElse(false);
+		this.listPickIndicators = new HashMap<>();
+		this.numberOfPickedChecks = new SimpleIntegerProperty(0);
+		this.tasks.forEach(task -> {
+			var entrySelectedProp = new SimpleBooleanProperty(false);
+			entrySelectedProp.addListener((observable, oldValue, newValue) -> numberOfPickedChecks.set(numberOfPickedChecks.get() + (newValue ? 1 : -1)));
+			listPickIndicators.put(task, entrySelectedProp);
+		});
+		this.anyCheckSelected = selectedTask.isNotNull();
+		this.showResultScreen = new SimpleBooleanProperty(false);
+	}
+
+	@FXML
+	public void initialize() {
+		checksListView.setItems(tasks);
+		checksListView.setCellFactory(CheckBoxListCell.forListView(listPickIndicators::get, new StringConverter<HealthCheckTask>() {
+			@Override
+			public String toString(HealthCheckTask object) {
+				return object.getTitle();
+			}
+
+			@Override
+			public HealthCheckTask fromString(String string) {
+				return null;
+			}
+		}));
+		selectedTask.bind(checksListView.getSelectionModel().selectedItemProperty());
+	}
+
+	@FXML
+	public void toggleSelectAll(ActionEvent event) {
+		if (event.getSource() instanceof CheckBox c) {
+			listPickIndicators.forEach( (task, pickProperty) -> pickProperty.set(c.isSelected()));
+		}
+	}
+
+	@FXML
+	public void runSelectedChecks() {
+		Preconditions.checkState(runningTask.get() == null);
+		var batch = checksListView.getItems().filtered(item -> listPickIndicators.get(item).get());
+		var batchService = new BatchService(batch);
+		batchService.setExecutor(executorService);
+		batchService.start();
+		runningTask.set(batchService);
+		showResultScreen.set(true);
+		checksListView.getSelectionModel().select(batch.get(0));
+		checksListView.setCellFactory(view -> new CheckListCell());
+		window.sizeToScene();
+	}
+
+	@FXML
+	public synchronized void cancelCheck() {
+		Preconditions.checkState(runningTask.get() != null);
+		runningTask.get().cancel();
+	}
+
+	@FXML
+	public void exportResults() {
+		try {
+			reportWriter.writeReport(tasks);
+		} catch (IOException e) {
+			LOG.error("Failed to write health check report.", e);
+			errorComponenBuilder.get().cause(e).window(window).returnToScene(window.getScene()).build().showErrorScene();
+		}
+	}
+
+	/* Getter/Setter */
+	public boolean isRunning() {
+		return running.getValue();
+	}
+
+	public Binding<Boolean> runningProperty() {
+		return running;
+	}
+
+	public boolean isFinished() {
+		return finished.getValue();
+	}
+
+	public Binding<Boolean> finishedProperty() {
+		return finished;
+	}
+
+	public boolean isAnyCheckSelected() {
+		return anyCheckSelected.get();
+	}
+
+	public BooleanBinding anyCheckSelectedProperty() {
+		return anyCheckSelected;
+	}
+
+	public boolean getShowResultScreen() {
+		return showResultScreen.get();
+	}
+
+	public BooleanProperty showResultScreenProperty() {
+		return showResultScreen;
+	}
+
+	public int getNumberOfPickedChecks() {
+		return numberOfPickedChecks.get();
+	}
+
+	public IntegerProperty numberOfPickedChecksProperty() {
+		return numberOfPickedChecks;
+	}
+
+
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/health/HealthCheckComponent.java b/main/ui/src/main/java/org/cryptomator/ui/health/HealthCheckComponent.java
new file mode 100644
index 000000000..48b16f694
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/health/HealthCheckComponent.java
@@ -0,0 +1,39 @@
+package org.cryptomator.ui.health;
+
+import dagger.BindsInstance;
+import dagger.Lazy;
+import dagger.Subcomponent;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlScene;
+
+import javafx.scene.Scene;
+import javafx.stage.Stage;
+
+@HealthCheckScoped
+@Subcomponent(modules = {HealthCheckModule.class})
+public interface HealthCheckComponent {
+
+	@HealthCheckWindow
+	Stage window();
+
+	@FxmlScene(FxmlFile.HEALTH_START)
+	Lazy<Scene> scene();
+
+	default Stage showHealthCheckWindow() {
+		Stage stage = window();
+		stage.setScene(scene().get());
+		stage.show();
+		return stage;
+	}
+
+	@Subcomponent.Builder
+	interface Builder {
+
+		@BindsInstance
+		Builder vault(@HealthCheckWindow Vault vault);
+
+		HealthCheckComponent build();
+	}
+
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/health/HealthCheckModule.java b/main/ui/src/main/java/org/cryptomator/ui/health/HealthCheckModule.java
new file mode 100644
index 000000000..e33a9f2f1
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/health/HealthCheckModule.java
@@ -0,0 +1,141 @@
+package org.cryptomator.ui.health;
+
+import dagger.Binds;
+import dagger.Module;
+import dagger.Provides;
+import dagger.multibindings.IntoMap;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.cryptofs.VaultConfig;
+import org.cryptomator.cryptofs.health.api.HealthCheck;
+import org.cryptomator.cryptolib.api.Masterkey;
+import org.cryptomator.ui.common.DefaultSceneFactory;
+import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.common.FxControllerKey;
+import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlLoaderFactory;
+import org.cryptomator.ui.common.FxmlScene;
+import org.cryptomator.ui.common.StageFactory;
+import org.cryptomator.ui.keyloading.KeyLoadingComponent;
+import org.cryptomator.ui.keyloading.KeyLoadingStrategy;
+import org.cryptomator.ui.mainwindow.MainWindow;
+
+import javax.inject.Provider;
+import javafx.beans.property.ObjectProperty;
+import javafx.beans.property.SimpleObjectProperty;
+import javafx.beans.value.ChangeListener;
+import javafx.scene.Scene;
+import javafx.stage.Modality;
+import javafx.stage.Stage;
+import java.security.SecureRandom;
+import java.util.Collection;
+import java.util.Map;
+import java.util.Optional;
+import java.util.ResourceBundle;
+import java.util.concurrent.atomic.AtomicReference;
+
+@Module(subcomponents = {KeyLoadingComponent.class})
+abstract class HealthCheckModule {
+
+	@Provides
+	@HealthCheckScoped
+	static AtomicReference<Masterkey> provideMasterkeyRef() {
+		return new AtomicReference<>();
+	}
+
+	@Provides
+	@HealthCheckScoped
+	static AtomicReference<VaultConfig> provideVaultConfigRef() {
+		return new AtomicReference<>();
+	}
+
+	@Provides
+	@HealthCheckScoped
+	static Collection<HealthCheck> provideAvailableHealthChecks() {
+		return HealthCheck.allChecks();
+	}
+
+	@Provides
+	@HealthCheckScoped
+	static ObjectProperty<HealthCheckTask> provideSelectedHealthCheckTask() {
+		return new SimpleObjectProperty<>();
+	}
+
+	/* Only inject with Lazy-Wrapper!*/
+	@Provides
+	@HealthCheckScoped
+	static Collection<HealthCheckTask> provideAvailableHealthCheckTasks(Collection<HealthCheck> availableHealthChecks, @HealthCheckWindow Vault vault, AtomicReference<Masterkey> masterkeyRef, AtomicReference<VaultConfig> vaultConfigRef, SecureRandom csprng, ResourceBundle resourceBundle) {
+		return availableHealthChecks.stream().map(check -> new HealthCheckTask(vault.getPath(), vaultConfigRef.get(), masterkeyRef.get(), csprng, check, resourceBundle)).toList();
+	}
+
+	@Provides
+	@HealthCheckWindow
+	@HealthCheckScoped
+	static KeyLoadingStrategy provideKeyLoadingStrategy(KeyLoadingComponent.Builder compBuilder, @HealthCheckWindow Vault vault, @HealthCheckWindow Stage window) {
+		return compBuilder.vault(vault).window(window).build().keyloadingStrategy();
+	}
+
+	@Provides
+	@HealthCheckWindow
+	@HealthCheckScoped
+	static FxmlLoaderFactory provideFxmlLoaderFactory(Map<Class<? extends FxController>, Provider<FxController>> factories, DefaultSceneFactory sceneFactory, ResourceBundle resourceBundle) {
+		return new FxmlLoaderFactory(factories, sceneFactory, resourceBundle);
+	}
+
+	@Provides
+	@HealthCheckWindow
+	@HealthCheckScoped
+	static Stage provideStage(StageFactory factory, @MainWindow Stage owner, ResourceBundle resourceBundle, ChangeListener<Boolean> showingListener) {
+		Stage stage = factory.create();
+		stage.setTitle(resourceBundle.getString("health.title"));
+		stage.setResizable(true);
+		stage.initModality(Modality.WINDOW_MODAL);
+		stage.initOwner(owner);
+		stage.showingProperty().addListener(showingListener); // bind masterkey lifecycle to window
+		return stage;
+	}
+
+	@Provides
+	@HealthCheckScoped
+	static ChangeListener<Boolean> provideWindowShowingChangeListener(AtomicReference<Masterkey> masterkey) {
+		return (observable, wasShowing, isShowing) -> {
+			if (!isShowing) {
+				Optional.ofNullable(masterkey.getAndSet(null)).ifPresent(Masterkey::destroy);
+			}
+		};
+	}
+
+	@Provides
+	@FxmlScene(FxmlFile.HEALTH_START)
+	@HealthCheckScoped
+	static Scene provideHealthStartScene(@HealthCheckWindow FxmlLoaderFactory fxmlLoaders) {
+		return fxmlLoaders.createScene(FxmlFile.HEALTH_START);
+	}
+
+	@Provides
+	@FxmlScene(FxmlFile.HEALTH_CHECK_LIST)
+	@HealthCheckScoped
+	static Scene provideHealthCheckListScene(@HealthCheckWindow FxmlLoaderFactory fxmlLoaders) {
+		return fxmlLoaders.createScene(FxmlFile.HEALTH_CHECK_LIST);
+	}
+
+	@Binds
+	@IntoMap
+	@FxControllerKey(StartController.class)
+	abstract FxController bindStartController(StartController controller);
+
+	@Binds
+	@IntoMap
+	@FxControllerKey(CheckListController.class)
+	abstract FxController bindCheckController(CheckListController controller);
+
+	@Binds
+	@IntoMap
+	@FxControllerKey(CheckDetailController.class)
+	abstract FxController bindCheckDetailController(CheckDetailController controller);
+
+	@Binds
+	@IntoMap
+	@FxControllerKey(ResultListCellController.class)
+	abstract FxController bindResultListCellController(ResultListCellController controller);
+
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/health/HealthCheckScoped.java b/main/ui/src/main/java/org/cryptomator/ui/health/HealthCheckScoped.java
new file mode 100644
index 000000000..af563d737
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/health/HealthCheckScoped.java
@@ -0,0 +1,13 @@
+package org.cryptomator.ui.health;
+
+import javax.inject.Scope;
+import java.lang.annotation.Documented;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+
+@Scope
+@Documented
+@Retention(RetentionPolicy.RUNTIME)
+@interface HealthCheckScoped {
+
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/health/HealthCheckTask.java b/main/ui/src/main/java/org/cryptomator/ui/health/HealthCheckTask.java
new file mode 100644
index 000000000..7acbfc1c2
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/health/HealthCheckTask.java
@@ -0,0 +1,108 @@
+package org.cryptomator.ui.health;
+
+import org.cryptomator.cryptofs.VaultConfig;
+import org.cryptomator.cryptofs.health.api.DiagnosticResult;
+import org.cryptomator.cryptofs.health.api.HealthCheck;
+import org.cryptomator.cryptolib.api.Masterkey;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javafx.application.Platform;
+import javafx.beans.property.LongProperty;
+import javafx.beans.property.SimpleLongProperty;
+import javafx.collections.FXCollections;
+import javafx.collections.ObservableList;
+import javafx.concurrent.Task;
+import java.nio.file.Path;
+import java.security.SecureRandom;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.MissingResourceException;
+import java.util.Objects;
+import java.util.ResourceBundle;
+import java.util.concurrent.CancellationException;
+
+class HealthCheckTask extends Task<Void> {
+
+	private static final Logger LOG = LoggerFactory.getLogger(HealthCheckTask.class);
+
+	private final Path vaultPath;
+	private final VaultConfig vaultConfig;
+	private final Masterkey masterkey;
+	private final SecureRandom csprng;
+	private final HealthCheck check;
+	private final ObservableList<DiagnosticResult> results;
+	private final LongProperty durationInMillis;
+
+	public HealthCheckTask(Path vaultPath, VaultConfig vaultConfig, Masterkey masterkey, SecureRandom csprng, HealthCheck check, ResourceBundle resourceBundle) {
+		this.vaultPath = Objects.requireNonNull(vaultPath);
+		this.vaultConfig = Objects.requireNonNull(vaultConfig);
+		this.masterkey = Objects.requireNonNull(masterkey);
+		this.csprng = Objects.requireNonNull(csprng);
+		this.check = Objects.requireNonNull(check);
+		this.results = FXCollections.observableArrayList();
+		try {
+			updateTitle(resourceBundle.getString("health." + check.identifier()));
+		} catch (MissingResourceException e) {
+			LOG.warn("Missing proper name for health check {}, falling back to default.", check.identifier());
+			updateTitle(check.identifier());
+		}
+		this.durationInMillis = new SimpleLongProperty(-1);
+	}
+
+	@Override
+	protected Void call() {
+		Instant start = Instant.now();
+		try (var masterkeyClone = masterkey.clone(); //
+			 var cryptor = vaultConfig.getCipherCombo().getCryptorProvider(csprng).withKey(masterkeyClone)) {
+			check.check(vaultPath, vaultConfig, masterkeyClone, cryptor, result -> {
+				if (isCancelled()) {
+					throw new CancellationException();
+				}
+				// FIXME: slowdown for demonstration purposes only:
+				try {
+					Thread.sleep(2000);
+				} catch (InterruptedException e) {
+					if (isCancelled()) {
+						return;
+					} else {
+						Thread.currentThread().interrupt();
+						throw new RuntimeException(e);
+					}
+				}
+				Platform.runLater(() -> results.add(result));
+			});
+		}
+		Platform.runLater(() ->durationInMillis.set(Duration.between(start, Instant.now()).toMillis()));
+		return null;
+	}
+
+	@Override
+	protected void scheduled() {
+		LOG.info("starting {}", check.identifier());
+	}
+
+	@Override
+	protected void done() {
+		LOG.info("finished {}", check.identifier());
+	}
+
+	/* Getter */
+
+	public ObservableList<DiagnosticResult> results() {
+		return results;
+	}
+
+	public HealthCheck getCheck() {
+		return check;
+	}
+
+	public LongProperty durationInMillisProperty() {
+		return durationInMillis;
+	}
+
+	public long getDurationInMillis() {
+		return durationInMillis.get();
+	}
+
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/health/HealthCheckWindow.java b/main/ui/src/main/java/org/cryptomator/ui/health/HealthCheckWindow.java
new file mode 100644
index 000000000..50243c07a
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/health/HealthCheckWindow.java
@@ -0,0 +1,14 @@
+package org.cryptomator.ui.health;
+
+import javax.inject.Qualifier;
+import java.lang.annotation.Documented;
+import java.lang.annotation.Retention;
+
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+@Qualifier
+@Documented
+@Retention(RUNTIME)
+@interface HealthCheckWindow {
+
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/health/ReportWriter.java b/main/ui/src/main/java/org/cryptomator/ui/health/ReportWriter.java
new file mode 100644
index 000000000..fb74cbd51
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/health/ReportWriter.java
@@ -0,0 +1,105 @@
+package org.cryptomator.ui.health;
+
+import org.apache.commons.lang3.exception.ExceptionUtils;
+import org.cryptomator.common.Environment;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.cryptofs.VaultConfig;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.inject.Inject;
+import javafx.application.Application;
+import javafx.concurrent.Worker;
+import java.io.BufferedWriter;
+import java.io.IOException;
+import java.io.OutputStreamWriter;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.StandardOpenOption;
+import java.time.Instant;
+import java.time.ZoneId;
+import java.time.format.DateTimeFormatter;
+import java.util.Collection;
+import java.util.Objects;
+import java.util.concurrent.atomic.AtomicReference;
+import java.util.stream.Collectors;
+
+@HealthCheckScoped
+public class ReportWriter {
+
+	private static final Logger LOG = LoggerFactory.getLogger(ReportWriter.class);
+	private static final String REPORT_HEADER = """
+			**************************************
+			*   Cryptomator Vault Health Report  *
+			**************************************
+			Analyzed vault: %s (Current name "%s")
+			Vault storage path: %s
+			""";
+	private static final String REPORT_CHECK_HEADER = """
+			   
+			   
+			Check %s
+			------------------------------
+			""";
+	private static final String REPORT_CHECK_RESULT = "%8s - %s\n";
+	private static final DateTimeFormatter TIME_STAMP = DateTimeFormatter.ofPattern("yyyyMMdd-HHmmss").withZone(ZoneId.systemDefault());
+
+	private final Vault vault;
+	private final VaultConfig vaultConfig;
+	private final Application application;
+	private final Path exportDestination;
+
+	@Inject
+	public ReportWriter(@HealthCheckWindow Vault vault, AtomicReference<VaultConfig> vaultConfigRef, Application application, Environment env) {
+		this.vault = vault;
+		this.vaultConfig = Objects.requireNonNull(vaultConfigRef.get());
+		this.application = application;
+		this.exportDestination = env.getLogDir().orElse(Path.of(System.getProperty("user.home"))).resolve("healthReport_" + vault.getDisplayName() + "_" + TIME_STAMP.format(Instant.now()) + ".log");
+	}
+
+	protected void writeReport(Collection<HealthCheckTask> tasks) throws IOException {
+		try (var out = Files.newOutputStream(exportDestination, StandardOpenOption.CREATE, StandardOpenOption.WRITE, StandardOpenOption.TRUNCATE_EXISTING); //
+			 var writer = new BufferedWriter(new OutputStreamWriter(out, StandardCharsets.UTF_8))) {
+			writer.write(REPORT_HEADER.formatted(vaultConfig.getId(), vault.getDisplayName(), vault.getPath()));
+			for (var task : tasks) {
+				if (task.getState() == Worker.State.READY) {
+					LOG.debug("Skipping not performed check {}.", task.getCheck().identifier());
+					continue;
+				}
+				writer.write(REPORT_CHECK_HEADER.formatted(task.getCheck().identifier()));
+				switch (task.getState()) {
+					case SUCCEEDED -> {
+						writer.write("STATUS: SUCCESS\nRESULTS:\n");
+						for (var result : task.results()) {
+							writer.write(REPORT_CHECK_RESULT.formatted(result.getServerity(), result.toString()));
+						}
+					}
+					case CANCELLED -> writer.write("STATUS: CANCELED\n");
+					case FAILED -> {
+						writer.write("STATUS: FAILED\nREASON:\n" + task.getCheck().identifier());
+						writer.write(prepareFailureMsg(task));
+					}
+					case RUNNING, SCHEDULED -> throw new IllegalStateException("Checks are still running.");
+				}
+			}
+		}
+		reveal();
+	}
+
+	private String prepareFailureMsg(HealthCheckTask task) {
+		if (task.getException() != null) {
+			return ExceptionUtils.getStackTrace(task.getException()) //
+					.lines() //
+					.map(line -> "\t\t" + line + "\n") //
+					.collect(Collectors.joining());
+		} else {
+			return "Unknown reason of failure.";
+		}
+	}
+
+	private void reveal() {
+		application.getHostServices().showDocument(exportDestination.getParent().toUri().toString());
+	}
+
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/health/ResultFixApplier.java b/main/ui/src/main/java/org/cryptomator/ui/health/ResultFixApplier.java
new file mode 100644
index 000000000..9a639e8a0
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/health/ResultFixApplier.java
@@ -0,0 +1,47 @@
+package org.cryptomator.ui.health;
+
+import com.google.common.base.Preconditions;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.cryptofs.VaultConfig;
+import org.cryptomator.cryptofs.health.api.DiagnosticResult;
+import org.cryptomator.cryptolib.api.Masterkey;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.inject.Inject;
+import javafx.scene.control.Alert;
+import java.nio.file.Path;
+import java.security.SecureRandom;
+import java.util.concurrent.atomic.AtomicReference;
+
+@HealthCheckScoped
+class ResultFixApplier {
+
+	private static final Logger LOG = LoggerFactory.getLogger(ResultFixApplier.class);
+
+	private final Path vaultPath;
+	private final SecureRandom csprng;
+	private final Masterkey masterkey;
+	private final VaultConfig vaultConfig;
+
+	@Inject
+	public ResultFixApplier(@HealthCheckWindow Vault vault, AtomicReference<Masterkey> masterkeyRef, AtomicReference<VaultConfig> vaultConfigRef, SecureRandom csprng) {
+		this.vaultPath = vault.getPath();
+		this.masterkey = masterkeyRef.get();
+		this.vaultConfig = vaultConfigRef.get();
+		this.csprng = csprng;
+	}
+
+	public void fix(DiagnosticResult result) {
+		Preconditions.checkArgument(result.getServerity() == DiagnosticResult.Severity.WARN, "Unfixable result");
+		try (var masterkeyClone = masterkey.clone(); //
+			 var cryptor = vaultConfig.getCipherCombo().getCryptorProvider(csprng).withKey(masterkeyClone)) {
+			result.fix(vaultPath, vaultConfig, masterkeyClone, cryptor);
+		} catch (Exception e) {
+			LOG.error("Failed to apply fix", e);
+			Alert alert = new Alert(Alert.AlertType.ERROR, e.getMessage());
+			alert.showAndWait();
+			//TODO: real error/not supported handling
+		}
+	}
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/health/ResultListCellController.java b/main/ui/src/main/java/org/cryptomator/ui/health/ResultListCellController.java
new file mode 100644
index 000000000..f2bca059a
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/health/ResultListCellController.java
@@ -0,0 +1,92 @@
+package org.cryptomator.ui.health;
+
+import com.tobiasdiez.easybind.EasyBind;
+import org.cryptomator.cryptofs.health.api.DiagnosticResult;
+import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.controls.FontAwesome5Icon;
+import org.cryptomator.ui.controls.FontAwesome5IconView;
+
+import javax.inject.Inject;
+import javafx.beans.binding.Binding;
+import javafx.beans.property.ObjectProperty;
+import javafx.beans.property.SimpleObjectProperty;
+import javafx.beans.value.ObservableValue;
+import javafx.fxml.FXML;
+import javafx.scene.control.Button;
+
+// unscoped because each cell needs its own controller
+public class ResultListCellController implements FxController {
+
+	private final ResultFixApplier fixApplier;
+	private final ObjectProperty<DiagnosticResult> result;
+	private final Binding<String> description;
+
+	public FontAwesome5IconView iconView;
+	public Button actionButton;
+
+	@Inject
+	public ResultListCellController(ResultFixApplier fixApplier) {
+		this.result = new SimpleObjectProperty<>(null);
+		this.description = EasyBind.wrapNullable(result).map(DiagnosticResult::toString).orElse("");
+		this.fixApplier = fixApplier;
+		result.addListener(this::updateCellContent);
+	}
+
+	private void updateCellContent(ObservableValue<? extends DiagnosticResult> observable, DiagnosticResult oldVal, DiagnosticResult newVal) {
+		iconView.getStyleClass().clear();
+		actionButton.setVisible(false);
+		//TODO: see comment in case WARN
+		actionButton.setManaged(false);
+		switch (newVal.getServerity()) {
+			case INFO -> {
+				iconView.setGlyph(FontAwesome5Icon.INFO_CIRCLE);
+				iconView.getStyleClass().add("glyph-icon-muted");
+			}
+			case GOOD -> {
+				iconView.setGlyph(FontAwesome5Icon.CHECK);
+				iconView.getStyleClass().add("glyph-icon-primary");
+			}
+			case WARN -> {
+				iconView.setGlyph(FontAwesome5Icon.EXCLAMATION_TRIANGLE);
+				iconView.getStyleClass().add("glyph-icon-orange");
+				//TODO: Neither is any fix implemented, nor it is ensured, that only fix is executed at a time with good ui indication
+				//	before both are not fix, do not show the button
+				//actionButton.setVisible(true);
+			}
+			case CRITICAL -> {
+				iconView.setGlyph(FontAwesome5Icon.TIMES);
+				iconView.getStyleClass().add("glyph-icon-red");
+			}
+		}
+	}
+
+	@FXML
+	public void runResultAction() {
+		final var realResult = result.get();
+		if (realResult != null) {
+			fixApplier.fix(realResult);
+		}
+	}
+	/* Getter & Setter */
+
+
+	public DiagnosticResult getResult() {
+		return result.get();
+	}
+
+	public void setResult(DiagnosticResult result) {
+		this.result.set(result);
+	}
+
+	public ObjectProperty<DiagnosticResult> resultProperty() {
+		return result;
+	}
+
+	public String getDescription() {
+		return description.getValue();
+	}
+
+	public Binding<String> descriptionProperty() {
+		return description;
+	}
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/health/ResultListCellFactory.java b/main/ui/src/main/java/org/cryptomator/ui/health/ResultListCellFactory.java
new file mode 100644
index 000000000..7acada487
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/health/ResultListCellFactory.java
@@ -0,0 +1,60 @@
+package org.cryptomator.ui.health;
+
+
+import org.cryptomator.cryptofs.health.api.DiagnosticResult;
+import org.cryptomator.ui.common.FxmlLoaderFactory;
+
+import javax.inject.Inject;
+import javafx.fxml.FXMLLoader;
+import javafx.scene.Parent;
+import javafx.scene.control.ContentDisplay;
+import javafx.scene.control.ListCell;
+import javafx.scene.control.ListView;
+import javafx.util.Callback;
+import java.io.IOException;
+import java.io.UncheckedIOException;
+
+@HealthCheckScoped
+public class ResultListCellFactory implements Callback<ListView<DiagnosticResult>, ListCell<DiagnosticResult>> {
+
+	private final FxmlLoaderFactory fxmlLoaders;
+
+	@Inject
+	ResultListCellFactory(@HealthCheckWindow FxmlLoaderFactory fxmlLoaders) {
+		this.fxmlLoaders = fxmlLoaders;
+	}
+
+	@Override
+	public ListCell<DiagnosticResult> call(ListView<DiagnosticResult> param) {
+		try {
+			FXMLLoader fxmlLoader = fxmlLoaders.load("/fxml/health_result_listcell.fxml");
+			return new ResultListCellFactory.Cell(fxmlLoader.getRoot(), fxmlLoader.getController());
+		} catch (IOException e) {
+			throw new UncheckedIOException("Failed to load /fxml/health_result_listcell.fxml.", e);
+		}
+	}
+
+	private static class Cell extends ListCell<DiagnosticResult> {
+
+		private final Parent node;
+		private final ResultListCellController controller;
+
+		public Cell(Parent node, ResultListCellController controller) {
+			this.node = node;
+			this.controller = controller;
+		}
+
+		@Override
+		protected void updateItem(DiagnosticResult item, boolean empty) {
+			super.updateItem(item, empty);
+			if (item == null || empty) {
+				setText(null);
+				setGraphic(null);
+			} else {
+				controller.setResult(item);
+				setContentDisplay(ContentDisplay.GRAPHIC_ONLY);
+				setGraphic(node);
+			}
+		}
+	}
+}
\ No newline at end of file
diff --git a/main/ui/src/main/java/org/cryptomator/ui/health/StartController.java b/main/ui/src/main/java/org/cryptomator/ui/health/StartController.java
new file mode 100644
index 000000000..3e9cc5b07
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/health/StartController.java
@@ -0,0 +1,127 @@
+package org.cryptomator.ui.health;
+
+import dagger.Lazy;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.cryptofs.VaultConfig;
+import org.cryptomator.cryptofs.VaultConfigLoadException;
+import org.cryptomator.cryptofs.VaultKeyInvalidException;
+import org.cryptomator.cryptolib.api.Masterkey;
+import org.cryptomator.cryptolib.api.MasterkeyLoadingFailedException;
+import org.cryptomator.ui.common.ErrorComponent;
+import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlScene;
+import org.cryptomator.ui.keyloading.KeyLoadingStrategy;
+import org.cryptomator.ui.unlock.UnlockCancelledException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.inject.Inject;
+import javafx.application.Platform;
+import javafx.fxml.FXML;
+import javafx.scene.Scene;
+import javafx.stage.Stage;
+import java.io.IOException;
+import java.util.Optional;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.atomic.AtomicReference;
+
+@HealthCheckScoped
+public class StartController implements FxController {
+
+	private static final Logger LOG = LoggerFactory.getLogger(StartController.class);
+
+	private final Stage window;
+	private final Optional<VaultConfig.UnverifiedVaultConfig> unverifiedVaultConfig;
+	private final KeyLoadingStrategy keyLoadingStrategy;
+	private final ExecutorService executor;
+	private final AtomicReference<Masterkey> masterkeyRef;
+	private final AtomicReference<VaultConfig> vaultConfigRef;
+	private final Lazy<Scene> checkScene;
+	private final Lazy<ErrorComponent.Builder> errorComponent;
+
+	/* FXML */
+
+	@Inject
+	public StartController(@HealthCheckWindow Vault vault, @HealthCheckWindow Stage window, @HealthCheckWindow KeyLoadingStrategy keyLoadingStrategy, ExecutorService executor, AtomicReference<Masterkey> masterkeyRef, AtomicReference<VaultConfig> vaultConfigRef, @FxmlScene(FxmlFile.HEALTH_CHECK_LIST) Lazy<Scene> checkScene, Lazy<ErrorComponent.Builder> errorComponent) {
+		this.window = window;
+		this.keyLoadingStrategy = keyLoadingStrategy;
+		this.executor = executor;
+		this.masterkeyRef = masterkeyRef;
+		this.vaultConfigRef = vaultConfigRef;
+		this.checkScene = checkScene;
+		this.errorComponent = errorComponent;
+
+		//TODO: this is ugly
+		//idea: delay the loading of the vault config and show a spinner (something like "check/load config") and react to the result of the loading
+		//or: load vault config in a previous step to see if it is loadable.
+		VaultConfig.UnverifiedVaultConfig tmp;
+		try {
+			tmp = vault.getUnverifiedVaultConfig();
+		} catch (IOException e) {
+			e.printStackTrace();
+			tmp =  null;
+		}
+		this.unverifiedVaultConfig = Optional.ofNullable(tmp);
+	}
+
+	@FXML
+	public void close() {
+		LOG.trace("StartController.close()");
+		window.close();
+	}
+
+	@FXML
+	public void next() {
+		LOG.trace("StartController.next()");
+		executor.submit(this::loadKey);
+	}
+
+	private void loadKey() {
+		assert !Platform.isFxApplicationThread();
+		assert unverifiedVaultConfig.isPresent();
+		try (var masterkey = keyLoadingStrategy.loadKey(unverifiedVaultConfig.orElseThrow().getKeyId())) {
+			var unverifiedCfg = unverifiedVaultConfig.get();
+			var verifiedCfg = unverifiedCfg.verify(masterkey.getEncoded(), unverifiedCfg.allegedVaultVersion());
+			vaultConfigRef.set(verifiedCfg);
+			var old = masterkeyRef.getAndSet(masterkey.clone());
+			if (old != null) {
+				old.destroy();
+			}
+			Platform.runLater(this::loadedKey);
+		} catch (MasterkeyLoadingFailedException e) {
+			if (keyLoadingStrategy.recoverFromException(e)) {
+				// retry
+				loadKey();
+			} else {
+				Platform.runLater(() -> loadingKeyFailed(e));
+			}
+		} catch (VaultKeyInvalidException e) {
+			Platform.runLater(() -> loadingKeyFailed(e));
+		} catch (VaultConfigLoadException e) {
+			Platform.runLater(() -> loadingKeyFailed(e));
+		}
+	}
+
+	private void loadedKey() {
+		LOG.debug("Loaded valid key");
+		window.setScene(checkScene.get());
+	}
+
+	private void loadingKeyFailed(Exception e) {
+		if (e instanceof UnlockCancelledException) {
+			// ok
+		} else if (e instanceof VaultKeyInvalidException) {
+			LOG.error("Invalid key"); //TODO: specific error screen
+			errorComponent.get().window(window).cause(e).build().showErrorScene();
+		} else {
+			LOG.error("Failed to load key.", e);
+			errorComponent.get().window(window).cause(e).build().showErrorScene();
+		}
+	}
+
+	public boolean isInvalidConfig() {
+		return unverifiedVaultConfig.isEmpty();
+	}
+
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/keyloading/KeyLoading.java b/main/ui/src/main/java/org/cryptomator/ui/keyloading/KeyLoading.java
new file mode 100644
index 000000000..51f9302c8
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/keyloading/KeyLoading.java
@@ -0,0 +1,14 @@
+package org.cryptomator.ui.keyloading;
+
+import javax.inject.Qualifier;
+import java.lang.annotation.Documented;
+import java.lang.annotation.Retention;
+
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+@Qualifier
+@Documented
+@Retention(RUNTIME)
+public @interface KeyLoading {
+
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/keyloading/KeyLoadingComponent.java b/main/ui/src/main/java/org/cryptomator/ui/keyloading/KeyLoadingComponent.java
new file mode 100644
index 000000000..190bf0e1f
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/keyloading/KeyLoadingComponent.java
@@ -0,0 +1,31 @@
+package org.cryptomator.ui.keyloading;
+
+import dagger.BindsInstance;
+import dagger.Subcomponent;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.cryptolib.api.MasterkeyLoader;
+
+import javafx.stage.Stage;
+import java.util.Map;
+import java.util.function.Supplier;
+
+@KeyLoadingScoped
+@Subcomponent(modules = {KeyLoadingModule.class})
+public interface KeyLoadingComponent {
+
+	@KeyLoading
+	KeyLoadingStrategy keyloadingStrategy();
+
+	@Subcomponent.Builder
+	interface Builder {
+
+		@BindsInstance
+		Builder vault(@KeyLoading Vault vault);
+
+		@BindsInstance
+		Builder window(@KeyLoading Stage window);
+
+		KeyLoadingComponent build();
+	}
+
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/keyloading/KeyLoadingModule.java b/main/ui/src/main/java/org/cryptomator/ui/keyloading/KeyLoadingModule.java
new file mode 100644
index 000000000..f7eb8922f
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/keyloading/KeyLoadingModule.java
@@ -0,0 +1,42 @@
+package org.cryptomator.ui.keyloading;
+
+import dagger.Module;
+import dagger.Provides;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.cryptofs.VaultConfig.UnverifiedVaultConfig;
+import org.cryptomator.ui.common.DefaultSceneFactory;
+import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.common.FxmlLoaderFactory;
+import org.cryptomator.ui.keyloading.masterkeyfile.MasterkeyFileLoadingModule;
+
+import javax.inject.Provider;
+import java.io.IOException;
+import java.net.URI;
+import java.util.Map;
+import java.util.Optional;
+import java.util.ResourceBundle;
+
+@Module(includes = {MasterkeyFileLoadingModule.class})
+abstract class KeyLoadingModule {
+
+	@Provides
+	@KeyLoading
+	@KeyLoadingScoped
+	static FxmlLoaderFactory provideFxmlLoaderFactory(Map<Class<? extends FxController>, Provider<FxController>> factories, DefaultSceneFactory sceneFactory, ResourceBundle resourceBundle) {
+		return new FxmlLoaderFactory(factories, sceneFactory, resourceBundle);
+	}
+
+	@Provides
+	@KeyLoading
+	@KeyLoadingScoped
+	static KeyLoadingStrategy provideKeyLoaderProvider(@KeyLoading Vault vault, Map<String, Provider<KeyLoadingStrategy>> strategies) {
+		try {
+			String scheme = vault.getUnverifiedVaultConfig().getKeyId().getScheme();
+			var fallback = KeyLoadingStrategy.failed(new IllegalArgumentException("Unsupported key id " + scheme));
+			return strategies.getOrDefault(scheme, () -> fallback).get();
+		} catch (IOException e) {
+			return KeyLoadingStrategy.failed(e);
+		}
+	}
+
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/keyloading/KeyLoadingScoped.java b/main/ui/src/main/java/org/cryptomator/ui/keyloading/KeyLoadingScoped.java
new file mode 100644
index 000000000..5f4355f96
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/keyloading/KeyLoadingScoped.java
@@ -0,0 +1,13 @@
+package org.cryptomator.ui.keyloading;
+
+import javax.inject.Scope;
+import java.lang.annotation.Documented;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+
+@Scope
+@Documented
+@Retention(RetentionPolicy.RUNTIME)
+public @interface KeyLoadingScoped {
+
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/keyloading/KeyLoadingStrategy.java b/main/ui/src/main/java/org/cryptomator/ui/keyloading/KeyLoadingStrategy.java
new file mode 100644
index 000000000..ed8ca0540
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/keyloading/KeyLoadingStrategy.java
@@ -0,0 +1,63 @@
+package org.cryptomator.ui.keyloading;
+
+import org.cryptomator.cryptolib.api.Masterkey;
+import org.cryptomator.cryptolib.api.MasterkeyLoader;
+import org.cryptomator.cryptolib.api.MasterkeyLoadingFailedException;
+
+import java.net.URI;
+
+/**
+ * A reusable, stateful {@link MasterkeyLoader}, that can deal with certain exceptions.
+ */
+@FunctionalInterface
+public interface KeyLoadingStrategy extends MasterkeyLoader {
+
+	/**
+	 * Loads a master key. This might be a long-running operation, as it may require user input or expensive computations.
+	 * <p>
+	 * If loading fails exceptionally, this strategy might be able to {@link #recoverFromException(MasterkeyLoadingFailedException) recover from this exception}, so it can be used in a further attempt.
+	 *
+	 * @param keyId An URI uniquely identifying the source and identity of the key
+	 * @return The raw key bytes. Must not be null
+	 * @throws MasterkeyLoadingFailedException Thrown when it is impossible to fulfill the request
+	 */
+	@Override
+	Masterkey loadKey(URI keyId) throws MasterkeyLoadingFailedException;
+
+	/**
+	 * Allows the loader to try and recover from an exception thrown during the last attempt.
+	 *
+	 * @param exception An exception thrown by {@link #loadKey(URI)}.
+	 * @return <code>true</code> if this component was able to handle the exception and another attempt can be made to load a masterkey
+	 */
+	default boolean recoverFromException(MasterkeyLoadingFailedException exception) {
+		return false;
+	}
+
+	/**
+	 * Release any ressources or do follow-up tasks after loading a key.
+	 *
+	 * @param unlockedSuccessfully <code>true</code> if successfully unlocked a vault with the loaded key
+	 * @implNote This method might be invoked multiple times, depending on whether multiple attempts to load a key are started.
+	 */
+	default void cleanup(boolean unlockedSuccessfully) {
+		// no-op
+	}
+
+	/**
+	 * A key loading strategy that will always fail by throwing a {@link MasterkeyLoadingFailedException}.
+	 *
+	 * @param exception The cause of the failure. If not alreay an {@link MasterkeyLoadingFailedException}, it will get wrapped.
+	 * @return A new KeyLoadingStrategy that will always fail with an {@link MasterkeyLoadingFailedException}.
+	 */
+	static KeyLoadingStrategy failed(Exception exception) {
+		return keyid -> {
+			if (exception instanceof MasterkeyLoadingFailedException e) {
+				throw e;
+			} else {
+				throw new MasterkeyLoadingFailedException("Can not load key", exception);
+			}
+		};
+	}
+
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingFinisher.java b/main/ui/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingFinisher.java
new file mode 100644
index 000000000..8eda41cd0
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingFinisher.java
@@ -0,0 +1,62 @@
+package org.cryptomator.ui.keyloading.masterkeyfile;
+
+import org.cryptomator.common.keychain.KeychainManager;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.integrations.keychain.KeychainAccessException;
+import org.cryptomator.ui.keyloading.KeyLoading;
+import org.cryptomator.ui.keyloading.KeyLoadingScoped;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import java.nio.CharBuffer;
+import java.util.Arrays;
+import java.util.Optional;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicReference;
+
+@KeyLoadingScoped
+class MasterkeyFileLoadingFinisher {
+
+	private static final Logger LOG = LoggerFactory.getLogger(MasterkeyFileLoadingFinisher.class);
+
+	private final Vault vault;
+	private final Optional<char[]> storedPassword;
+	private final AtomicReference<char[]> enteredPassword;
+	private final AtomicBoolean shouldSavePassword;
+	private final KeychainManager keychain;
+
+	@Inject
+	MasterkeyFileLoadingFinisher(@KeyLoading Vault vault, @Named("savedPassword") Optional<char[]> storedPassword, AtomicReference<char[]> enteredPassword, @Named("savePassword") AtomicBoolean shouldSavePassword, KeychainManager keychain) {
+		this.vault = vault;
+		this.storedPassword = storedPassword;
+		this.enteredPassword = enteredPassword;
+		this.shouldSavePassword = shouldSavePassword;
+		this.keychain = keychain;
+	}
+
+	public void cleanup(boolean successfullyUnlocked) {
+		if (successfullyUnlocked && shouldSavePassword.get()) {
+			savePasswordToSystemkeychain();
+		}
+		wipePassword(storedPassword.orElse(null));
+		wipePassword(enteredPassword.getAndSet(null));
+	}
+
+	private void savePasswordToSystemkeychain() {
+		if (keychain.isSupported()) {
+			try {
+				keychain.storePassphrase(vault.getId(), CharBuffer.wrap(enteredPassword.get()));
+			} catch (KeychainAccessException e) {
+				LOG.error("Failed to store passphrase in system keychain.", e);
+			}
+		}
+	}
+
+	private void wipePassword(char[] pw) {
+		if (pw != null) {
+			Arrays.fill(pw, ' ');
+		}
+	}
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingModule.java b/main/ui/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingModule.java
new file mode 100644
index 000000000..901eacfb9
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingModule.java
@@ -0,0 +1,123 @@
+package org.cryptomator.ui.keyloading.masterkeyfile;
+
+import dagger.Binds;
+import dagger.Module;
+import dagger.Provides;
+import dagger.multibindings.IntoMap;
+import dagger.multibindings.StringKey;
+import org.cryptomator.common.keychain.KeychainManager;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.integrations.keychain.KeychainAccessException;
+import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.common.FxControllerKey;
+import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlLoaderFactory;
+import org.cryptomator.ui.common.FxmlScene;
+import org.cryptomator.ui.common.UserInteractionLock;
+import org.cryptomator.ui.forgetPassword.ForgetPasswordComponent;
+import org.cryptomator.ui.keyloading.KeyLoading;
+import org.cryptomator.ui.keyloading.KeyLoadingScoped;
+import org.cryptomator.ui.keyloading.KeyLoadingStrategy;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.inject.Named;
+import javafx.scene.Scene;
+import java.nio.file.Path;
+import java.util.Optional;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicReference;
+
+@Module(subcomponents = {ForgetPasswordComponent.class})
+public abstract class MasterkeyFileLoadingModule {
+
+	private static final Logger LOG = LoggerFactory.getLogger(MasterkeyFileLoadingModule.class);
+
+	public enum PasswordEntry {
+		PASSWORD_ENTERED,
+		CANCELED
+	}
+
+	public enum MasterkeyFileProvision {
+		MASTERKEYFILE_PROVIDED,
+		CANCELED
+	}
+
+	@Provides
+	@KeyLoadingScoped
+	static UserInteractionLock<PasswordEntry> providePasswordEntryLock() {
+		return new UserInteractionLock<>(null);
+	}
+
+	@Provides
+	@KeyLoadingScoped
+	static UserInteractionLock<MasterkeyFileProvision> provideMasterkeyFileProvisionLock() {
+		return new UserInteractionLock<>(null);
+	}
+
+	@Provides
+	@Named("savedPassword")
+	@KeyLoadingScoped
+	static Optional<char[]> provideStoredPassword(KeychainManager keychain, @KeyLoading Vault vault) {
+		if (!keychain.isSupported() || keychain.isLocked()) {
+			return Optional.empty();
+		} else {
+			try {
+				return Optional.ofNullable(keychain.loadPassphrase(vault.getId()));
+			} catch (KeychainAccessException e) {
+				LOG.error("Failed to load entry from system keychain.", e);
+				return Optional.empty();
+			}
+		}
+	}
+
+	@Provides
+	@KeyLoadingScoped
+	static AtomicReference<Path> provideUserProvidedMasterkeyPath() {
+		return new AtomicReference<>();
+	}
+
+	@Provides
+	@KeyLoadingScoped
+	static AtomicReference<char[]> providePassword(@Named("savedPassword") Optional<char[]> storedPassword) {
+		return new AtomicReference<>(storedPassword.orElse(null));
+	}
+
+	@Provides
+	@Named("savePassword")
+	@KeyLoadingScoped
+	static AtomicBoolean provideSavePasswordFlag(@Named("savedPassword") Optional<char[]> storedPassword) {
+		return new AtomicBoolean(storedPassword.isPresent());
+	}
+
+	@Provides
+	@FxmlScene(FxmlFile.UNLOCK_ENTER_PASSWORD)
+	@KeyLoadingScoped
+	static Scene provideUnlockScene(@KeyLoading FxmlLoaderFactory fxmlLoaders) {
+		return fxmlLoaders.createScene(FxmlFile.UNLOCK_ENTER_PASSWORD);
+	}
+
+	@Provides
+	@FxmlScene(FxmlFile.UNLOCK_SELECT_MASTERKEYFILE)
+	@KeyLoadingScoped
+	static Scene provideUnlockSelectMasterkeyFileScene(@KeyLoading FxmlLoaderFactory fxmlLoaders) {
+		return fxmlLoaders.createScene(FxmlFile.UNLOCK_SELECT_MASTERKEYFILE);
+	}
+
+	@Binds
+	@IntoMap
+	@FxControllerKey(PassphraseEntryController.class)
+	abstract FxController bindUnlockController(PassphraseEntryController controller);
+
+	@Binds
+	@IntoMap
+	@FxControllerKey(SelectMasterkeyFileController.class)
+	abstract FxController bindUnlockSelectMasterkeyFileController(SelectMasterkeyFileController controller);
+
+	@Binds
+	@IntoMap
+	@KeyLoadingScoped
+	@StringKey(MasterkeyFileLoadingStrategy.SCHEME)
+	abstract KeyLoadingStrategy bindMasterkeyFileLoadingStrategy(MasterkeyFileLoadingStrategy strategy);
+
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingStrategy.java b/main/ui/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingStrategy.java
new file mode 100644
index 000000000..f8fbdd720
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingStrategy.java
@@ -0,0 +1,150 @@
+package org.cryptomator.ui.keyloading.masterkeyfile;
+
+import com.google.common.base.Preconditions;
+import dagger.Lazy;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.cryptolib.api.InvalidPassphraseException;
+import org.cryptomator.cryptolib.api.Masterkey;
+import org.cryptomator.cryptolib.api.MasterkeyLoadingFailedException;
+import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
+import org.cryptomator.ui.common.Animations;
+import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlScene;
+import org.cryptomator.ui.common.UserInteractionLock;
+import org.cryptomator.ui.keyloading.KeyLoading;
+import org.cryptomator.ui.keyloading.KeyLoadingStrategy;
+import org.cryptomator.ui.unlock.UnlockCancelledException;
+
+import javax.inject.Inject;
+import javafx.application.Platform;
+import javafx.scene.Scene;
+import javafx.stage.Stage;
+import javafx.stage.Window;
+import java.net.URI;
+import java.nio.CharBuffer;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.concurrent.atomic.AtomicReference;
+
+@KeyLoading
+public class MasterkeyFileLoadingStrategy implements KeyLoadingStrategy {
+
+	public static final String SCHEME = "masterkeyfile";
+
+	private final Vault vault;
+	private final MasterkeyFileAccess masterkeyFileAcccess;
+	private final Stage window;
+	private final Lazy<Scene> passphraseEntryScene;
+	private final Lazy<Scene> selectMasterkeyFileScene;
+	private final UserInteractionLock<MasterkeyFileLoadingModule.PasswordEntry> passwordEntryLock;
+	private final UserInteractionLock<MasterkeyFileLoadingModule.MasterkeyFileProvision> masterkeyFileProvisionLock;
+	private final AtomicReference<char[]> password;
+	private final AtomicReference<Path> filePath;
+	private final MasterkeyFileLoadingFinisher finisher;
+
+	private boolean wrongPassword;
+
+	@Inject
+	public MasterkeyFileLoadingStrategy(@KeyLoading Vault vault, MasterkeyFileAccess masterkeyFileAcccess, @KeyLoading Stage window, @FxmlScene(FxmlFile.UNLOCK_ENTER_PASSWORD) Lazy<Scene> passphraseEntryScene, @FxmlScene(FxmlFile.UNLOCK_SELECT_MASTERKEYFILE) Lazy<Scene> selectMasterkeyFileScene, UserInteractionLock<MasterkeyFileLoadingModule.PasswordEntry> passwordEntryLock, UserInteractionLock<MasterkeyFileLoadingModule.MasterkeyFileProvision> masterkeyFileProvisionLock, AtomicReference<char[]> password, AtomicReference<Path> filePath, MasterkeyFileLoadingFinisher finisher) {
+		this.vault = vault;
+		this.masterkeyFileAcccess = masterkeyFileAcccess;
+		this.window = window;
+		this.passphraseEntryScene = passphraseEntryScene;
+		this.selectMasterkeyFileScene = selectMasterkeyFileScene;
+		this.passwordEntryLock = passwordEntryLock;
+		this.masterkeyFileProvisionLock = masterkeyFileProvisionLock;
+		this.password = password;
+		this.filePath = filePath;
+		this.finisher = finisher;
+	}
+
+	@Override
+	public Masterkey loadKey(URI keyId) throws MasterkeyLoadingFailedException {
+		Preconditions.checkArgument(SCHEME.equalsIgnoreCase(keyId.getScheme()), "Only supports keys with scheme " + SCHEME);
+
+		try {
+			Path filePath = vault.getPath().resolve(keyId.getSchemeSpecificPart());
+			if (!Files.exists(filePath)) {
+				filePath = getAlternateMasterkeyFilePath();
+			}
+			CharSequence passphrase = getPassphrase();
+			return masterkeyFileAcccess.load(filePath, passphrase);
+		} catch (InterruptedException e) {
+			Thread.currentThread().interrupt();
+			throw new UnlockCancelledException("Unlock interrupted", e);
+		}
+	}
+
+	@Override
+	public boolean recoverFromException(MasterkeyLoadingFailedException exception) {
+		if (exception instanceof InvalidPassphraseException) {
+			this.wrongPassword = true;
+			password.set(null);
+			return true; // reattempting key load
+		} else {
+			return false; // nothing we can do
+		}
+	}
+
+	@Override
+	public void cleanup(boolean unlockedSuccessfully) {
+		finisher.cleanup(unlockedSuccessfully);
+	}
+
+	private Path getAlternateMasterkeyFilePath() throws UnlockCancelledException, InterruptedException {
+		if (filePath.get() == null) {
+			return switch (askUserForMasterkeyFilePath()) {
+				case MASTERKEYFILE_PROVIDED -> filePath.get();
+				case CANCELED -> throw new UnlockCancelledException("Choosing masterkey file cancelled.");
+			};
+		} else {
+			return filePath.get();
+		}
+	}
+
+	private MasterkeyFileLoadingModule.MasterkeyFileProvision askUserForMasterkeyFilePath() throws InterruptedException {
+		Platform.runLater(() -> {
+			window.setScene(selectMasterkeyFileScene.get());
+			window.show();
+			Window owner = window.getOwner();
+			if (owner != null) {
+				window.setX(owner.getX() + (owner.getWidth() - window.getWidth()) / 2);
+				window.setY(owner.getY() + (owner.getHeight() - window.getHeight()) / 2);
+			} else {
+				window.centerOnScreen();
+			}
+		});
+		return masterkeyFileProvisionLock.awaitInteraction();
+	}
+
+	private CharSequence getPassphrase() throws UnlockCancelledException, InterruptedException {
+		if (password.get() == null) {
+			return switch (askForPassphrase()) {
+				case PASSWORD_ENTERED -> CharBuffer.wrap(password.get());
+				case CANCELED -> throw new UnlockCancelledException("Password entry cancelled.");
+			};
+		} else {
+			// e.g. pre-filled from keychain or previous unlock attempt
+			return CharBuffer.wrap(password.get());
+		}
+	}
+
+	private MasterkeyFileLoadingModule.PasswordEntry askForPassphrase() throws InterruptedException {
+		Platform.runLater(() -> {
+			window.setScene(passphraseEntryScene.get());
+			window.show();
+			Window owner = window.getOwner();
+			if (owner != null) {
+				window.setX(owner.getX() + (owner.getWidth() - window.getWidth()) / 2);
+				window.setY(owner.getY() + (owner.getHeight() - window.getHeight()) / 2);
+			} else {
+				window.centerOnScreen();
+			}
+			if (wrongPassword) {
+				Animations.createShakeWindowAnimation(window).play();
+			}
+		});
+		return passwordEntryLock.awaitInteraction();
+	}
+
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockController.java b/main/ui/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/PassphraseEntryController.java
similarity index 88%
rename from main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockController.java
rename to main/ui/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/PassphraseEntryController.java
index 674b16142..d4356be85 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/PassphraseEntryController.java
@@ -1,4 +1,4 @@
-package org.cryptomator.ui.unlock;
+package org.cryptomator.ui.keyloading.masterkeyfile;
 
 import org.cryptomator.common.keychain.KeychainManager;
 import org.cryptomator.common.vaults.Vault;
@@ -7,6 +7,9 @@ import org.cryptomator.ui.common.UserInteractionLock;
 import org.cryptomator.ui.common.WeakBindings;
 import org.cryptomator.ui.controls.NiceSecurePasswordField;
 import org.cryptomator.ui.forgetPassword.ForgetPasswordComponent;
+import org.cryptomator.ui.keyloading.KeyLoading;
+import org.cryptomator.ui.keyloading.KeyLoadingScoped;
+import org.cryptomator.ui.keyloading.masterkeyfile.MasterkeyFileLoadingModule.PasswordEntry;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -38,17 +41,17 @@ import java.util.Optional;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicReference;
 
-@UnlockScoped
-public class UnlockController implements FxController {
+@KeyLoadingScoped
+public class PassphraseEntryController implements FxController {
 
-	private static final Logger LOG = LoggerFactory.getLogger(UnlockController.class);
+	private static final Logger LOG = LoggerFactory.getLogger(PassphraseEntryController.class);
 
 	private final Stage window;
 	private final Vault vault;
 	private final AtomicReference<char[]> password;
 	private final AtomicBoolean savePassword;
 	private final Optional<char[]> savedPassword;
-	private final UserInteractionLock<UnlockModule.PasswordEntry> passwordEntryLock;
+	private final UserInteractionLock<PasswordEntry> passwordEntryLock;
 	private final ForgetPasswordComponent.Builder forgetPassword;
 	private final KeychainManager keychain;
 	private final ObjectBinding<ContentDisplay> unlockButtonContentDisplay;
@@ -66,7 +69,7 @@ public class UnlockController implements FxController {
 	public Animation unlockAnimation;
 
 	@Inject
-	public UnlockController(@UnlockWindow Stage window, @UnlockWindow Vault vault, AtomicReference<char[]> password, @Named("savePassword") AtomicBoolean savePassword, @Named("savedPassword") Optional<char[]> savedPassword, UserInteractionLock<UnlockModule.PasswordEntry> passwordEntryLock, ForgetPasswordComponent.Builder forgetPassword, KeychainManager keychain) {
+	public PassphraseEntryController(@KeyLoading Stage window, @KeyLoading Vault vault, AtomicReference<char[]> password, @Named("savePassword") AtomicBoolean savePassword, @Named("savedPassword") Optional<char[]> savedPassword, UserInteractionLock<PasswordEntry> passwordEntryLock, ForgetPasswordComponent.Builder forgetPassword, KeychainManager keychain) {
 		this.window = window;
 		this.vault = vault;
 		this.password = password;
@@ -138,7 +141,7 @@ public class UnlockController implements FxController {
 		// if not already interacted, mark this workflow as cancelled:
 		if (passwordEntryLock.awaitingInteraction().get()) {
 			LOG.debug("Unlock canceled by user.");
-			passwordEntryLock.interacted(UnlockModule.PasswordEntry.CANCELED);
+			passwordEntryLock.interacted(PasswordEntry.CANCELED);
 		}
 	}
 
@@ -154,7 +157,7 @@ public class UnlockController implements FxController {
 		if (oldPw != null) {
 			Arrays.fill(oldPw, ' ');
 		}
-		passwordEntryLock.interacted(UnlockModule.PasswordEntry.PASSWORD_ENTERED);
+		passwordEntryLock.interacted(PasswordEntry.PASSWORD_ENTERED);
 		startUnlockAnimation();
 	}
 
diff --git a/main/ui/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/SelectMasterkeyFileController.java b/main/ui/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/SelectMasterkeyFileController.java
new file mode 100644
index 000000000..39be2b36e
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/SelectMasterkeyFileController.java
@@ -0,0 +1,67 @@
+package org.cryptomator.ui.keyloading.masterkeyfile;
+
+import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.common.UserInteractionLock;
+import org.cryptomator.ui.keyloading.KeyLoading;
+import org.cryptomator.ui.keyloading.KeyLoadingScoped;
+import org.cryptomator.ui.keyloading.masterkeyfile.MasterkeyFileLoadingModule.MasterkeyFileProvision;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.inject.Inject;
+import javafx.fxml.FXML;
+import javafx.stage.FileChooser;
+import javafx.stage.Stage;
+import javafx.stage.WindowEvent;
+import java.io.File;
+import java.nio.file.Path;
+import java.util.ResourceBundle;
+import java.util.concurrent.atomic.AtomicReference;
+
+@KeyLoadingScoped
+public class SelectMasterkeyFileController implements FxController {
+
+	private static final Logger LOG = LoggerFactory.getLogger(SelectMasterkeyFileController.class);
+
+	private final Stage window;
+	private final AtomicReference<Path> masterkeyPath;
+	private final UserInteractionLock<MasterkeyFileProvision> masterkeyFileProvisionLock;
+	private final ResourceBundle resourceBundle;
+
+	@Inject
+	public SelectMasterkeyFileController(@KeyLoading Stage window, AtomicReference<Path> masterkeyPath, UserInteractionLock<MasterkeyFileProvision> masterkeyFileProvisionLock, ResourceBundle resourceBundle) {
+		this.window = window;
+		this.masterkeyPath = masterkeyPath;
+		this.masterkeyFileProvisionLock = masterkeyFileProvisionLock;
+		this.resourceBundle = resourceBundle;
+		this.window.setOnHiding(this::windowClosed);
+	}
+
+	@FXML
+	public void cancel() {
+		window.close();
+	}
+
+	private void windowClosed(WindowEvent windowEvent) {
+		// if not already interacted, mark this workflow as cancelled:
+		if (masterkeyFileProvisionLock.awaitingInteraction().get()) {
+			LOG.debug("Unlock canceled by user.");
+			masterkeyFileProvisionLock.interacted(MasterkeyFileProvision.CANCELED);
+		}
+	}
+
+	@FXML
+	public void proceed() {
+		LOG.trace("proceed()");
+		FileChooser fileChooser = new FileChooser();
+		fileChooser.setTitle(resourceBundle.getString("unlock.chooseMasterkey.filePickerTitle"));
+		fileChooser.getExtensionFilters().add(new FileChooser.ExtensionFilter("Cryptomator Masterkey", "*.cryptomator"));
+		File masterkeyFile = fileChooser.showOpenDialog(window);
+		if (masterkeyFile != null) {
+			LOG.debug("Chose masterkey file: {}", masterkeyFile);
+			masterkeyPath.set(masterkeyFile.toPath());
+			masterkeyFileProvisionLock.interacted(MasterkeyFileProvision.MASTERKEYFILE_PROVIDED);
+		}
+	}
+
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/launcher/AppLaunchEventHandler.java b/main/ui/src/main/java/org/cryptomator/ui/launcher/AppLaunchEventHandler.java
index 0ab11d374..49ef79e83 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/launcher/AppLaunchEventHandler.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/launcher/AppLaunchEventHandler.java
@@ -10,6 +10,7 @@ import javax.inject.Inject;
 import javax.inject.Named;
 import javax.inject.Singleton;
 import javafx.application.Platform;
+import java.io.IOException;
 import java.nio.file.NoSuchFileException;
 import java.nio.file.Path;
 import java.util.concurrent.BlockingQueue;
@@ -78,7 +79,7 @@ class AppLaunchEventHandler {
 				fxApplicationStarter.get().thenAccept(app -> app.getVaultService().reveal(v));
 			}
 			LOG.debug("Added vault {}", potentialVaultPath);
-		} catch (NoSuchFileException e) {
+		} catch (IOException e) {
 			LOG.error("Failed to add vault " + potentialVaultPath, e);
 		}
 	}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/launcher/AppLifecycleListener.java b/main/ui/src/main/java/org/cryptomator/ui/launcher/AppLifecycleListener.java
index 646c3ce6b..75af409f1 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/launcher/AppLifecycleListener.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/launcher/AppLifecycleListener.java
@@ -1,6 +1,7 @@
 package org.cryptomator.ui.launcher;
 
 import org.cryptomator.common.ShutdownHook;
+import org.cryptomator.common.vaults.LockNotCompletedException;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultState;
 import org.cryptomator.common.vaults.Volume;
@@ -24,11 +25,13 @@ import java.util.Set;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.atomic.AtomicBoolean;
 
+import static org.cryptomator.common.vaults.VaultState.Value.*;
+
 @Singleton
 public class AppLifecycleListener {
 
 	private static final Logger LOG = LoggerFactory.getLogger(AppLifecycleListener.class);
-	public static final Set<VaultState> STATES_ALLOWING_TERMINATION = EnumSet.of(VaultState.LOCKED, VaultState.NEEDS_MIGRATION, VaultState.MISSING, VaultState.ERROR);
+	public static final Set<VaultState.Value> STATES_ALLOWING_TERMINATION = EnumSet.of(LOCKED, NEEDS_MIGRATION, MISSING, ERROR);
 
 	private final FxApplicationStarter fxApplicationStarter;
 	private final CountDownLatch shutdownLatch;
@@ -127,6 +130,8 @@ public class AppLifecycleListener {
 					vault.lock(true);
 				} catch (Volume.VolumeException e) {
 					LOG.error("Failed to unmount vault " + vault.getPath(), e);
+				} catch (LockNotCompletedException e) {
+					LOG.error("Failed to lock vault " + vault.getPath(), e);
 				}
 			}
 		}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/lock/LockWorkflow.java b/main/ui/src/main/java/org/cryptomator/ui/lock/LockWorkflow.java
index acb6d1355..87fd486f2 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/lock/LockWorkflow.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/lock/LockWorkflow.java
@@ -1,9 +1,11 @@
 package org.cryptomator.ui.lock;
 
 import dagger.Lazy;
+import org.cryptomator.common.vaults.LockNotCompletedException;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultState;
 import org.cryptomator.common.vaults.Volume;
+import org.cryptomator.ui.common.ErrorComponent;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
 import org.cryptomator.ui.common.UserInteractionLock;
@@ -35,21 +37,23 @@ public class LockWorkflow extends Task<Void> {
 	private final UserInteractionLock<LockModule.ForceLockDecision> forceLockDecisionLock;
 	private final Lazy<Scene> lockForcedScene;
 	private final Lazy<Scene> lockFailedScene;
+	private final ErrorComponent.Builder errorComponent;
 
 	@Inject
-	public LockWorkflow(@LockWindow Stage lockWindow, @LockWindow Vault vault, UserInteractionLock<LockModule.ForceLockDecision> forceLockDecisionLock, @FxmlScene(FxmlFile.LOCK_FORCED) Lazy<Scene> lockForcedScene, @FxmlScene(FxmlFile.LOCK_FAILED) Lazy<Scene> lockFailedScene) {
+	public LockWorkflow(@LockWindow Stage lockWindow, @LockWindow Vault vault, UserInteractionLock<LockModule.ForceLockDecision> forceLockDecisionLock, @FxmlScene(FxmlFile.LOCK_FORCED) Lazy<Scene> lockForcedScene, @FxmlScene(FxmlFile.LOCK_FAILED) Lazy<Scene> lockFailedScene, ErrorComponent.Builder errorComponent) {
 		this.lockWindow = lockWindow;
 		this.vault = vault;
 		this.forceLockDecisionLock = forceLockDecisionLock;
 		this.lockForcedScene = lockForcedScene;
 		this.lockFailedScene = lockFailedScene;
+		this.errorComponent = errorComponent;
 	}
 
 	@Override
-	protected Void call() throws Volume.VolumeException, InterruptedException {
+	protected Void call() throws Volume.VolumeException, InterruptedException, LockNotCompletedException {
 		try {
 			vault.lock(false);
-		} catch (Volume.VolumeException e) {
+		} catch (Volume.VolumeException | LockNotCompletedException e) {
 			LOG.debug("Regular lock of {} failed.", vault.getDisplayName(), e);
 			var decision = askUserForAction();
 			switch (decision) {
@@ -77,29 +81,29 @@ public class LockWorkflow extends Task<Void> {
 		return forceLockDecisionLock.awaitInteraction();
 	}
 
-	@Override
-	protected void scheduled() {
-		vault.setState(VaultState.PROCESSING);
-	}
-
 	@Override
 	protected void succeeded() {
 		LOG.info("Lock of {} succeeded.", vault.getDisplayName());
-		vault.setState(VaultState.LOCKED);
+		vault.stateProperty().transition(VaultState.Value.PROCESSING, VaultState.Value.LOCKED);
 	}
 
 	@Override
 	protected void failed() {
-		LOG.warn("Failed to lock {}.", vault.getDisplayName());
-		vault.setState(VaultState.UNLOCKED);
-		lockWindow.setScene(lockFailedScene.get());
-		lockWindow.show();
+		final var throwable = super.getException();
+		LOG.warn("Lock of {} failed.", vault.getDisplayName(), throwable);
+		vault.stateProperty().transition(VaultState.Value.PROCESSING, VaultState.Value.UNLOCKED);
+		if (throwable instanceof Volume.VolumeException) {
+			lockWindow.setScene(lockFailedScene.get());
+			lockWindow.show();
+		} else {
+			errorComponent.cause(throwable).window(lockWindow).build().showErrorScene();
+		}
 	}
 
 	@Override
 	protected void cancelled() {
 		LOG.debug("Lock of {} canceled.", vault.getDisplayName());
-		vault.setState(VaultState.UNLOCKED);
+		vault.stateProperty().transition(VaultState.Value.PROCESSING, VaultState.Value.UNLOCKED);
 	}
 
 }
diff --git a/main/ui/src/main/java/org/cryptomator/ui/mainwindow/MainWindowController.java b/main/ui/src/main/java/org/cryptomator/ui/mainwindow/MainWindowController.java
index 65c3a8fcf..392671246 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/mainwindow/MainWindowController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/mainwindow/MainWindowController.java
@@ -3,6 +3,8 @@ package org.cryptomator.ui.mainwindow;
 import org.apache.commons.lang3.SystemUtils;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultListManager;
+import org.cryptomator.cryptofs.CryptoFileSystemProvider;
+import org.cryptomator.cryptofs.DirStructure;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.wrongfilealert.WrongFileAlertComponent;
 import org.slf4j.Logger;
@@ -20,6 +22,7 @@ import javafx.scene.input.TransferMode;
 import javafx.scene.layout.StackPane;
 import javafx.stage.Stage;
 import java.io.File;
+import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.NoSuchFileException;
 import java.nio.file.Path;
@@ -27,6 +30,7 @@ import java.util.Set;
 import java.util.stream.Collectors;
 
 import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
+import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
 
 @MainWindowScoped
 public class MainWindowController implements FxController {
@@ -91,23 +95,21 @@ public class MainWindowController implements FxController {
 	}
 
 	private boolean containsVault(Path path) {
-		if (path.getFileName().toString().equals(MASTERKEY_FILENAME)) {
-			return true;
-		} else if (Files.isDirectory(path) && Files.exists(path.resolve(MASTERKEY_FILENAME))) {
-			return true;
-		} else {
+		try {
+			return CryptoFileSystemProvider.checkDirStructureForVault(path, VAULTCONFIG_FILENAME, MASTERKEY_FILENAME) != DirStructure.UNRELATED;
+		} catch (IOException e) {
 			return false;
 		}
 	}
 
 	private void addVault(Path pathToVault) {
 		try {
-			if (pathToVault.getFileName().toString().equals(MASTERKEY_FILENAME)) {
+			if (pathToVault.getFileName().toString().equals(VAULTCONFIG_FILENAME)) {
 				vaultListManager.add(pathToVault.getParent());
 			} else {
 				vaultListManager.add(pathToVault);
 			}
-		} catch (NoSuchFileException e) {
+		} catch (IOException e) {
 			LOG.debug("Not a vault: {}", pathToVault);
 		}
 	}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/mainwindow/MainWindowModule.java b/main/ui/src/main/java/org/cryptomator/ui/mainwindow/MainWindowModule.java
index f8316d289..90311bd5b 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/mainwindow/MainWindowModule.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/mainwindow/MainWindowModule.java
@@ -12,6 +12,7 @@ import org.cryptomator.ui.common.FxControllerKey;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
 import org.cryptomator.ui.common.StageFactory;
+import org.cryptomator.ui.health.HealthCheckComponent;
 import org.cryptomator.ui.migration.MigrationComponent;
 import org.cryptomator.ui.removevault.RemoveVaultComponent;
 import org.cryptomator.ui.vaultoptions.VaultOptionsComponent;
@@ -27,7 +28,7 @@ import javafx.stage.StageStyle;
 import java.util.Map;
 import java.util.ResourceBundle;
 
-@Module(subcomponents = {AddVaultWizardComponent.class, MigrationComponent.class, RemoveVaultComponent.class, VaultOptionsComponent.class, VaultStatisticsComponent.class, WrongFileAlertComponent.class})
+@Module(subcomponents = {AddVaultWizardComponent.class, HealthCheckComponent.class, MigrationComponent.class, RemoveVaultComponent.class, VaultOptionsComponent.class, VaultStatisticsComponent.class, WrongFileAlertComponent.class})
 abstract class MainWindowModule {
 
 	@Provides
@@ -86,6 +87,11 @@ abstract class MainWindowModule {
 	@FxControllerKey(VaultListController.class)
 	abstract FxController bindVaultListController(VaultListController controller);
 
+	@Binds
+	@IntoMap
+	@FxControllerKey(VaultListContextMenuController.class)
+	abstract FxController bindVaultListContextMenuController(VaultListContextMenuController controller);
+
 	@Binds
 	@IntoMap
 	@FxControllerKey(VaultDetailController.class)
diff --git a/main/ui/src/main/java/org/cryptomator/ui/mainwindow/MainWindowTitleController.java b/main/ui/src/main/java/org/cryptomator/ui/mainwindow/MainWindowTitleController.java
index 5a5bb59a6..ea9311c88 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/mainwindow/MainWindowTitleController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/mainwindow/MainWindowTitleController.java
@@ -95,7 +95,7 @@ public class MainWindowTitleController implements FxController {
 
 	@FXML
 	public void showDonationKeyPreferences() {
-		application.showPreferencesWindow(SelectedPreferencesTab.DONATION_KEY);
+		application.showPreferencesWindow(SelectedPreferencesTab.CONTRIBUTE);
 	}
 
 	/* Getter/Setter */
diff --git a/main/ui/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailController.java b/main/ui/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailController.java
index 40df6b7c5..7b5c4c7c9 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailController.java
@@ -32,7 +32,8 @@ public class VaultDetailController implements FxController {
 		this.anyVaultSelected = vault.isNotNull();
 	}
 
-	private FontAwesome5Icon getGlyphForVaultState(VaultState state) {
+	// TODO deduplicate w/ VaultListCellController
+	private FontAwesome5Icon getGlyphForVaultState(VaultState.Value state) {
 		if (state != null) {
 			return switch (state) {
 				case LOCKED -> FontAwesome5Icon.LOCK;
diff --git a/main/ui/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailLockedController.java b/main/ui/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailLockedController.java
index bc2f2100a..5fee2e6d1 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailLockedController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/mainwindow/VaultDetailLockedController.java
@@ -5,6 +5,7 @@ import org.cryptomator.common.keychain.KeychainManager;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.fxapp.FxApplication;
+import org.cryptomator.ui.health.HealthCheckComponent;
 import org.cryptomator.ui.vaultoptions.SelectedVaultOptionsTab;
 import org.cryptomator.ui.vaultoptions.VaultOptionsComponent;
 
@@ -13,6 +14,7 @@ import javafx.beans.binding.BooleanExpression;
 import javafx.beans.property.ObjectProperty;
 import javafx.beans.property.ReadOnlyObjectProperty;
 import javafx.beans.property.SimpleBooleanProperty;
+import javafx.event.ActionEvent;
 import javafx.fxml.FXML;
 import javafx.stage.Stage;
 import java.util.Optional;
@@ -28,13 +30,13 @@ public class VaultDetailLockedController implements FxController {
 	private final BooleanExpression passwordSaved;
 
 	@Inject
-	VaultDetailLockedController(ObjectProperty<Vault> vault, FxApplication application, VaultOptionsComponent.Builder vaultOptionsWindow, KeychainManager keychain, @MainWindow Stage mainWindow) {
+	VaultDetailLockedController(ObjectProperty<Vault> vault, FxApplication application,  VaultOptionsComponent.Builder vaultOptionsWindow, KeychainManager keychain, @MainWindow Stage mainWindow) {
 		this.vault = vault;
 		this.application = application;
 		this.vaultOptionsWindow = vaultOptionsWindow;
 		this.keychain = keychain;
 		this.mainWindow = mainWindow;
-		if (keychain.isSupported()) {
+		if (keychain.isSupported() && !keychain.isLocked()) {
 			this.passwordSaved = BooleanExpression.booleanExpression(EasyBind.select(vault).selectObject(v -> keychain.getPassphraseStoredProperty(v.getId())));
 		} else {
 			this.passwordSaved = new SimpleBooleanProperty(false);
diff --git a/main/ui/src/main/java/org/cryptomator/ui/mainwindow/VaultListCellController.java b/main/ui/src/main/java/org/cryptomator/ui/mainwindow/VaultListCellController.java
index abc287d6e..f18369e7a 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/mainwindow/VaultListCellController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/mainwindow/VaultListCellController.java
@@ -24,7 +24,8 @@ public class VaultListCellController implements FxController {
 				.map(this::getGlyphForVaultState);
 	}
 
-	private FontAwesome5Icon getGlyphForVaultState(VaultState state) {
+	// TODO deduplicate w/ VaultDetailController
+	private FontAwesome5Icon getGlyphForVaultState(VaultState.Value state) {
 		if (state != null) {
 			return switch (state) {
 				case LOCKED -> FontAwesome5Icon.LOCK;
diff --git a/main/ui/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java b/main/ui/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java
new file mode 100644
index 000000000..145618fa8
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/mainwindow/VaultListContextMenuController.java
@@ -0,0 +1,128 @@
+package org.cryptomator.ui.mainwindow;
+
+import com.tobiasdiez.easybind.EasyBind;
+import com.tobiasdiez.easybind.optional.ObservableOptionalValue;
+import com.tobiasdiez.easybind.optional.OptionalBinding;
+import org.cryptomator.common.keychain.KeychainManager;
+import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.common.vaults.VaultState;
+import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.fxapp.FxApplication;
+import org.cryptomator.ui.removevault.RemoveVaultComponent;
+import org.cryptomator.ui.vaultoptions.SelectedVaultOptionsTab;
+import org.cryptomator.ui.vaultoptions.VaultOptionsComponent;
+
+import javax.inject.Inject;
+import javafx.beans.binding.Binding;
+import javafx.beans.property.ObjectProperty;
+import javafx.fxml.FXML;
+import javafx.stage.Stage;
+import java.util.EnumSet;
+import java.util.Optional;
+
+import static org.cryptomator.common.vaults.VaultState.Value.*;
+
+@MainWindowScoped
+public class VaultListContextMenuController implements FxController {
+
+	private final ObservableOptionalValue<Vault> selectedVault;
+	private final Stage mainWindow;
+	private final FxApplication application;
+	private final KeychainManager keychain;
+	private final RemoveVaultComponent.Builder removeVault;
+	private final VaultOptionsComponent.Builder vaultOptionsWindow;
+	private final OptionalBinding<VaultState.Value> selectedVaultState;
+	private final Binding<Boolean> selectedVaultPassphraseStored;
+	private final Binding<Boolean> selectedVaultRemovable;
+	private final Binding<Boolean> selectedVaultUnlockable;
+	private final Binding<Boolean> selectedVaultLockable;
+
+	@Inject
+	VaultListContextMenuController(ObjectProperty<Vault> selectedVault, @MainWindow Stage mainWindow, FxApplication application, KeychainManager keychain, RemoveVaultComponent.Builder removeVault, VaultOptionsComponent.Builder vaultOptionsWindow) {
+		this.selectedVault = EasyBind.wrapNullable(selectedVault);
+		this.mainWindow = mainWindow;
+		this.application = application;
+		this.keychain = keychain;
+		this.removeVault = removeVault;
+		this.vaultOptionsWindow = vaultOptionsWindow;
+
+		this.selectedVaultState = this.selectedVault.mapObservable(Vault::stateProperty);
+		this.selectedVaultPassphraseStored = this.selectedVault.map(this::isPasswordStored).orElse(false);
+		this.selectedVaultRemovable = selectedVaultState.map(EnumSet.of(LOCKED, MISSING, ERROR, NEEDS_MIGRATION)::contains).orElse(false);
+		this.selectedVaultUnlockable = selectedVaultState.map(LOCKED::equals).orElse(false);
+		this.selectedVaultLockable = selectedVaultState.map(UNLOCKED::equals).orElse(false);
+	}
+
+	private boolean isPasswordStored(Vault vault) {
+		return keychain.getPassphraseStoredProperty(vault.getId()).get();
+	}
+
+	@FXML
+	public void didClickRemoveVault() {
+		selectedVault.ifValuePresent(v -> {
+			removeVault.vault(v).build().showRemoveVault();
+		});
+	}
+
+	@FXML
+	public void didClickShowVaultOptions() {
+		selectedVault.ifValuePresent(v -> {
+			vaultOptionsWindow.vault(v).build().showVaultOptionsWindow(SelectedVaultOptionsTab.ANY);
+		});
+	}
+
+	@FXML
+	public void didClickUnlockVault() {
+		selectedVault.ifValuePresent(v -> {
+			application.startUnlockWorkflow(v, Optional.of(mainWindow));
+		});
+	}
+
+	@FXML
+	public void didClickLockVault() {
+		selectedVault.ifValuePresent(v -> {
+			application.startLockWorkflow(v, Optional.of(mainWindow));
+		});
+	}
+
+	@FXML
+	public void didClickRevealVault() {
+		selectedVault.ifValuePresent(v -> {
+			application.getVaultService().reveal(v);
+		});
+	}
+
+	// Getter and Setter
+
+	public Binding<Boolean> selectedVaultUnlockableProperty() {
+		return selectedVaultUnlockable;
+	}
+
+	public boolean isSelectedVaultUnlockable() {
+		return selectedVaultUnlockable.getValue();
+	}
+
+	public Binding<Boolean> selectedVaultLockableProperty() {
+		return selectedVaultLockable;
+	}
+
+	public boolean isSelectedVaultLockable() {
+		return selectedVaultLockable.getValue();
+	}
+
+	public Binding<Boolean> selectedVaultRemovableProperty() {
+		return selectedVaultRemovable;
+	}
+
+	public boolean isSelectedVaultRemovable() {
+		return selectedVaultRemovable.getValue();
+	}
+
+	public Binding<Boolean> selectedVaultPassphraseStoredProperty() {
+		return selectedVaultPassphraseStored;
+	}
+
+	public boolean isSelectedVaultPassphraseStored() {
+		return selectedVaultPassphraseStored.getValue();
+	}
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java b/main/ui/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
index fc751d862..dbe858a55 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/mainwindow/VaultListController.java
@@ -1,12 +1,11 @@
 package org.cryptomator.ui.mainwindow;
 
+import org.apache.commons.lang3.SystemUtils;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultListManager;
 import org.cryptomator.ui.addvaultwizard.AddVaultWizardComponent;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.removevault.RemoveVaultComponent;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
 import javafx.beans.binding.Bindings;
@@ -17,30 +16,43 @@ import javafx.collections.ListChangeListener;
 import javafx.collections.ObservableList;
 import javafx.fxml.FXML;
 import javafx.scene.control.ListView;
+import javafx.scene.input.ContextMenuEvent;
+import javafx.scene.input.KeyCode;
+import javafx.scene.input.KeyEvent;
+import javafx.scene.input.MouseEvent;
+import javafx.stage.Stage;
+import java.util.EnumSet;
+
+import static org.cryptomator.common.vaults.VaultState.Value.ERROR;
+import static org.cryptomator.common.vaults.VaultState.Value.LOCKED;
+import static org.cryptomator.common.vaults.VaultState.Value.MISSING;
+import static org.cryptomator.common.vaults.VaultState.Value.NEEDS_MIGRATION;
 
 @MainWindowScoped
 public class VaultListController implements FxController {
 
-	private static final Logger LOG = LoggerFactory.getLogger(VaultListController.class);
 
+	private final Stage mainWindow;
 	private final ObservableList<Vault> vaults;
 	private final ObjectProperty<Vault> selectedVault;
 	private final VaultListCellFactory cellFactory;
 	private final AddVaultWizardComponent.Builder addVaultWizard;
-	private final RemoveVaultComponent.Builder removeVault;
-	private final BooleanBinding noVaultSelected;
 	private final BooleanBinding emptyVaultList;
+	private final RemoveVaultComponent.Builder removeVaultDialogue;
+
 	public ListView<Vault> vaultList;
 
 	@Inject
-	VaultListController(ObservableList<Vault> vaults, ObjectProperty<Vault> selectedVault, VaultListCellFactory cellFactory, AddVaultWizardComponent.Builder addVaultWizard, RemoveVaultComponent.Builder removeVault) {
+	VaultListController(@MainWindow Stage mainWindow, ObservableList<Vault> vaults, ObjectProperty<Vault> selectedVault, VaultListCellFactory cellFactory, AddVaultWizardComponent.Builder addVaultWizard, RemoveVaultComponent.Builder removeVaultDialogue) {
+		this.mainWindow = mainWindow;
 		this.vaults = vaults;
 		this.selectedVault = selectedVault;
 		this.cellFactory = cellFactory;
 		this.addVaultWizard = addVaultWizard;
-		this.removeVault = removeVault;
-		this.noVaultSelected = selectedVault.isNull();
+		this.removeVaultDialogue = removeVaultDialogue;
+
 		this.emptyVaultList = Bindings.isEmpty(vaults);
+
 		selectedVault.addListener(this::selectedVaultDidChange);
 	}
 
@@ -56,6 +68,41 @@ public class VaultListController implements FxController {
 				}
 			}
 		});
+		vaultList.addEventFilter(MouseEvent.MOUSE_RELEASED, this::deselect);
+		vaultList.addEventFilter(ContextMenuEvent.CONTEXT_MENU_REQUESTED, request -> {
+			if (selectedVault.get() == null) {
+				request.consume();
+			}
+		});
+		vaultList.addEventFilter(KeyEvent.KEY_PRESSED, keyEvent -> {
+			if (keyEvent.getCode() == KeyCode.DELETE) {
+				pressedShortcutToRemoveVault();
+				keyEvent.consume();
+			}
+		});
+		if (SystemUtils.IS_OS_MAC) {
+			vaultList.addEventFilter(KeyEvent.KEY_PRESSED, keyEvent -> {
+				if (keyEvent.getCode() == KeyCode.BACK_SPACE) {
+					pressedShortcutToRemoveVault();
+					keyEvent.consume();
+				}
+			});
+		}
+
+		//register vault selection shortcut to the main window
+		mainWindow.addEventFilter(KeyEvent.KEY_RELEASED, keyEvent -> {
+			if (keyEvent.isShortcutDown() && keyEvent.getCode().isDigitKey()) {
+				vaultList.getSelectionModel().select(Integer.parseInt(keyEvent.getText()) - 1);
+				keyEvent.consume();
+			}
+		});
+	}
+
+	private void deselect(MouseEvent released) {
+		if (released.getY() > (vaultList.getItems().size() * vaultList.fixedCellSizeProperty().get())) {
+			vaultList.getSelectionModel().clearSelection();
+			released.consume();
+		}
 	}
 
 	private void selectedVaultDidChange(@SuppressWarnings("unused") ObservableValue<? extends Vault> observableValue, @SuppressWarnings("unused") Vault oldValue, Vault newValue) {
@@ -70,13 +117,10 @@ public class VaultListController implements FxController {
 		addVaultWizard.build().showAddVaultWizard();
 	}
 
-	@FXML
-	public void didClickRemoveVault() {
-		Vault v = selectedVault.get();
-		if (v != null) {
-			removeVault.vault(v).build().showRemoveVault();
-		} else {
-			LOG.debug("Cannot remove a vault if none is selected.");
+	private void pressedShortcutToRemoveVault() {
+		final var vault = selectedVault.get();
+		if (vault != null && EnumSet.of(LOCKED, MISSING, ERROR, NEEDS_MIGRATION).contains(vault.getState())) {
+			removeVaultDialogue.vault(vault).build().showRemoveVault();
 		}
 	}
 
@@ -90,11 +134,4 @@ public class VaultListController implements FxController {
 		return emptyVaultList.get();
 	}
 
-	public BooleanBinding noVaultSelectedProperty() {
-		return noVaultSelected;
-	}
-
-	public boolean isNoVaultSelected() {
-		return noVaultSelected.get();
-	}
 }
diff --git a/main/ui/src/main/java/org/cryptomator/ui/migration/MigrationRunController.java b/main/ui/src/main/java/org/cryptomator/ui/migration/MigrationRunController.java
index 830e15819..a9b0085d8 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/migration/MigrationRunController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/migration/MigrationRunController.java
@@ -26,6 +26,7 @@ import javax.inject.Named;
 import javafx.application.Platform;
 import javafx.beans.binding.Bindings;
 import javafx.beans.binding.ObjectBinding;
+import javafx.beans.binding.ObjectExpression;
 import javafx.beans.property.BooleanProperty;
 import javafx.beans.property.DoubleProperty;
 import javafx.beans.property.ObjectProperty;
@@ -43,6 +44,7 @@ import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.TimeUnit;
 
 import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
+import static org.cryptomator.common.Constants.VAULTCONFIG_FILENAME;
 
 @MigrationScoped
 public class MigrationRunController implements FxController {
@@ -89,7 +91,12 @@ public class MigrationRunController implements FxController {
 		if (keychain.isSupported()) {
 			loadStoredPassword();
 		}
-		migrationButtonDisabled.bind(vault.stateProperty().isNotEqualTo(VaultState.NEEDS_MIGRATION).or(passwordField.textProperty().isEmpty()));
+
+		migrationButtonDisabled.bind(ObjectExpression.objectExpression(vault.stateProperty())
+				.isNotEqualTo(VaultState.Value.NEEDS_MIGRATION)
+				.or(passwordField.textProperty().isEmpty()));
+
+		window.setOnHiding(event -> passwordField.wipe());
 	}
 
 	@FXML
@@ -101,7 +108,7 @@ public class MigrationRunController implements FxController {
 	public void migrate() {
 		LOG.info("Migrating vault {}", vault.getPath());
 		CharSequence password = passwordField.getCharacters();
-		vault.setState(VaultState.PROCESSING);
+		vault.stateProperty().transition(VaultState.Value.NEEDS_MIGRATION, VaultState.Value.PROCESSING);
 		passwordField.setDisable(true);
 		ScheduledFuture<?> progressSyncTask = scheduler.scheduleAtFixedRate(() -> {
 			Platform.runLater(() -> {
@@ -110,15 +117,15 @@ public class MigrationRunController implements FxController {
 		}, 0, MIGRATION_PROGRESS_UPDATE_MILLIS, TimeUnit.MILLISECONDS);
 		Tasks.create(() -> {
 			Migrators migrators = Migrators.get();
-			migrators.migrate(vault.getPath(), MASTERKEY_FILENAME, password, this::migrationProgressChanged, this::migrationRequiresInput);
-			return migrators.needsMigration(vault.getPath(), MASTERKEY_FILENAME);
+			migrators.migrate(vault.getPath(), VAULTCONFIG_FILENAME, MASTERKEY_FILENAME, password, this::migrationProgressChanged, this::migrationRequiresInput);
+			return migrators.needsMigration(vault.getPath(), VAULTCONFIG_FILENAME, MASTERKEY_FILENAME);
 		}).onSuccess(needsAnotherMigration -> {
 			if (needsAnotherMigration) {
 				LOG.info("Migration of '{}' succeeded, but another migration is required.", vault.getDisplayName());
-				vault.setState(VaultState.NEEDS_MIGRATION);
+				vault.stateProperty().transition(VaultState.Value.PROCESSING, VaultState.Value.NEEDS_MIGRATION);
 			} else {
 				LOG.info("Migration of '{}' succeeded.", vault.getDisplayName());
-				vault.setState(VaultState.LOCKED);
+				vault.stateProperty().transition(VaultState.Value.PROCESSING, VaultState.Value.LOCKED);
 				passwordField.wipe();
 				window.setScene(successScene.get());
 			}
@@ -127,20 +134,20 @@ public class MigrationRunController implements FxController {
 			passwordField.setDisable(false);
 			passwordField.selectAll();
 			passwordField.requestFocus();
-			vault.setState(VaultState.NEEDS_MIGRATION);
+			vault.stateProperty().transition(VaultState.Value.PROCESSING, VaultState.Value.NEEDS_MIGRATION);
 		}).onError(FileSystemCapabilityChecker.MissingCapabilityException.class, e -> {
 			LOG.error("Underlying file system not supported.", e);
-			vault.setState(VaultState.NEEDS_MIGRATION);
+			vault.stateProperty().transition(VaultState.Value.PROCESSING, VaultState.Value.NEEDS_MIGRATION);
 			missingCapability.set(e.getMissingCapability());
 			window.setScene(capabilityErrorScene.get());
 		}).onError(FileNameTooLongException.class, e -> {
 			LOG.error("Migration failed because the underlying file system does not support long filenames.", e);
-			vault.setState(VaultState.NEEDS_MIGRATION);
+			vault.stateProperty().transition(VaultState.Value.PROCESSING, VaultState.Value.NEEDS_MIGRATION);
 			errorComponent.cause(e).window(window).returnToScene(startScene.get()).build().showErrorScene();
 			window.setScene(impossibleScene.get());
 		}).onError(Exception.class, e -> { // including RuntimeExceptions
 			LOG.error("Migration failed for technical reasons.", e);
-			vault.setState(VaultState.NEEDS_MIGRATION);
+			vault.stateProperty().transition(VaultState.Value.PROCESSING, VaultState.Value.NEEDS_MIGRATION);
 			errorComponent.cause(e).window(window).returnToScene(startScene.get()).build().showErrorScene();
 		}).andFinally(() -> {
 			passwordField.setDisable(false);
diff --git a/main/ui/src/main/java/org/cryptomator/ui/preferences/GeneralPreferencesController.java b/main/ui/src/main/java/org/cryptomator/ui/preferences/GeneralPreferencesController.java
index ea1fbfe3a..64d71a8b7 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/preferences/GeneralPreferencesController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/preferences/GeneralPreferencesController.java
@@ -157,8 +157,8 @@ public class GeneralPreferencesController implements FxController {
 
 
 	@FXML
-	public void showDonationTab() {
-		selectedTabProperty.set(SelectedPreferencesTab.DONATION_KEY);
+	public void showContributeTab() {
+		selectedTabProperty.set(SelectedPreferencesTab.CONTRIBUTE);
 	}
 
 	@FXML
diff --git a/main/ui/src/main/java/org/cryptomator/ui/preferences/PreferencesController.java b/main/ui/src/main/java/org/cryptomator/ui/preferences/PreferencesController.java
index 64d5c991b..276794753 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/preferences/PreferencesController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/preferences/PreferencesController.java
@@ -26,7 +26,7 @@ public class PreferencesController implements FxController {
 	public Tab generalTab;
 	public Tab volumeTab;
 	public Tab updatesTab;
-	public Tab donationKeyTab;
+	public Tab contributeTab;
 	public Tab aboutTab;
 
 	@Inject
@@ -52,7 +52,7 @@ public class PreferencesController implements FxController {
 		return switch (selectedTab) {
 			case UPDATES -> updatesTab;
 			case VOLUME -> volumeTab;
-			case DONATION_KEY -> donationKeyTab;
+			case CONTRIBUTE -> contributeTab;
 			case GENERAL -> generalTab;
 			case ABOUT -> aboutTab;
 			case ANY -> updateAvailable.get() ? updatesTab : generalTab;
diff --git a/main/ui/src/main/java/org/cryptomator/ui/preferences/PreferencesModule.java b/main/ui/src/main/java/org/cryptomator/ui/preferences/PreferencesModule.java
index 51fa6b581..5fee567b7 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/preferences/PreferencesModule.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/preferences/PreferencesModule.java
@@ -77,8 +77,8 @@ abstract class PreferencesModule {
 
 	@Binds
 	@IntoMap
-	@FxControllerKey(DonationKeyPreferencesController.class)
-	abstract FxController bindDonationKeyPreferencesController(DonationKeyPreferencesController controller);
+	@FxControllerKey(SupporterCertificateController.class)
+	abstract FxController bindSupporterCertificatePreferencesController(SupporterCertificateController controller);
 
 	@Binds
 	@IntoMap
diff --git a/main/ui/src/main/java/org/cryptomator/ui/preferences/SelectedPreferencesTab.java b/main/ui/src/main/java/org/cryptomator/ui/preferences/SelectedPreferencesTab.java
index a76f2ac1c..892d16a8c 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/preferences/SelectedPreferencesTab.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/preferences/SelectedPreferencesTab.java
@@ -22,9 +22,9 @@ public enum SelectedPreferencesTab {
 	UPDATES,
 
 	/**
-	 * Show donation key tab
+	 * Show contribute tab
 	 */
-	DONATION_KEY,
+	CONTRIBUTE,
 
 	/**
 	 * Show about tab
diff --git a/main/ui/src/main/java/org/cryptomator/ui/preferences/DonationKeyPreferencesController.java b/main/ui/src/main/java/org/cryptomator/ui/preferences/SupporterCertificateController.java
similarity index 68%
rename from main/ui/src/main/java/org/cryptomator/ui/preferences/DonationKeyPreferencesController.java
rename to main/ui/src/main/java/org/cryptomator/ui/preferences/SupporterCertificateController.java
index a4814ec82..02b8bab91 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/preferences/DonationKeyPreferencesController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/preferences/SupporterCertificateController.java
@@ -14,17 +14,17 @@ import javafx.scene.control.TextArea;
 import javafx.scene.control.TextFormatter;
 
 @PreferencesScoped
-public class DonationKeyPreferencesController implements FxController {
+public class SupporterCertificateController implements FxController {
 
-	private static final String DONATION_URI = "https://store.cryptomator.org/desktop";
+	private static final String SUPPORTER_URI = "https://store.cryptomator.org/desktop";
 
 	private final Application application;
 	private final LicenseHolder licenseHolder;
 	private final Settings settings;
-	public TextArea donationKeyField;
+	public TextArea supporterCertificateField;
 
 	@Inject
-	DonationKeyPreferencesController(Application application, LicenseHolder licenseHolder, Settings settings) {
+	SupporterCertificateController(Application application, LicenseHolder licenseHolder, Settings settings) {
 		this.application = application;
 		this.licenseHolder = licenseHolder;
 		this.settings = settings;
@@ -32,9 +32,9 @@ public class DonationKeyPreferencesController implements FxController {
 
 	@FXML
 	public void initialize() {
-		donationKeyField.setText(licenseHolder.getLicenseKey().orElse(null));
-		donationKeyField.textProperty().addListener(this::registrationKeyChanged);
-		donationKeyField.setTextFormatter(new TextFormatter<>(this::checkVaultNameLength));
+		supporterCertificateField.setText(licenseHolder.getLicenseKey().orElse(null));
+		supporterCertificateField.textProperty().addListener(this::registrationKeyChanged);
+		supporterCertificateField.setTextFormatter(new TextFormatter<>(this::checkVaultNameLength));
 	}
 
 	private TextFormatter.Change checkVaultNameLength(TextFormatter.Change change) {
@@ -53,8 +53,8 @@ public class DonationKeyPreferencesController implements FxController {
 	}
 
 	@FXML
-	public void getDonationKey() {
-		application.getHostServices().showDocument(DONATION_URI);
+	public void getSupporterCertificate() {
+		application.getHostServices().showDocument(SUPPORTER_URI);
 	}
 
 	public LicenseHolder getLicenseHolder() {
diff --git a/main/ui/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java b/main/ui/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
index 902f2cd50..104794604 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyCreationController.java
@@ -2,6 +2,7 @@ package org.cryptomator.ui.recoverykey;
 
 import dagger.Lazy;
 import org.cryptomator.common.vaults.Vault;
+import org.cryptomator.cryptolib.api.CryptoException;
 import org.cryptomator.cryptolib.api.InvalidPassphraseException;
 import org.cryptomator.ui.common.Animations;
 import org.cryptomator.ui.common.ErrorComponent;
@@ -80,7 +81,7 @@ public class RecoveryKeyCreationController implements FxController {
 		}
 
 		@Override
-		protected String call() throws IOException {
+		protected String call() throws IOException, CryptoException {
 			return recoveryKeyFactory.createRecoveryKey(vault.getPath(), passwordField.getCharacters());
 		}
 
diff --git a/main/ui/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyFactory.java b/main/ui/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyFactory.java
index 15d4e651e..c078c718b 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyFactory.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyFactory.java
@@ -2,28 +2,34 @@ package org.cryptomator.ui.recoverykey;
 
 import com.google.common.base.Preconditions;
 import com.google.common.hash.Hashing;
-import org.cryptomator.cryptofs.CryptoFileSystemProvider;
+import org.cryptomator.cryptofs.common.MasterkeyBackupHelper;
+import org.cryptomator.cryptolib.api.CryptoException;
 import org.cryptomator.cryptolib.api.InvalidPassphraseException;
+import org.cryptomator.cryptolib.api.Masterkey;
+import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
 import java.io.IOException;
+import java.nio.file.Files;
 import java.nio.file.Path;
+import java.nio.file.StandardCopyOption;
 import java.util.Arrays;
 import java.util.Collection;
 
+import static org.cryptomator.common.Constants.MASTERKEY_BACKUP_SUFFIX;
 import static org.cryptomator.common.Constants.MASTERKEY_FILENAME;
 
 @Singleton
 public class RecoveryKeyFactory {
 
-	private static final byte[] PEPPER = new byte[0];
-
 	private final WordEncoder wordEncoder;
+	private final MasterkeyFileAccess masterkeyFileAccess;
 
 	@Inject
-	public RecoveryKeyFactory(WordEncoder wordEncoder) {
+	public RecoveryKeyFactory(WordEncoder wordEncoder, MasterkeyFileAccess masterkeyFileAccess) {
 		this.wordEncoder = wordEncoder;
+		this.masterkeyFileAccess = masterkeyFileAccess;
 	}
 
 	public Collection<String> getDictionary() {
@@ -36,11 +42,14 @@ public class RecoveryKeyFactory {
 	 * @return The recovery key of the vault at the given path
 	 * @throws IOException If the masterkey file could not be read
 	 * @throws InvalidPassphraseException If the provided password is wrong
+	 * @throws CryptoException In case of other cryptographic errors
 	 * @apiNote This is a long-running operation and should be invoked in a background thread
 	 */
-	public String createRecoveryKey(Path vaultPath, CharSequence password) throws IOException, InvalidPassphraseException {
-		byte[] rawKey = CryptoFileSystemProvider.exportRawKey(vaultPath, MASTERKEY_FILENAME, PEPPER, password);
-		try {
+	public String createRecoveryKey(Path vaultPath, CharSequence password) throws IOException, InvalidPassphraseException, CryptoException {
+		Path masterkeyPath = vaultPath.resolve(MASTERKEY_FILENAME);
+		byte[] rawKey = new byte[0];
+		try (var masterkey = masterkeyFileAccess.load(masterkeyPath, password)) {
+			rawKey = masterkey.getEncoded();
 			return createRecoveryKey(rawKey);
 		} finally {
 			Arrays.fill(rawKey, (byte) 0x00);
@@ -72,8 +81,15 @@ public class RecoveryKeyFactory {
 	 */
 	public void resetPasswordWithRecoveryKey(Path vaultPath, String recoveryKey, CharSequence newPassword) throws IOException, IllegalArgumentException {
 		final byte[] rawKey = decodeRecoveryKey(recoveryKey);
-		try {
-			CryptoFileSystemProvider.restoreRawKey(vaultPath, MASTERKEY_FILENAME, rawKey, PEPPER, newPassword);
+		try (var masterkey = new Masterkey(rawKey)) {
+			Path masterkeyPath = vaultPath.resolve(MASTERKEY_FILENAME);
+			if (Files.exists(masterkeyPath)) {
+				byte[] oldMasterkeyBytes = Files.readAllBytes(masterkeyPath);
+				// TODO: deduplicate with ChangePasswordController:
+				Path backupKeyPath = vaultPath.resolve(MASTERKEY_FILENAME + MasterkeyBackupHelper.generateFileIdSuffix(oldMasterkeyBytes) + MASTERKEY_BACKUP_SUFFIX);
+				Files.move(masterkeyPath, backupKeyPath, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.ATOMIC_MOVE);
+			}
+			masterkeyFileAccess.persist(masterkey, masterkeyPath, newPassword);
 		} finally {
 			Arrays.fill(rawKey, (byte) 0x00);
 		}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java b/main/ui/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
index 58d9fbde9..b30167e73 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyModule.java
@@ -6,10 +6,10 @@ import dagger.Provides;
 import dagger.multibindings.IntoMap;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.ui.common.DefaultSceneFactory;
-import org.cryptomator.ui.common.FxmlLoaderFactory;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxControllerKey;
 import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlLoaderFactory;
 import org.cryptomator.ui.common.FxmlScene;
 import org.cryptomator.ui.common.NewPasswordController;
 import org.cryptomator.ui.common.PasswordStrengthUtil;
@@ -17,8 +17,6 @@ import org.cryptomator.ui.common.StageFactory;
 
 import javax.inject.Named;
 import javax.inject.Provider;
-import javafx.beans.property.ObjectProperty;
-import javafx.beans.property.SimpleObjectProperty;
 import javafx.beans.property.SimpleStringProperty;
 import javafx.beans.property.StringProperty;
 import javafx.scene.Scene;
@@ -56,14 +54,6 @@ abstract class RecoveryKeyModule {
 		return new SimpleStringProperty();
 	}
 
-	@Provides
-	@RecoveryKeyScoped
-	@Named("newPassword")
-	static ObjectProperty<CharSequence> provideNewPasswordProperty() {
-		return new SimpleObjectProperty<>("");
-	}
-
-
 	// ------------------
 
 	@Provides
@@ -126,8 +116,8 @@ abstract class RecoveryKeyModule {
 	@Provides
 	@IntoMap
 	@FxControllerKey(NewPasswordController.class)
-	static FxController provideNewPasswordController(ResourceBundle resourceBundle, PasswordStrengthUtil strengthRater, @Named("newPassword") ObjectProperty<CharSequence> password) {
-		return new NewPasswordController(resourceBundle, strengthRater, password);
+	static FxController provideNewPasswordController(ResourceBundle resourceBundle, PasswordStrengthUtil strengthRater) {
+		return new NewPasswordController(resourceBundle, strengthRater);
 	}
 
 }
diff --git a/main/ui/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java b/main/ui/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
index cdf54990f..a2319ba3c 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/recoverykey/RecoveryKeyResetPasswordController.java
@@ -6,14 +6,12 @@ import org.cryptomator.ui.common.ErrorComponent;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
+import org.cryptomator.ui.common.NewPasswordController;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
-import javax.inject.Named;
-import javafx.beans.binding.Bindings;
-import javafx.beans.binding.BooleanBinding;
-import javafx.beans.property.ObjectProperty;
+import javafx.beans.property.ReadOnlyBooleanProperty;
 import javafx.beans.property.StringProperty;
 import javafx.concurrent.Task;
 import javafx.fxml.FXML;
@@ -32,21 +30,19 @@ public class RecoveryKeyResetPasswordController implements FxController {
 	private final RecoveryKeyFactory recoveryKeyFactory;
 	private final ExecutorService executor;
 	private final StringProperty recoveryKey;
-	private final ObjectProperty<CharSequence> newPassword;
 	private final Lazy<Scene> recoverScene;
-	private final BooleanBinding invalidNewPassword;
 	private final ErrorComponent.Builder errorComponent;
 
+	public NewPasswordController newPasswordController;
+
 	@Inject
-	public RecoveryKeyResetPasswordController(@RecoveryKeyWindow Stage window, @RecoveryKeyWindow Vault vault, RecoveryKeyFactory recoveryKeyFactory, ExecutorService executor, @RecoveryKeyWindow StringProperty recoveryKey, @Named("newPassword") ObjectProperty<CharSequence> newPassword, @FxmlScene(FxmlFile.RECOVERYKEY_RECOVER) Lazy<Scene> recoverScene, ErrorComponent.Builder errorComponent) {
+	public RecoveryKeyResetPasswordController(@RecoveryKeyWindow Stage window, @RecoveryKeyWindow Vault vault, RecoveryKeyFactory recoveryKeyFactory, ExecutorService executor, @RecoveryKeyWindow StringProperty recoveryKey, @FxmlScene(FxmlFile.RECOVERYKEY_RECOVER) Lazy<Scene> recoverScene, ErrorComponent.Builder errorComponent) {
 		this.window = window;
 		this.vault = vault;
 		this.recoveryKeyFactory = recoveryKeyFactory;
 		this.executor = executor;
 		this.recoveryKey = recoveryKey;
-		this.newPassword = newPassword;
 		this.recoverScene = recoverScene;
-		this.invalidNewPassword = Bindings.createBooleanBinding(this::isInvalidNewPassword, newPassword);
 		this.errorComponent = errorComponent;
 	}
 
@@ -81,7 +77,7 @@ public class RecoveryKeyResetPasswordController implements FxController {
 
 		@Override
 		protected Void call() throws IOException, IllegalArgumentException {
-			recoveryKeyFactory.resetPasswordWithRecoveryKey(vault.getPath(), recoveryKey.get(), newPassword.get());
+			recoveryKeyFactory.resetPasswordWithRecoveryKey(vault.getPath(), recoveryKey.get(), newPasswordController.passwordField.getCharacters());
 			return null;
 		}
 
@@ -89,11 +85,12 @@ public class RecoveryKeyResetPasswordController implements FxController {
 
 	/* Getter/Setter */
 
-	public BooleanBinding invalidNewPasswordProperty() {
-		return invalidNewPassword;
+	public ReadOnlyBooleanProperty validPasswordProperty() {
+		return newPasswordController.passwordsMatchAndSufficientProperty();
 	}
 
-	public boolean isInvalidNewPassword() {
-		return newPassword.get() == null || newPassword.get().length() == 0;
+	public boolean isValidPassword() {
+		return newPasswordController.passwordsMatchAndSufficientProperty().get();
 	}
+
 }
diff --git a/main/ui/src/main/java/org/cryptomator/ui/stats/VaultStatisticsModule.java b/main/ui/src/main/java/org/cryptomator/ui/stats/VaultStatisticsModule.java
index 803de314c..6f195274c 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/stats/VaultStatisticsModule.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/stats/VaultStatisticsModule.java
@@ -43,8 +43,8 @@ abstract class VaultStatisticsModule {
 		var weakStage = new WeakReference<>(stage);
 		vault.stateProperty().addListener(new ChangeListener<>() {
 			@Override
-			public void changed(ObservableValue<? extends VaultState> observable, VaultState oldValue, VaultState newValue) {
-				if (newValue != VaultState.UNLOCKED) {
+			public void changed(ObservableValue<? extends VaultState.Value> observable, VaultState.Value oldValue, VaultState.Value newValue) {
+				if (newValue != VaultState.Value.UNLOCKED) {
 					Stage stage = weakStage.get();
 					if (stage != null) {
 						stage.hide();
diff --git a/main/ui/src/main/java/org/cryptomator/ui/traymenu/TrayMenuController.java b/main/ui/src/main/java/org/cryptomator/ui/traymenu/TrayMenuController.java
index 96529c5fb..4ce3808c4 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/traymenu/TrayMenuController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/traymenu/TrayMenuController.java
@@ -44,6 +44,9 @@ class TrayMenuController {
 
 	public void initTrayMenu() {
 		vaults.addListener(this::vaultListChanged);
+		vaults.forEach(v -> {
+			v.displayNameProperty().addListener(this::vaultListChanged);
+		});
 		rebuildMenu();
 	}
 
diff --git a/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockCancelledException.java b/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockCancelledException.java
new file mode 100644
index 000000000..c795eb5ea
--- /dev/null
+++ b/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockCancelledException.java
@@ -0,0 +1,14 @@
+package org.cryptomator.ui.unlock;
+
+import org.cryptomator.cryptolib.api.MasterkeyLoadingFailedException;
+
+public class UnlockCancelledException extends MasterkeyLoadingFailedException {
+
+	public UnlockCancelledException(String message) {
+		super(message);
+	}
+
+	public UnlockCancelledException(String message, Throwable cause) {
+		super(message, cause);
+	}
+}
diff --git a/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockInvalidMountPointController.java b/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockInvalidMountPointController.java
index 1850953c9..fd85db988 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockInvalidMountPointController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockInvalidMountPointController.java
@@ -1,15 +1,11 @@
 package org.cryptomator.ui.unlock;
 
-import dagger.Lazy;
 import org.cryptomator.common.vaults.MountPointRequirement;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.ui.common.FxController;
-import org.cryptomator.ui.common.FxmlFile;
-import org.cryptomator.ui.common.FxmlScene;
 
 import javax.inject.Inject;
 import javafx.fxml.FXML;
-import javafx.scene.Scene;
 import javafx.stage.Stage;
 
 //At the current point in time only the CustomMountPointChooser may cause this window to be shown.
@@ -17,19 +13,17 @@ import javafx.stage.Stage;
 public class UnlockInvalidMountPointController implements FxController {
 
 	private final Stage window;
-	private final Lazy<Scene> unlockScene;
 	private final Vault vault;
 
 	@Inject
-	UnlockInvalidMountPointController(@UnlockWindow Stage window, @FxmlScene(FxmlFile.UNLOCK) Lazy<Scene> unlockScene, @UnlockWindow Vault vault) {
+	UnlockInvalidMountPointController(@UnlockWindow Stage window, @UnlockWindow Vault vault) {
 		this.window = window;
-		this.unlockScene = unlockScene;
 		this.vault = vault;
 	}
 
 	@FXML
-	public void back() {
-		window.setScene(unlockScene.get());
+	public void close() {
+		window.close();
 	}
 
 	/* Getter/Setter */
diff --git a/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockModule.java b/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockModule.java
index 2ed17fdff..3c1267e65 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockModule.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockModule.java
@@ -4,20 +4,16 @@ import dagger.Binds;
 import dagger.Module;
 import dagger.Provides;
 import dagger.multibindings.IntoMap;
-import org.cryptomator.common.keychain.KeychainManager;
 import org.cryptomator.common.vaults.Vault;
-import org.cryptomator.integrations.keychain.KeychainAccessException;
 import org.cryptomator.ui.common.DefaultSceneFactory;
-import org.cryptomator.ui.common.FxmlLoaderFactory;
 import org.cryptomator.ui.common.FxController;
 import org.cryptomator.ui.common.FxControllerKey;
 import org.cryptomator.ui.common.FxmlFile;
+import org.cryptomator.ui.common.FxmlLoaderFactory;
 import org.cryptomator.ui.common.FxmlScene;
 import org.cryptomator.ui.common.StageFactory;
-import org.cryptomator.ui.common.UserInteractionLock;
-import org.cryptomator.ui.forgetPassword.ForgetPasswordComponent;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.cryptomator.ui.keyloading.KeyLoadingComponent;
+import org.cryptomator.ui.keyloading.KeyLoadingStrategy;
 
 import javax.inject.Named;
 import javax.inject.Provider;
@@ -27,54 +23,10 @@ import javafx.stage.Stage;
 import java.util.Map;
 import java.util.Optional;
 import java.util.ResourceBundle;
-import java.util.concurrent.atomic.AtomicBoolean;
-import java.util.concurrent.atomic.AtomicReference;
 
-@Module(subcomponents = {ForgetPasswordComponent.class})
+@Module(subcomponents = {KeyLoadingComponent.class})
 abstract class UnlockModule {
 
-	private static final Logger LOG = LoggerFactory.getLogger(UnlockModule.class);
-
-	public enum PasswordEntry {
-		PASSWORD_ENTERED,
-		CANCELED
-	}
-
-	@Provides
-	@UnlockScoped
-	static UserInteractionLock<PasswordEntry> providePasswordEntryLock() {
-		return new UserInteractionLock<>(null);
-	}
-
-	@Provides
-	@Named("savedPassword")
-	@UnlockScoped
-	static Optional<char[]> provideStoredPassword(KeychainManager keychain, @UnlockWindow Vault vault) {
-		if (!keychain.isSupported()) {
-			return Optional.empty();
-		} else {
-			try {
-				return Optional.ofNullable(keychain.loadPassphrase(vault.getId()));
-			} catch (KeychainAccessException e) {
-				LOG.error("Failed to load entry from system keychain.", e);
-				return Optional.empty();
-			}
-		}
-	}
-
-	@Provides
-	@UnlockScoped
-	static AtomicReference<char[]> providePassword(@Named("savedPassword") Optional<char[]> storedPassword) {
-		return new AtomicReference(storedPassword.orElse(null));
-	}
-
-	@Provides
-	@Named("savePassword")
-	@UnlockScoped
-	static AtomicBoolean provideSavePasswordFlag(@Named("savedPassword") Optional<char[]> storedPassword) {
-		return new AtomicBoolean(storedPassword.isPresent());
-	}
-
 	@Provides
 	@UnlockWindow
 	@UnlockScoped
@@ -99,10 +51,10 @@ abstract class UnlockModule {
 	}
 
 	@Provides
-	@FxmlScene(FxmlFile.UNLOCK)
+	@UnlockWindow
 	@UnlockScoped
-	static Scene provideUnlockScene(@UnlockWindow FxmlLoaderFactory fxmlLoaders) {
-		return fxmlLoaders.createScene(FxmlFile.UNLOCK);
+	static KeyLoadingStrategy provideKeyLoadingStrategy(KeyLoadingComponent.Builder compBuilder, @UnlockWindow Vault vault, @UnlockWindow Stage window) {
+		return compBuilder.vault(vault).window(window).build().keyloadingStrategy();
 	}
 
 	@Provides
@@ -121,11 +73,6 @@ abstract class UnlockModule {
 
 	// ------------------
 
-	@Binds
-	@IntoMap
-	@FxControllerKey(UnlockController.class)
-	abstract FxController bindUnlockController(UnlockController controller);
-
 	@Binds
 	@IntoMap
 	@FxControllerKey(UnlockSuccessController.class)
diff --git a/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockWorkflow.java b/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockWorkflow.java
index c1b5fbd45..36c3eacf9 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockWorkflow.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/unlock/UnlockWorkflow.java
@@ -1,40 +1,31 @@
 package org.cryptomator.ui.unlock;
 
 import dagger.Lazy;
-import org.cryptomator.common.keychain.KeychainManager;
 import org.cryptomator.common.mountpoint.InvalidMountPointException;
 import org.cryptomator.common.vaults.MountPointRequirement;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.common.vaults.VaultState;
 import org.cryptomator.common.vaults.Volume.VolumeException;
-import org.cryptomator.cryptolib.api.InvalidPassphraseException;
-import org.cryptomator.integrations.keychain.KeychainAccessException;
-import org.cryptomator.ui.common.Animations;
+import org.cryptomator.cryptolib.api.CryptoException;
+import org.cryptomator.cryptolib.api.MasterkeyLoadingFailedException;
 import org.cryptomator.ui.common.ErrorComponent;
 import org.cryptomator.ui.common.FxmlFile;
 import org.cryptomator.ui.common.FxmlScene;
-import org.cryptomator.ui.common.UserInteractionLock;
 import org.cryptomator.ui.common.VaultService;
-import org.cryptomator.ui.unlock.UnlockModule.PasswordEntry;
+import org.cryptomator.ui.keyloading.KeyLoadingComponent;
+import org.cryptomator.ui.keyloading.KeyLoadingStrategy;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.inject.Inject;
-import javax.inject.Named;
 import javafx.application.Platform;
 import javafx.concurrent.Task;
 import javafx.scene.Scene;
 import javafx.stage.Stage;
-import javafx.stage.Window;
 import java.io.IOException;
-import java.nio.CharBuffer;
 import java.nio.file.DirectoryNotEmptyException;
 import java.nio.file.FileAlreadyExistsException;
 import java.nio.file.NotDirectoryException;
-import java.util.Arrays;
-import java.util.Optional;
-import java.util.concurrent.atomic.AtomicBoolean;
-import java.util.concurrent.atomic.AtomicReference;
 
 /**
  * A multi-step task that consists of background activities as well as user interaction.
@@ -49,113 +40,47 @@ public class UnlockWorkflow extends Task<Boolean> {
 	private final Stage window;
 	private final Vault vault;
 	private final VaultService vaultService;
-	private final AtomicReference<char[]> password;
-	private final AtomicBoolean savePassword;
-	private final Optional<char[]> savedPassword;
-	private final UserInteractionLock<PasswordEntry> passwordEntryLock;
-	private final KeychainManager keychain;
-	private final Lazy<Scene> unlockScene;
 	private final Lazy<Scene> successScene;
 	private final Lazy<Scene> invalidMountPointScene;
 	private final ErrorComponent.Builder errorComponent;
+	private final KeyLoadingStrategy keyLoadingStrategy;
 
 	@Inject
-	UnlockWorkflow(@UnlockWindow Stage window, @UnlockWindow Vault vault, VaultService vaultService, AtomicReference<char[]> password, @Named("savePassword") AtomicBoolean savePassword, @Named("savedPassword") Optional<char[]> savedPassword, UserInteractionLock<PasswordEntry> passwordEntryLock, KeychainManager keychain, @FxmlScene(FxmlFile.UNLOCK) Lazy<Scene> unlockScene, @FxmlScene(FxmlFile.UNLOCK_SUCCESS) Lazy<Scene> successScene, @FxmlScene(FxmlFile.UNLOCK_INVALID_MOUNT_POINT) Lazy<Scene> invalidMountPointScene, ErrorComponent.Builder errorComponent) {
+	UnlockWorkflow(@UnlockWindow Stage window, @UnlockWindow Vault vault, VaultService vaultService, @FxmlScene(FxmlFile.UNLOCK_SUCCESS) Lazy<Scene> successScene, @FxmlScene(FxmlFile.UNLOCK_INVALID_MOUNT_POINT) Lazy<Scene> invalidMountPointScene, ErrorComponent.Builder errorComponent, @UnlockWindow KeyLoadingStrategy keyLoadingStrategy) {
 		this.window = window;
 		this.vault = vault;
 		this.vaultService = vaultService;
-		this.password = password;
-		this.savePassword = savePassword;
-		this.savedPassword = savedPassword;
-		this.passwordEntryLock = passwordEntryLock;
-		this.keychain = keychain;
-		this.unlockScene = unlockScene;
 		this.successScene = successScene;
 		this.invalidMountPointScene = invalidMountPointScene;
 		this.errorComponent = errorComponent;
-
-		setOnFailed(event -> {
-			Throwable throwable = event.getSource().getException();
-			if (throwable instanceof InvalidMountPointException e) {
-				handleInvalidMountPoint(e);
-			} else {
-				handleGenericError(throwable);
-			}
-		});
+		this.keyLoadingStrategy = keyLoadingStrategy;
 	}
 
 	@Override
-	protected Boolean call() throws InterruptedException, IOException, VolumeException, InvalidMountPointException {
+	protected Boolean call() throws InterruptedException, IOException, VolumeException, InvalidMountPointException, CryptoException {
 		try {
-			if (attemptUnlock()) {
-				handleSuccess();
-				return true;
+			attemptUnlock();
+			return true;
+		} catch (UnlockCancelledException e) {
+			cancel(false); // set Tasks state to cancelled
+			return false;
+		}
+	}
+
+	private void attemptUnlock() throws IOException, VolumeException, InvalidMountPointException, CryptoException {
+		boolean success = false;
+		try {
+			vault.unlock(keyLoadingStrategy);
+			success = true;
+		} catch (MasterkeyLoadingFailedException e) {
+			if (keyLoadingStrategy.recoverFromException(e)) {
+				LOG.info("Unlock attempt threw {}. Reattempting...", e.getClass().getSimpleName());
+				attemptUnlock();
 			} else {
-				cancel(false); // set Tasks state to cancelled
-				return false;
+				throw e;
 			}
 		} finally {
-			wipePassword(password.get());
-			wipePassword(savedPassword.orElse(null));
-		}
-	}
-
-	private boolean attemptUnlock() throws InterruptedException, IOException, VolumeException, InvalidMountPointException {
-		boolean proceed = password.get() != null || askForPassword(false) == PasswordEntry.PASSWORD_ENTERED;
-		while (proceed) {
-			try {
-				vault.unlock(CharBuffer.wrap(password.get()));
-				return true;
-			} catch (InvalidPassphraseException e) {
-				proceed = askForPassword(true) == PasswordEntry.PASSWORD_ENTERED;
-			}
-		}
-		return false;
-	}
-
-	private PasswordEntry askForPassword(boolean animateShake) throws InterruptedException {
-		Platform.runLater(() -> {
-			window.setScene(unlockScene.get());
-			window.show();
-			Window owner = window.getOwner();
-			if (owner != null) {
-				window.setX(owner.getX() + (owner.getWidth() - window.getWidth()) / 2);
-				window.setY(owner.getY() + (owner.getHeight() - window.getHeight()) / 2);
-			} else {
-				window.centerOnScreen();
-			}
-			if (animateShake) {
-				Animations.createShakeWindowAnimation(window).play();
-			}
-		});
-		return passwordEntryLock.awaitInteraction();
-	}
-
-	private void handleSuccess() {
-		LOG.info("Unlock of '{}' succeeded.", vault.getDisplayName());
-		if (savePassword.get()) {
-			savePasswordToSystemkeychain();
-		}
-		switch (vault.getVaultSettings().actionAfterUnlock().get()) {
-			case ASK -> Platform.runLater(() -> {
-				window.setScene(successScene.get());
-				window.show();
-			});
-			case REVEAL -> {
-				Platform.runLater(window::close);
-				vaultService.reveal(vault);
-			}
-			case IGNORE -> Platform.runLater(window::close);
-		}
-	}
-
-	private void savePasswordToSystemkeychain() {
-		if (keychain.isSupported()) {
-			try {
-				keychain.storePassphrase(vault.getId(), CharBuffer.wrap(password.get()));
-			} catch (KeychainAccessException e) {
-				LOG.error("Failed to store passphrase in system keychain.", e);
-			}
+			keyLoadingStrategy.cleanup(success);
 		}
 	}
 
@@ -173,15 +98,12 @@ public class UnlockWorkflow extends Task<Boolean> {
 				LOG.error("Unlock failed. Mountpoint doesn't exist (needs to be a folder): {}", cause.getMessage());
 			}
 			showInvalidMountPointScene();
-			return;
 		} else if (cause instanceof FileAlreadyExistsException) {
 			LOG.error("Unlock failed. Mountpoint already exists: {}", cause.getMessage());
 			showInvalidMountPointScene();
-			return;
 		} else if (cause instanceof DirectoryNotEmptyException) {
 			LOG.error("Unlock failed. Mountpoint not an empty directory: {}", cause.getMessage());
 			showInvalidMountPointScene();
-			return;
 		} else {
 			handleGenericError(impExc);
 		}
@@ -196,33 +118,44 @@ public class UnlockWorkflow extends Task<Boolean> {
 
 	private void handleGenericError(Throwable e) {
 		LOG.error("Unlock failed for technical reasons.", e);
-		errorComponent.cause(e).window(window).returnToScene(window.getScene()).build().showErrorScene();
-	}
-
-	private void wipePassword(char[] pw) {
-		if (pw != null) {
-			Arrays.fill(pw, ' ');
-		}
-	}
-
-	@Override
-	protected void scheduled() {
-		vault.setState(VaultState.PROCESSING);
+		errorComponent.cause(e).window(window).build().showErrorScene();
 	}
 
 	@Override
 	protected void succeeded() {
-		vault.setState(VaultState.UNLOCKED);
+		LOG.info("Unlock of '{}' succeeded.", vault.getDisplayName());
+
+		switch (vault.getVaultSettings().actionAfterUnlock().get()) {
+			case ASK -> Platform.runLater(() -> {
+				window.setScene(successScene.get());
+				window.show();
+			});
+			case REVEAL -> {
+				Platform.runLater(window::close);
+				vaultService.reveal(vault);
+			}
+			case IGNORE -> Platform.runLater(window::close);
+		}
+
+		vault.stateProperty().transition(VaultState.Value.PROCESSING, VaultState.Value.UNLOCKED);
 	}
 
 	@Override
 	protected void failed() {
-		vault.setState(VaultState.LOCKED);
+		LOG.info("Unlock of '{}' failed.", vault.getDisplayName());
+		Throwable throwable = super.getException();
+		if (throwable instanceof InvalidMountPointException e) {
+			handleInvalidMountPoint(e);
+		} else {
+			handleGenericError(throwable);
+		}
+		vault.stateProperty().transition(VaultState.Value.PROCESSING, VaultState.Value.LOCKED);
 	}
 
 	@Override
 	protected void cancelled() {
-		vault.setState(VaultState.LOCKED);
+		LOG.debug("Unlock of '{}' canceled.", vault.getDisplayName());
+		vault.stateProperty().transition(VaultState.Value.PROCESSING, VaultState.Value.LOCKED);
 	}
 
 }
diff --git a/main/ui/src/main/java/org/cryptomator/ui/vaultoptions/GeneralVaultOptionsController.java b/main/ui/src/main/java/org/cryptomator/ui/vaultoptions/GeneralVaultOptionsController.java
index e860ee811..79d3b53ad 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/vaultoptions/GeneralVaultOptionsController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/vaultoptions/GeneralVaultOptionsController.java
@@ -3,6 +3,7 @@ package org.cryptomator.ui.vaultoptions;
 import org.cryptomator.common.settings.WhenUnlocked;
 import org.cryptomator.common.vaults.Vault;
 import org.cryptomator.ui.common.FxController;
+import org.cryptomator.ui.health.HealthCheckComponent;
 
 import javax.inject.Inject;
 import javafx.beans.Observable;
@@ -22,6 +23,7 @@ public class GeneralVaultOptionsController implements FxController {
 
 	private final Stage window;
 	private final Vault vault;
+	private final HealthCheckComponent.Builder healthCheckWindow;
 	private final ResourceBundle resourceBundle;
 
 	public TextField vaultName;
@@ -29,9 +31,10 @@ public class GeneralVaultOptionsController implements FxController {
 	public ChoiceBox<WhenUnlocked> actionAfterUnlockChoiceBox;
 
 	@Inject
-	GeneralVaultOptionsController(@VaultOptionsWindow Stage window, @VaultOptionsWindow Vault vault, ResourceBundle resourceBundle) {
+	GeneralVaultOptionsController(@VaultOptionsWindow Stage window, @VaultOptionsWindow Vault vault, HealthCheckComponent.Builder healthCheckWindow, ResourceBundle resourceBundle) {
 		this.window = window;
 		this.vault = vault;
+		this.healthCheckWindow = healthCheckWindow;
 		this.resourceBundle = resourceBundle;
 	}
 
@@ -61,6 +64,12 @@ public class GeneralVaultOptionsController implements FxController {
 		}
 	}
 
+	@FXML
+	public void showHealthCheck() {
+		healthCheckWindow.vault(vault).build().showHealthCheckWindow();
+	}
+
+
 	private static class WhenUnlockedConverter extends StringConverter<WhenUnlocked> {
 
 		private final ResourceBundle resourceBundle;
diff --git a/main/ui/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java b/main/ui/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
index ee38e1f18..fb9d6b711 100644
--- a/main/ui/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/vaultoptions/MasterkeyOptionsController.java
@@ -36,7 +36,7 @@ public class MasterkeyOptionsController implements FxController {
 		this.changePasswordWindow = changePasswordWindow;
 		this.recoveryKeyWindow = recoveryKeyWindow;
 		this.keychain = keychain;
-		if (keychain.isSupported()) {
+		if (keychain.isSupported() && !keychain.isLocked()) {
 			this.passwordSaved = Bindings.createBooleanBinding(this::isPasswordSaved, keychain.getPassphraseStoredProperty(vault.getId()));
 		} else {
 			this.passwordSaved = new SimpleBooleanProperty(false);
@@ -74,7 +74,7 @@ public class MasterkeyOptionsController implements FxController {
 	}
 
 	public boolean isPasswordSaved() {
-		if (keychain.isSupported() && vault != null) {
+		if (keychain.isSupported() && !keychain.isLocked() && vault != null) {
 			return keychain.getPassphraseStoredProperty(vault.getId()).get();
 		} else return false;
 	}
diff --git a/main/ui/src/main/resources/fxml/addvault_new_location.fxml b/main/ui/src/main/resources/fxml/addvault_new_location.fxml
index 66b34ff95..3c25ba569 100644
--- a/main/ui/src/main/resources/fxml/addvault_new_location.fxml
+++ b/main/ui/src/main/resources/fxml/addvault_new_location.fxml
@@ -20,6 +20,8 @@
 	  alignment="CENTER_LEFT">
 	<fx:define>
 		<ToggleGroup fx:id="predefinedLocationToggler"/>
+		<FontAwesome5IconView fx:id="badLocation" styleClass="glyph-icon-red" glyph="TIMES" />
+		<FontAwesome5IconView fx:id="goodLocation" styleClass="glyph-icon-primary" glyph="CHECK" />
 	</fx:define>
 	<padding>
 		<Insets topRightBottomLeft="24"/>
@@ -33,6 +35,8 @@
 			<RadioButton fx:id="dropboxRadioButton" toggleGroup="${predefinedLocationToggler}" text="Dropbox" visible="${controller.locationPresets.foundDropbox}" managed="${controller.locationPresets.foundDropbox}"/>
 			<RadioButton fx:id="gdriveRadioButton" toggleGroup="${predefinedLocationToggler}" text="Google Drive" visible="${controller.locationPresets.foundGdrive}" managed="${controller.locationPresets.foundGdrive}"/>
 			<RadioButton fx:id="onedriveRadioButton" toggleGroup="${predefinedLocationToggler}" text="OneDrive" visible="${controller.locationPresets.foundOnedrive}" managed="${controller.locationPresets.foundOnedrive}"/>
+			<RadioButton fx:id="megaRadioButton" toggleGroup="${predefinedLocationToggler}" text="MEGA" visible="${controller.locationPresets.foundMega}" managed="${controller.locationPresets.foundMega}"/>
+			<RadioButton fx:id="pcloudRadioButton" toggleGroup="${predefinedLocationToggler}" text="pCloud" visible="${controller.locationPresets.foundPcloud}" managed="${controller.locationPresets.foundPcloud}"/>
 			<HBox spacing="12" alignment="CENTER_LEFT">
 				<RadioButton fx:id="customRadioButton" toggleGroup="${predefinedLocationToggler}" text="%addvaultwizard.new.directoryPickerLabel"/>
 				<Button contentDisplay="LEFT" text="%addvaultwizard.new.directoryPickerButton" onAction="#chooseCustomVaultPath" disable="${controller.usePresetPath}">
@@ -47,12 +51,8 @@
 
 		<VBox spacing="6">
 			<Label text="%addvaultwizard.new.locationLabel" labelFor="$locationTextField"/>
-			<TextField fx:id="locationTextField" promptText="%addvaultwizard.new.locationPrompt" text="${controller.vaultPath}" disable="true" HBox.hgrow="ALWAYS"/>
-			<Label text="${controller.warningText}" wrapText="true" visible="${controller.showWarning}">
-				<graphic>
-					<FontAwesome5IconView glyph="EXCLAMATION_TRIANGLE"/>
-				</graphic>
-			</Label>
+			<TextField promptText="%addvaultwizard.new.locationPrompt" text="${controller.vaultPath}" editable="false" disable="${!controller.anyRadioButtonSelected}" HBox.hgrow="ALWAYS"/>
+			<Label fx:id="vaultPathStatus" styleClass="label-muted" alignment="CENTER_RIGHT" wrapText="true" visible="${controller.anyRadioButtonSelected}" maxWidth="Infinity" graphicTextGap="6" text="${controller.statusText}" graphic="${controller.statusGraphic}" />
 		</VBox>
 
 		<Region VBox.vgrow="ALWAYS"/>
diff --git a/main/ui/src/main/resources/fxml/addvault_new_password.fxml b/main/ui/src/main/resources/fxml/addvault_new_password.fxml
index 7b87bd636..4b62f9b78 100644
--- a/main/ui/src/main/resources/fxml/addvault_new_password.fxml
+++ b/main/ui/src/main/resources/fxml/addvault_new_password.fxml
@@ -23,7 +23,7 @@
 		<Insets topRightBottomLeft="24"/>
 	</padding>
 	<children>
-		<fx:include source="/fxml/new_password.fxml"/>
+		<fx:include fx:id="newPasswordScene" source="/fxml/new_password.fxml"/>
 
 		<Region VBox.vgrow="ALWAYS"/>
 
diff --git a/main/ui/src/main/resources/fxml/changepassword.fxml b/main/ui/src/main/resources/fxml/changepassword.fxml
index 5e8727574..3f077df5d 100644
--- a/main/ui/src/main/resources/fxml/changepassword.fxml
+++ b/main/ui/src/main/resources/fxml/changepassword.fxml
@@ -25,7 +25,7 @@
 
 		<Region prefHeight="12" VBox.vgrow="NEVER"/>
 
-		<fx:include source="/fxml/new_password.fxml"/>
+		<fx:include fx:id="newPassword" source="/fxml/new_password.fxml"/>
 
 		<CheckBox fx:id="finalConfirmationCheckbox" text="%changepassword.finalConfirmation" wrapText="true"/>
 
diff --git a/main/ui/src/main/resources/fxml/health_check_details.fxml b/main/ui/src/main/resources/fxml/health_check_details.fxml
new file mode 100644
index 000000000..51d9b22ae
--- /dev/null
+++ b/main/ui/src/main/resources/fxml/health_check_details.fxml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<?import org.cryptomator.ui.controls.FormattedLabel?>
+<?import javafx.scene.control.Label?>
+<?import javafx.scene.control.ListView?>
+<?import javafx.scene.layout.VBox?>
+<VBox xmlns:fx="http://javafx.com/fxml"
+	  xmlns="http://javafx.com/javafx"
+	  fx:controller="org.cryptomator.ui.health.CheckDetailController"
+	  prefWidth="500"
+	  spacing="6">
+	<FormattedLabel fx:id="checkTitle" styleClass="label-large" format="%health.check.detail.header" arg1="${controller.taskName}"/>
+
+	<Label text="%health.check.detail.taskNotStarted" visible="${controller.taskNotStarted}" managed="${controller.taskNotStarted}"/>
+	<Label text="%health.check.detail.taskRunning" visible="${controller.taskRunning}" managed="${controller.taskRunning}"/>
+	<Label text="%health.check.detail.taskScheduled" visible="${controller.taskScheduled}" managed="${controller.taskScheduled}"/>
+	<Label text="%health.check.detail.taskCancelled" visible="${controller.taskCancelled}" managed="${controller.taskCancelled}"/>
+	<Label text="%health.check.detail.taskFailed" visible="${controller.taskFailed}" managed="${controller.taskFailed}"/>
+	<FormattedLabel styleClass="label" format="%health.check.detail.taskSucceeded" arg1="${controller.taskDuration}" visible="${controller.taskSucceeded}" managed="${controller.taskSucceeded}"/>
+
+	<FormattedLabel styleClass="label" format="%health.check.detail.problemCount" arg1="${controller.countOfWarnSeverity}" arg2="${controller.countOfCritSeverity}" visible="${!controller.taskNotStarted}"
+					 managed="${!controller.taskNotStarted}"	/>
+	<ListView fx:id="resultsListView" VBox.vgrow="ALWAYS"/>
+</VBox>
\ No newline at end of file
diff --git a/main/ui/src/main/resources/fxml/health_check_list.fxml b/main/ui/src/main/resources/fxml/health_check_list.fxml
new file mode 100644
index 000000000..a3a9c2f93
--- /dev/null
+++ b/main/ui/src/main/resources/fxml/health_check_list.fxml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<?import javafx.geometry.Insets?>
+<?import javafx.scene.control.Button?>
+<?import javafx.scene.control.ButtonBar?>
+<?import javafx.scene.control.Label?>
+<?import javafx.scene.control.ListView?>
+<?import javafx.scene.layout.HBox?>
+<?import javafx.scene.layout.VBox?>
+<?import java.lang.Integer?>
+<?import javafx.scene.layout.StackPane?>
+<?import javafx.scene.control.CheckBox?>
+<VBox xmlns:fx="http://javafx.com/fxml"
+	  xmlns="http://javafx.com/javafx"
+	  fx:controller="org.cryptomator.ui.health.CheckListController"
+	  minHeight="145"
+	  spacing="12">
+	<padding>
+		<Insets topRightBottomLeft="12"/>
+	</padding>
+	<fx:define>
+		<Integer fx:id="ZERO" fx:value="0"/>
+	</fx:define>
+	<children>
+		<HBox spacing="12" VBox.vgrow="ALWAYS">
+			<VBox minWidth="80" maxWidth="200" spacing="6" HBox.hgrow="ALWAYS" >
+				<Label fx:id="listHeading" text="%health.checkList.header"/>
+				<CheckBox onAction="#toggleSelectAll" text="%health.checkList.selectAllBox" visible="${!controller.showResultScreen}" managed="${!controller.showResultScreen}" />
+				<ListView fx:id="checksListView" VBox.vgrow="ALWAYS"/>
+			</VBox>
+			<StackPane visible="${controller.showResultScreen}" managed="${controller.showResultScreen}" HBox.hgrow="ALWAYS" >
+				<VBox minWidth="300" alignment="CENTER" visible="${!controller.anyCheckSelected}" managed="${!controller.anyCheckSelected}" >
+					<Label text="%health.check.detail.noSelectedCheck" wrapText="true" alignment="CENTER" />
+				</VBox>
+				<fx:include  source="/fxml/health_check_details.fxml" visible="${controller.anyCheckSelected}" managed="${controller.anyCheckSelected}" />
+			</StackPane>
+		</HBox>
+		<ButtonBar buttonMinWidth="120" buttonOrder="+CX">
+			<buttons>
+				<Button text="%generic.button.cancel" ButtonBar.buttonData="CANCEL_CLOSE" onAction="#cancelCheck" disable="${!controller.running}" visible="${controller.showResultScreen}" managed="${controller.showResultScreen}" />
+				<Button text="%health.check.exportBtn" ButtonBar.buttonData="NEXT_FORWARD" defaultButton="true" disable="${!controller.finished}" visible="${controller.showResultScreen}" managed="${controller.showResultScreen}" onAction="#exportResults"/>
+				<Button text="%health.check.runBatchBtn" ButtonBar.buttonData="NEXT_FORWARD" defaultButton="true" onAction="#runSelectedChecks" disable="${controller.numberOfPickedChecks == ZERO}" visible="${!controller.showResultScreen}" managed="${!controller.showResultScreen}"/>
+			</buttons>
+		</ButtonBar>
+	</children>
+</VBox>
diff --git a/main/ui/src/main/resources/fxml/health_result_listcell.fxml b/main/ui/src/main/resources/fxml/health_result_listcell.fxml
new file mode 100644
index 000000000..6e30dd0ec
--- /dev/null
+++ b/main/ui/src/main/resources/fxml/health_result_listcell.fxml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<?import org.cryptomator.ui.controls.FontAwesome5IconView?>
+<?import javafx.geometry.Insets?>
+<?import javafx.scene.control.Button?>
+<?import javafx.scene.control.Label?>
+<?import javafx.scene.layout.HBox?>
+<?import javafx.scene.layout.Region?>
+<HBox xmlns:fx="http://javafx.com/fxml"
+	  xmlns="http://javafx.com/javafx"
+	  fx:controller="org.cryptomator.ui.health.ResultListCellController"
+	  prefHeight="25"
+	  prefWidth="200"
+	  spacing="6"
+	  alignment="CENTER_LEFT">
+	<!-- Remark: Check the containing list view for a fixed cell size before editing height properties -->
+	<padding>
+		<Insets topRightBottomLeft="6"/>
+	</padding>
+	<children>
+		<FontAwesome5IconView fx:id="iconView" HBox.hgrow="NEVER" glyphSize="16"/>
+		<Label text="${controller.description}"/>
+		<Region HBox.hgrow="ALWAYS"/>
+		<!-- TODO: setting the minWidth of the button is just a workaround.
+		           What we actually want to do is to prevent shrinking the button more than the text
+		           -> own subclass of HBox is needed -->
+		<Button fx:id="actionButton" text="%health.check.fixBtn" onAction="#runResultAction" alignment="CENTER" visible="false" minWidth="-Infinity"/>
+	</children>
+</HBox>
diff --git a/main/ui/src/main/resources/fxml/health_start.fxml b/main/ui/src/main/resources/fxml/health_start.fxml
new file mode 100644
index 000000000..79d946884
--- /dev/null
+++ b/main/ui/src/main/resources/fxml/health_start.fxml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<?import org.cryptomator.ui.controls.FontAwesome5IconView?>
+<?import javafx.geometry.Insets?>
+<?import javafx.scene.control.Button?>
+<?import javafx.scene.control.ButtonBar?>
+<?import javafx.scene.control.Label?>
+<?import javafx.scene.layout.VBox?>
+<VBox xmlns:fx="http://javafx.com/fxml"
+	  xmlns="http://javafx.com/javafx"
+	  fx:controller="org.cryptomator.ui.health.StartController"
+	  minWidth="400"
+	  maxWidth="400"
+	  minHeight="145"
+	  spacing="12">
+	<padding>
+		<Insets topRightBottomLeft="12"/>
+	</padding>
+	<children>
+		<Label text="%health.start.introduction" wrapText="true"/>
+
+		<!-- TODO: combine the two below labels to one and bind the properties accordingly or, preferably think about a new flow -->
+		<Label text="%health.start.configInvalid" visible="${controller.invalidConfig}" managed="${controller.invalidConfig}" wrapText="true" contentDisplay="LEFT">
+			<graphic>
+				<FontAwesome5IconView glyph="TIMES" styleClass="glyph-icon-red" />
+			</graphic>
+		</Label>
+		<Label text="%health.start.configValid" visible="${!controller.invalidConfig}" managed="${!controller.invalidConfig}" wrapText="true" contentDisplay="LEFT">
+			<graphic>
+				<FontAwesome5IconView glyph="CHECK" styleClass="glyph-icon-primary" />
+			</graphic>
+		</Label>
+		<ButtonBar buttonMinWidth="120" buttonOrder="+CX">
+			<buttons>
+				<Button text="%generic.button.cancel" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
+				<Button text="%generic.button.next" ButtonBar.buttonData="NEXT_FORWARD" disable="${controller.invalidConfig}" defaultButton="true" onAction="#next"/>
+			</buttons>
+		</ButtonBar>
+	</children>
+</VBox>
diff --git a/main/ui/src/main/resources/fxml/preferences.fxml b/main/ui/src/main/resources/fxml/preferences.fxml
index c0cd2b6c7..643b31176 100644
--- a/main/ui/src/main/resources/fxml/preferences.fxml
+++ b/main/ui/src/main/resources/fxml/preferences.fxml
@@ -38,12 +38,12 @@
 				<fx:include source="/fxml/preferences_updates.fxml"/>
 			</content>
 		</Tab>
-		<Tab fx:id="donationKeyTab" id="DONATION_KEY" text="%preferences.donationKey">
+		<Tab fx:id="contributeTab" id="CONTRIBUTE" text="%preferences.contribute">
 			<graphic>
 				<FontAwesome5IconView glyph="HEART"/>
 			</graphic>
 			<content>
-				<fx:include source="/fxml/preferences_donationkey.fxml"/>
+				<fx:include source="/fxml/preferences_contribute.fxml"/>
 			</content>
 		</Tab>
 		<Tab fx:id="aboutTab" id="ABOUT" text="%preferences.about">
diff --git a/main/ui/src/main/resources/fxml/preferences_donationkey.fxml b/main/ui/src/main/resources/fxml/preferences_contribute.fxml
similarity index 72%
rename from main/ui/src/main/resources/fxml/preferences_donationkey.fxml
rename to main/ui/src/main/resources/fxml/preferences_contribute.fxml
index 087d9da26..bfe91d0eb 100644
--- a/main/ui/src/main/resources/fxml/preferences_donationkey.fxml
+++ b/main/ui/src/main/resources/fxml/preferences_contribute.fxml
@@ -12,7 +12,7 @@
 <?import javafx.scene.shape.Circle?>
 <VBox xmlns:fx="http://javafx.com/fxml"
 	  xmlns="http://javafx.com/javafx"
-	  fx:controller="org.cryptomator.ui.preferences.DonationKeyPreferencesController"
+	  fx:controller="org.cryptomator.ui.preferences.SupporterCertificateController"
 	  spacing="18">
 	<padding>
 		<Insets topRightBottomLeft="12"/>
@@ -24,7 +24,7 @@
 					<Circle styleClass="glyph-icon-primary" radius="24"/>
 					<FontAwesome5IconView styleClass="glyph-icon-white" glyph="CROWN" glyphSize="24"/>
 				</StackPane>
-				<FormattedLabel format="%preferences.donationKey.registeredFor" arg1="${controller.licenseHolder.licenseSubject}" wrapText="true"/>
+				<FormattedLabel format="%preferences.contribute.registeredFor" arg1="${controller.licenseHolder.licenseSubject}" wrapText="true"/>
 			</HBox>
 
 			<HBox spacing="12" alignment="CENTER_LEFT" visible="${!controller.licenseHolder.validLicense}">
@@ -33,8 +33,8 @@
 					<FontAwesome5IconView styleClass="glyph-icon-white" glyph="HAND_HOLDING_HEART" glyphSize="24"/>
 				</StackPane>
 				<VBox HBox.hgrow="ALWAYS" spacing="6">
-					<Label text="%preferences.donationKey.noDonationKey" wrapText="true" VBox.vgrow="ALWAYS"/>
-					<Hyperlink text="%preferences.donationKey.getDonationKey" onAction="#getDonationKey" contentDisplay="LEFT">
+					<Label text="%preferences.contribute.noCertificate" wrapText="true" VBox.vgrow="ALWAYS"/>
+					<Hyperlink text="%preferences.contribute.getCertificate" onAction="#getSupporterCertificate" contentDisplay="LEFT">
 						<graphic>
 							<FontAwesome5IconView glyph="LINK"/>
 						</graphic>
@@ -43,6 +43,6 @@
 			</HBox>
 		</StackPane>
 
-		<TextArea fx:id="donationKeyField" wrapText="true" VBox.vgrow="ALWAYS" prefRowCount="6"/>
+		<TextArea fx:id="supporterCertificateField" promptText="%preferences.contribute.promptText" wrapText="true" VBox.vgrow="ALWAYS" prefRowCount="6"/>
 	</children>
 </VBox>
diff --git a/main/ui/src/main/resources/fxml/preferences_general.fxml b/main/ui/src/main/resources/fxml/preferences_general.fxml
index c167e392c..ea087b9e3 100644
--- a/main/ui/src/main/resources/fxml/preferences_general.fxml
+++ b/main/ui/src/main/resources/fxml/preferences_general.fxml
@@ -23,7 +23,7 @@
 		<HBox spacing="6" alignment="CENTER_LEFT">
 			<Label text="%preferences.general.theme"/>
 			<ChoiceBox fx:id="themeChoiceBox" disable="${!controller.licenseHolder.validLicense}"/>
-			<Hyperlink styleClass="hyperlink-underline,hyperlink-muted" text="%preferences.general.unlockThemes" onAction="#showDonationTab" visible="${!controller.licenseHolder.validLicense}" managed="${!controller.licenseHolder.validLicense}"/>
+			<Hyperlink styleClass="hyperlink-underline,hyperlink-muted" text="%preferences.general.unlockThemes" onAction="#showContributeTab" visible="${!controller.licenseHolder.validLicense}" managed="${!controller.licenseHolder.validLicense}"/>
 		</HBox>
 
 		<HBox spacing="6" alignment="CENTER_LEFT">
diff --git a/main/ui/src/main/resources/fxml/recoverykey_reset_password.fxml b/main/ui/src/main/resources/fxml/recoverykey_reset_password.fxml
index 30487c330..085554965 100644
--- a/main/ui/src/main/resources/fxml/recoverykey_reset_password.fxml
+++ b/main/ui/src/main/resources/fxml/recoverykey_reset_password.fxml
@@ -17,7 +17,7 @@
 		<Insets topRightBottomLeft="12"/>
 	</padding>
 	<children>
-		<fx:include source="/fxml/new_password.fxml"/>
+		<fx:include fx:id="newPassword" source="/fxml/new_password.fxml"/>
 
 		<Region VBox.vgrow="ALWAYS"/>
 
@@ -25,7 +25,7 @@
 			<ButtonBar buttonMinWidth="120" buttonOrder="B+I">
 				<buttons>
 					<Button text="%generic.button.back" ButtonBar.buttonData="BACK_PREVIOUS" cancelButton="true" onAction="#back"/>
-					<Button text="%generic.button.done" ButtonBar.buttonData="FINISH" defaultButton="true" onAction="#done" disable="${controller.invalidNewPassword}"/>
+					<Button text="%generic.button.done" ButtonBar.buttonData="FINISH" defaultButton="true" onAction="#done" disable="${!controller.validPassword}"/>
 				</buttons>
 			</ButtonBar>
 		</VBox>
diff --git a/main/ui/src/main/resources/fxml/unlock.fxml b/main/ui/src/main/resources/fxml/unlock_enter_password.fxml
similarity index 97%
rename from main/ui/src/main/resources/fxml/unlock.fxml
rename to main/ui/src/main/resources/fxml/unlock_enter_password.fxml
index 54adc5279..5fb55dd01 100644
--- a/main/ui/src/main/resources/fxml/unlock.fxml
+++ b/main/ui/src/main/resources/fxml/unlock_enter_password.fxml
@@ -14,7 +14,7 @@
 <?import javafx.scene.layout.VBox?>
 <VBox xmlns:fx="http://javafx.com/fxml"
 	  xmlns="http://javafx.com/javafx"
-	  fx:controller="org.cryptomator.ui.unlock.UnlockController"
+	  fx:controller="org.cryptomator.ui.keyloading.masterkeyfile.PassphraseEntryController"
 	  minWidth="400"
 	  maxWidth="400"
 	  minHeight="145"
diff --git a/main/ui/src/main/resources/fxml/unlock_invalid_mount_point.fxml b/main/ui/src/main/resources/fxml/unlock_invalid_mount_point.fxml
index 42ef788eb..253ff5704 100644
--- a/main/ui/src/main/resources/fxml/unlock_invalid_mount_point.fxml
+++ b/main/ui/src/main/resources/fxml/unlock_invalid_mount_point.fxml
@@ -37,10 +37,10 @@
 		<Region VBox.vgrow="ALWAYS"/>
 
 		<VBox alignment="BOTTOM_CENTER" VBox.vgrow="ALWAYS">
-			<ButtonBar buttonMinWidth="120" buttonOrder="B+U">
+			<ButtonBar buttonMinWidth="120" buttonOrder="U+C">
 				<buttons>
-					<Button text="%generic.button.back" ButtonBar.buttonData="BACK_PREVIOUS" cancelButton="true" onAction="#back"/>
 					<Region ButtonBar.buttonData="OTHER"/>
+					<Button text="%generic.button.back" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#close"/>
 				</buttons>
 			</ButtonBar>
 		</VBox>
diff --git a/main/ui/src/main/resources/fxml/unlock_select_masterkeyfile.fxml b/main/ui/src/main/resources/fxml/unlock_select_masterkeyfile.fxml
new file mode 100644
index 000000000..b6539f88f
--- /dev/null
+++ b/main/ui/src/main/resources/fxml/unlock_select_masterkeyfile.fxml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<?import org.cryptomator.ui.controls.FontAwesome5IconView?>
+<?import javafx.geometry.Insets?>
+<?import javafx.scene.control.Button?>
+<?import javafx.scene.control.ButtonBar?>
+<?import javafx.scene.control.Label?>
+<?import javafx.scene.layout.HBox?>
+<?import javafx.scene.layout.StackPane?>
+<?import javafx.scene.layout.VBox?>
+<?import javafx.scene.shape.Circle?>
+<VBox xmlns:fx="http://javafx.com/fxml"
+	  xmlns="http://javafx.com/javafx"
+	  fx:controller="org.cryptomator.ui.keyloading.masterkeyfile.SelectMasterkeyFileController"
+	  minWidth="400"
+	  maxWidth="400"
+	  minHeight="145"
+	  spacing="12">
+	<padding>
+		<Insets topRightBottomLeft="12"/>
+	</padding>
+	<children>
+		<HBox spacing="12" alignment="CENTER_LEFT" VBox.vgrow="ALWAYS">
+			<StackPane alignment="CENTER" HBox.hgrow="NEVER">
+				<Circle styleClass="glyph-icon-primary" radius="24"/>
+				<FontAwesome5IconView styleClass="glyph-icon-white" glyph="FILE" glyphSize="24"/>
+			</StackPane>
+			<VBox spacing="6">
+				<Label text="%unlock.chooseMasterkey.prompt" wrapText="true" HBox.hgrow="ALWAYS"/>
+			</VBox>
+		</HBox>
+
+		<VBox alignment="BOTTOM_CENTER" VBox.vgrow="ALWAYS">
+			<ButtonBar buttonMinWidth="120" buttonOrder="+CX">
+				<buttons>
+					<Button text="%generic.button.cancel" ButtonBar.buttonData="CANCEL_CLOSE" cancelButton="true" onAction="#cancel"/>
+					<Button text="%generic.button.next" ButtonBar.buttonData="NEXT_FORWARD" defaultButton="true" onAction="#proceed"/>
+				</buttons>
+			</ButtonBar>
+		</VBox>
+	</children>
+</VBox>
diff --git a/main/ui/src/main/resources/fxml/vault_list.fxml b/main/ui/src/main/resources/fxml/vault_list.fxml
index 942074639..f01aa710c 100644
--- a/main/ui/src/main/resources/fxml/vault_list.fxml
+++ b/main/ui/src/main/resources/fxml/vault_list.fxml
@@ -2,10 +2,8 @@
 
 <?import org.cryptomator.ui.controls.FontAwesome5IconView?>
 <?import javafx.scene.control.Button?>
-<?import javafx.scene.control.ContextMenu?>
 <?import javafx.scene.control.Label?>
 <?import javafx.scene.control.ListView?>
-<?import javafx.scene.control.MenuItem?>
 <?import javafx.scene.layout.Region?>
 <?import javafx.scene.layout.StackPane?>
 <?import javafx.scene.layout.VBox?>
@@ -15,13 +13,9 @@
 	  fx:controller="org.cryptomator.ui.mainwindow.VaultListController"
 	  minWidth="206">
 	<StackPane VBox.vgrow="ALWAYS">
-		<ListView fx:id="vaultList" editable="true">
+		<ListView fx:id="vaultList" editable="true" fixedCellSize="60">
 			<contextMenu>
-				<ContextMenu>
-					<items>
-						<MenuItem text="%main.vaultlist.contextMenu.remove" onAction="#didClickRemoveVault" disable="${controller.noVaultSelected}"/>
-					</items>
-				</ContextMenu>
+				<fx:include source="vault_list_contextmenu.fxml"/>
 			</contextMenu>
 		</ListView>
 		<VBox visible="${controller.emptyVaultList}" spacing="6" alignment="CENTER">
diff --git a/main/ui/src/main/resources/fxml/vault_list_cell.fxml b/main/ui/src/main/resources/fxml/vault_list_cell.fxml
index e86f084c1..ce8664639 100644
--- a/main/ui/src/main/resources/fxml/vault_list_cell.fxml
+++ b/main/ui/src/main/resources/fxml/vault_list_cell.fxml
@@ -13,6 +13,7 @@
 	  prefWidth="200"
 	  spacing="12"
 	  alignment="CENTER_LEFT">
+	<!-- Remark Check the containing list view for a fixed cell size before editing height properties -->
 	<padding>
 		<Insets topRightBottomLeft="12"/>
 	</padding>
diff --git a/main/ui/src/main/resources/fxml/vault_list_contextmenu.fxml b/main/ui/src/main/resources/fxml/vault_list_contextmenu.fxml
new file mode 100644
index 000000000..bd8f19204
--- /dev/null
+++ b/main/ui/src/main/resources/fxml/vault_list_contextmenu.fxml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<?import javafx.scene.control.ContextMenu?>
+<?import javafx.scene.control.MenuItem?>
+<ContextMenu xmlns:fx="http://javafx.com/fxml"
+			 xmlns="http://javafx.com/javafx"
+			 fx:controller="org.cryptomator.ui.mainwindow.VaultListContextMenuController">
+	<items>
+		<MenuItem fx:id="revealEntry" text="%main.vaultlist.contextMenu.reveal" onAction="#didClickRevealVault" visible="${controller.selectedVaultLockable}"/>
+		<MenuItem fx:id="lockEntry" text="%main.vaultlist.contextMenu.lock" onAction="#didClickLockVault" visible="${controller.selectedVaultLockable}"/>
+		<MenuItem fx:id="unlockEntry" text="%main.vaultlist.contextMenu.unlock" onAction="#didClickUnlockVault" visible="${controller.selectedVaultUnlockable &amp;&amp; !controller.selectedVaultPassphraseStored}"/>
+		<MenuItem fx:id="unlockNowEntry" text="%main.vaultlist.contextMenu.unlockNow" onAction="#didClickUnlockVault" visible="${controller.selectedVaultUnlockable &amp;&amp; controller.selectedVaultPassphraseStored}"/>
+		<MenuItem fx:id="optionsEntry" text="%main.vaultlist.contextMenu.vaultoptions" onAction="#didClickShowVaultOptions" disable="${!controller.selectedVaultUnlockable}"/>
+		<MenuItem fx:id="removeEntry" text="%main.vaultlist.contextMenu.remove" onAction="#didClickRemoveVault" disable="${!controller.selectedVaultRemovable}"/>
+	</items>
+</ContextMenu>
diff --git a/main/ui/src/main/resources/fxml/vault_options_general.fxml b/main/ui/src/main/resources/fxml/vault_options_general.fxml
index 1fd251ea0..dce834c95 100644
--- a/main/ui/src/main/resources/fxml/vault_options_general.fxml
+++ b/main/ui/src/main/resources/fxml/vault_options_general.fxml
@@ -7,6 +7,7 @@
 <?import javafx.scene.control.TextField?>
 <?import javafx.scene.layout.HBox?>
 <?import javafx.scene.layout.VBox?>
+<?import javafx.scene.control.Button?>
 <VBox xmlns:fx="http://javafx.com/fxml"
 	  xmlns="http://javafx.com/javafx"
 	  fx:controller="org.cryptomator.ui.vaultoptions.GeneralVaultOptionsController"
@@ -26,5 +27,6 @@
 			<Label text="%vaultOptions.general.actionAfterUnlock"/>
 			<ChoiceBox fx:id="actionAfterUnlockChoiceBox"/>
 		</HBox>
+		<Button text="%vaultOptions.general.healthBtn" onAction="#showHealthCheck"/>
 	</children>
 </VBox>
diff --git a/main/ui/src/main/resources/i18n/strings.properties b/main/ui/src/main/resources/i18n/strings.properties
index d429d29b5..552131181 100644
--- a/main/ui/src/main/resources/i18n/strings.properties
+++ b/main/ui/src/main/resources/i18n/strings.properties
@@ -45,8 +45,10 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=Custom Location
 addvaultwizard.new.directoryPickerButton=Choose…
 addvaultwizard.new.directoryPickerTitle=Select Directory
-addvaultwizard.new.fileAlreadyExists=Vault can not be created at this path because some object already exists.
-addvaultwizard.new.locationDoesNotExist=Vault can not be created at this path because at least one path component does not exist.
+addvaultwizard.new.fileAlreadyExists=A file or directory with the vault name already exists
+addvaultwizard.new.locationDoesNotExist=A directory in the specified path does not exist or cannot be accessed
+addvaultwizard.new.locationIsNotWritable=No write access at the specified path
+addvaultwizard.new.locationIsOk=Suitable location for your vault
 addvaultwizard.new.invalidName=Invalid vault name. Please consider a regular directory name.
 ### Password
 addvaultwizard.new.createVaultBtn=Create Vault
@@ -98,10 +100,13 @@ unlock.title=Unlock Vault
 unlock.passwordPrompt=Enter password for "%s":
 unlock.savePassword=Remember Password
 unlock.unlockBtn=Unlock
+##
+unlock.chooseMasterkey.prompt=Could not find the masterkey file for this vault at its expected location. Please choose the key file manually.
+unlock.chooseMasterkey.filePickerTitle=Select Masterkey File
 ## Success
-unlock.success.message=Unlocked "%s" successfully! Your vault is now accessible.
+unlock.success.message=Unlocked "%s" successfully! Your vault is now accessible via its virtual drive.
 unlock.success.rememberChoice=Remember choice, don't show this again
-unlock.success.revealBtn=Reveal Vault
+unlock.success.revealBtn=Reveal Drive
 ## Failure
 unlock.error.heading=Unable to unlock vault
 ### Invalid Mount Point
@@ -141,6 +146,29 @@ migration.impossible.heading=Unable to migrate vault
 migration.impossible.reason=The vault cannot be automatically migrated because its storage location or access point is not compatible.
 migration.impossible.moreInfo=The vault can still be opened with an older version. For instructions on how to manually migrate a vault, visit
 
+# Health Check
+health.title=Vault Health Check
+health.start.introduction=The Vault Health Check is a collection of checks to detect and possilby fix problems in the internal structure of your vault. Please note, that not all problems are fixable. You need the vault password to perform the checks.
+health.start.configValid=Reading and parsing vault configuration file was successful. Proceed to select checks.
+health.start.configInvalid=Error while reading and parsing the vault configuration file.
+health.checkList.header=Available Health Checks
+health.checkList.selectAllBox=Select All
+health.check.runBatchBtn=Run selected Checks
+## Detail view
+health.check.detail.noSelectedCheck=For results select a finished health check in the left list.
+health.check.detail.header=Results of %s
+health.check.detail.taskNotStarted=The check was not selected to run.
+health.check.detail.taskScheduled=The check is scheduled.
+health.check.detail.taskRunning=The check is currently running…
+health.check.detail.taskSucceeded=The check finished successfully after %d milliseconds.
+health.check.detail.taskFailed=The check exited due to an error.
+health.check.detail.taskCancelled=The check was cancelled.
+health.check.detail.problemCount=Found %d problems and %d unfixable errors.
+health.check.exportBtn=Export Report
+health.check.fixBtn=Fix
+## Checks
+health.org.cryptomator.cryptofs.health.dirid.DirIdCheck=Directory Check
+
 # Preferences
 preferences.title=Preferences
 ## General
@@ -175,11 +203,14 @@ preferences.updates.currentVersion=Current Version: %s
 preferences.updates.autoUpdateCheck=Check for updates automatically
 preferences.updates.checkNowBtn=Check Now
 preferences.updates.updateAvailable=Update to version %s available.
-## Donation Key
-preferences.donationKey=Donation
-preferences.donationKey.registeredFor=Registered for %s
-preferences.donationKey.noDonationKey=No valid donation key found. It's like a license key but for awesome people using free software. ;-)
-preferences.donationKey.getDonationKey=Get a donation key
+## Contribution
+preferences.contribute=Support Us
+preferences.contribute.registeredFor=Supporter certificate registered for %s
+preferences.contribute.noCertificate=Support Cryptomator and receive a supporter certificate. It's like a license key but for awesome people using free software. ;-)
+preferences.contribute.getCertificate=Don't have one already? Learn how you can obtain it.
+preferences.contribute.promptText=Paste supporter certificate code here
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=About
 
@@ -224,7 +255,12 @@ main.dropZone.dropVault=Add this vault
 main.dropZone.unknownDragboardContent=If you want to add a vault, drag it to this window
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=Click here to add a vault
-main.vaultlist.contextMenu.remove=Remove Vault…
+main.vaultlist.contextMenu.remove=Remove…
+main.vaultlist.contextMenu.lock=Lock
+main.vaultlist.contextMenu.unlock=Unlock…
+main.vaultlist.contextMenu.unlockNow=Unlock Now
+main.vaultlist.contextMenu.vaultoptions=Show Vault Options
+main.vaultlist.contextMenu.reveal=Reveal Drive
 main.vaultlist.addVaultBtn=Add Vault
 ## Vault Detail
 ### Welcome
@@ -274,6 +310,7 @@ vaultOptions.general.actionAfterUnlock=After successful unlock
 vaultOptions.general.actionAfterUnlock.ignore=Do nothing
 vaultOptions.general.actionAfterUnlock.reveal=Reveal Drive
 vaultOptions.general.actionAfterUnlock.ask=Ask
+vaultOptions.general.healthBtn=Start Health Check
 ## Mount
 vaultOptions.mount=Mounting
 vaultOptions.mount.readonly=Read-Only
diff --git a/main/ui/src/main/resources/i18n/strings_ar.properties b/main/ui/src/main/resources/i18n/strings_ar.properties
index d14749c9e..7b07a495f 100644
--- a/main/ui/src/main/resources/i18n/strings_ar.properties
+++ b/main/ui/src/main/resources/i18n/strings_ar.properties
@@ -17,7 +17,7 @@ generic.error.title=حدث خطأ غير متوقع
 generic.error.instruction=ما كان ينبغي أن يحدث هذا. يرجى الإبلاغ عن نص الخطأ أدناه وإدراج وصف للخطوات التي أدت إلى هذا الخطأ.
 
 # Defaults
-defaults.vault.vaultName=خزنة
+defaults.vault.vaultName=مخزن
 
 # Tray Menu
 traymenu.showMainWindow=اظهار
@@ -38,17 +38,19 @@ addvaultwizard.welcome.existingButton=افتح مخزن موجود
 addvaultwizard.new.nameInstruction=اختر اسم للمخزن
 addvaultwizard.new.namePrompt=اسم المخزن
 ### Location
-addvaultwizard.new.locationInstruction=أين يجب على Cryptomator تخزين الملفات المشفرة من قبو الخاص بك؟
+addvaultwizard.new.locationInstruction=أين يجب على Cryptomator تخزين الملفات المشفرة للمخزن الخاص بك؟
 addvaultwizard.new.locationLabel=موقع التخزين
 addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=موقع مخصص
 addvaultwizard.new.directoryPickerButton=اختر…
 addvaultwizard.new.directoryPickerTitle=اختر القاموس
-addvaultwizard.new.fileAlreadyExists=لا يمكن إنشاء مخزن على هذا المسار لأن بعض الملفات موجودة مسبقا.
-addvaultwizard.new.locationDoesNotExist=لا يمكن إنشاء المخزن على هذا المسار لأن جزء من هذا المسار غير موجود.
-addvaultwizard.new.invalidName=اسم المخزن غير صالح. يرجى النظر في اسم الدليل المعتاد.
+addvaultwizard.new.fileAlreadyExists=ملف أو مجلد بنفس اسم المخزن موجود مسبقاً
+addvaultwizard.new.locationDoesNotExist=المجلد في المسار المحدد غير موجود أو لا يمكن الوصول إليه
+addvaultwizard.new.locationIsNotWritable=لا يوجد صلاحيات للكتابة على المسار المحدد
+addvaultwizard.new.locationIsOk=الموقع المناسب للمخزن الخاص بك
+addvaultwizard.new.invalidName=اسم المخزن غير صالح. يرجى إعادة تسمية المجلد بشكل عادي.
 ### Password
-addvaultwizard.new.createVaultBtn=انشئ حافظة
+addvaultwizard.new.createVaultBtn=إنشاء المخزن
 addvaultwizard.new.generateRecoveryKeyChoice=لن تتمكن من الوصول إلى بياناتك بدون كلمة المرور الخاصة بك. هل تريد مفتاح استرداد في حالة فقدان كلمة المرور الخاصة بك؟
 addvaultwizard.new.generateRecoveryKeyChoice.yes=نعم من فضلك، أن تكون آمناً أفضل من الندم
 addvaultwizard.new.generateRecoveryKeyChoice.no=لا شكراً، لن أفقد كلمة المرور الخاصة بي
@@ -95,11 +97,14 @@ forgetPassword.confirmBtn=نسيت كلمة المرور
 # Unlock
 unlock.title=افتح الحافظة
 unlock.passwordPrompt=‮أدخل كلمة السر لـ "‪%s‬":
+unlock.savePassword=تذكر كلمة المرور
 unlock.unlockBtn=افتح
+##
+unlock.chooseMasterkey.filePickerTitle=اختر ملف الـ Masterkey
 ## Success
-unlock.success.message=تم فتح المخزن "%s" بنجاح! يمكنك الوصول إليه الآن.
+unlock.success.message=تم فتح "%s" بنجاح! يمكنك الآن الوصول لمخزنك عن طريق القرص الافتراضي الخاص به.
 unlock.success.rememberChoice=تذكر اختياري ولا تظهر هذا مرة أخرى
-unlock.success.revealBtn=افتح الحافظة
+unlock.success.revealBtn=اظهار القرص
 ## Failure
 unlock.error.heading=غير قادر على فتح الخزنة
 ### Invalid Mount Point
@@ -108,9 +113,12 @@ unlock.error.invalidMountPoint.existing=نقطة/مجلد التحميل موج
 
 # Lock
 ## Force
+lock.forced.heading=فشل عملية القفل
+lock.forced.message=تم حظر قفل "%s" بواسطة العمليات المعلقة أو الملفات المفتوحة. يمكنك فرض قفل هذا المخزن، ولكن مقاطعة عمليات الادخال والاخراج I/O قد تؤدي لفقدان البيانات غير المحفوظة.
 lock.forced.confirmBtn=فرض القفل
 ## Failure
 lock.fail.heading=فشلت عملية اقفال الخزنة.
+lock.fail.message=فشل عملية قفل %s". تأكد من حفظ العمل غير المحفوظ في مكان آخر وأن العمليات الهامة للقراءة/الكتابة قد انتهت. من أجل إغلاق المخزن، اقتل تطبيق Cryptomator.
 
 # Migration
 migration.title=ترقية الحافظة
@@ -145,6 +153,8 @@ preferences.general.theme.automatic=تلقائي
 preferences.general.theme.light=فاتح (أبيض)
 preferences.general.theme.dark=مظلم (أسود)
 preferences.general.unlockThemes=تفعيل الوضع المظلم
+preferences.general.showMinimizeButton=إظهار زر التصغير
+preferences.general.showTrayIcon=إظهار أيقونة بجنب الساعة (يتطلب إعادة تشغيل)
 preferences.general.startHidden=إخفاء النافذة عند بدء تشغيل Cryptomator
 preferences.general.debugLogging=تمكين سجلات التصحيح
 preferences.general.debugDirectory=عرض ملفات السجل
@@ -168,15 +178,19 @@ preferences.updates.currentVersion=الإصدار الحالي: %s
 preferences.updates.autoUpdateCheck=تحقق من التحديثات اوتوماتيكيا
 preferences.updates.checkNowBtn=تحقق الان
 preferences.updates.updateAvailable=التحديث إلى الإصدار %s متاح.
-## Donation Key
-preferences.donationKey=التبرعات
-preferences.donationKey.registeredFor=مسجل لـ %s
-preferences.donationKey.noDonationKey=لم يتم العثور على مفتاح تبرع صحيح. إنه مثل مفتاح الترخيص إلا أنه للأشخاص الرائعين الذين يستخدمون البرمجيات المجانية؛-)
-preferences.donationKey.getDonationKey=الحصول على مفتاح تبرع
+## Contribution
+preferences.contribute=ادعمنا
+preferences.contribute.registeredFor=شهادة الداعم مسجلة لـ %s
+preferences.contribute.noCertificate=ادعم Cryptomator واحصل على شهادة الداعم. إنها مثل مفتاح الترخيص لكن للأشخاص الرائعين الذين يستخدمون البرامج المجانية ؛-)
+preferences.contribute.getCertificate=ليس لديك واحدة بعد؟ تعلم كيف يمكنك الحصول عليها.
+preferences.contribute.promptText=قم بلصق رمز شهادة الداعم هنا
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=حول البرنامج
 
 # Vault Statistics
+stats.title=إحصائيات عن %s
 stats.cacheHitRate=معدل استخدام الكاش
 ## Read
 stats.read.throughput.idle=قراءة: خامل
@@ -195,7 +209,12 @@ main.dropZone.dropVault=أضف هذا المخزن
 main.dropZone.unknownDragboardContent=إذا كنت ترغب في إضافة مخزن، قم بسحبه إلى هذه النافذة
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=انقر هنا لإضافة خزنة
-main.vaultlist.contextMenu.remove=حذف الخزنة…
+main.vaultlist.contextMenu.remove=حذف…
+main.vaultlist.contextMenu.lock=قفل
+main.vaultlist.contextMenu.unlock=فتح…
+main.vaultlist.contextMenu.unlockNow=افتح الان
+main.vaultlist.contextMenu.vaultoptions=إظهار خيارات المخزن
+main.vaultlist.contextMenu.reveal=اظهار القرص
 main.vaultlist.addVaultBtn=أضِف مخزنًا
 ## Vault Detail
 ### Welcome
diff --git a/main/ui/src/main/resources/i18n/strings_bs.properties b/main/ui/src/main/resources/i18n/strings_bs.properties
index 680c87890..51cc1c1e8 100644
--- a/main/ui/src/main/resources/i18n/strings_bs.properties
+++ b/main/ui/src/main/resources/i18n/strings_bs.properties
@@ -44,8 +44,6 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=Prilagođena lokacija
 addvaultwizard.new.directoryPickerButton=Odaberi…
 addvaultwizard.new.directoryPickerTitle=Izaberi folder
-addvaultwizard.new.fileAlreadyExists=Sef ne može biti kreiran na odabranoj lokaciji jer neki objekti tu već postoje.
-addvaultwizard.new.locationDoesNotExist=Sef ne može biti kreiran na odabranoj lokaciji jer najmanje jedna komponenta lokacije ne postoji.
 addvaultwizard.new.invalidName=Naziv sefa neispravan. Molimo razmislite o drugom nazivu.
 ### Password
 addvaultwizard.new.createVaultBtn=Kreiraj novi sef
@@ -95,11 +93,14 @@ forgetPassword.confirmBtn=Zaboravili ste šifru
 # Unlock
 unlock.title=Otključaj sef
 unlock.passwordPrompt=Unesite lozinku za "%s":
+unlock.savePassword=Zapamti šifru
 unlock.unlockBtn=Otključaj
+##
+unlock.chooseMasterkey.filePickerTitle=Odaberite Masterkey Datoteku
 ## Success
-unlock.success.message=Uspješno ste otključali "%s"! Vaš sef je sada dostupan.
+unlock.success.message=Uspješno ste otključali "%s"! Vaš sef je sada dostupan putem svog virtualnog diska.
 unlock.success.rememberChoice=Zapamtite izbor, ne pokazujte ovo ponovo
-unlock.success.revealBtn=Otkrij sef
+unlock.success.revealBtn=Otkrij pogon
 ## Failure
 unlock.error.heading=Sef nije moguće otključati
 ### Invalid Mount Point
@@ -173,11 +174,9 @@ preferences.updates.currentVersion=Trenutna verzija: %s
 preferences.updates.autoUpdateCheck=Automatski provjeri ima li ažuriranja
 preferences.updates.checkNowBtn=Provjeri sada
 preferences.updates.updateAvailable=Dostupno ažuriranje na verziju %s.
-## Donation Key
-preferences.donationKey=Donacija
-preferences.donationKey.registeredFor=Registrovan za %s
-preferences.donationKey.noDonationKey=Nije pronađen važeći ključ za donaciju. To je poput licence, ali za sjajne ljude koji koriste besplatni softver. ;-)
-preferences.donationKey.getDonationKey=Nabavite ključ za donaciju
+## Contribution
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=O programu
 
@@ -222,7 +221,12 @@ main.dropZone.dropVault=Dodajte ovaj sef
 main.dropZone.unknownDragboardContent=Ako želite dodati sef, povucite ga u ovaj prozor
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=Kliknite ovdje da dodate sef
-main.vaultlist.contextMenu.remove=Ukloni Sef…
+main.vaultlist.contextMenu.remove=Ukloni…
+main.vaultlist.contextMenu.lock=Zaključaj
+main.vaultlist.contextMenu.unlock=Otključaj…
+main.vaultlist.contextMenu.unlockNow=Otključaj sada
+main.vaultlist.contextMenu.vaultoptions=Pokaži opcije sefa
+main.vaultlist.contextMenu.reveal=Otkrij pogon
 main.vaultlist.addVaultBtn=Dodaj sef
 ## Vault Detail
 ### Welcome
diff --git a/main/ui/src/main/resources/i18n/strings_ca.properties b/main/ui/src/main/resources/i18n/strings_ca.properties
index ed20adecf..aff8c7f3c 100644
--- a/main/ui/src/main/resources/i18n/strings_ca.properties
+++ b/main/ui/src/main/resources/i18n/strings_ca.properties
@@ -44,8 +44,6 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=Ubicació personalitzada
 addvaultwizard.new.directoryPickerButton=Trieu…
 addvaultwizard.new.directoryPickerTitle=Seleccioneu el directori
-addvaultwizard.new.fileAlreadyExists=No es pot crear una caixa forta en aquest camí perquè ja hi ha algun objecte.
-addvaultwizard.new.locationDoesNotExist=No ha estat possible crear la caixa forta en aquest camí perquè, si més no, un component no existeix.
 addvaultwizard.new.invalidName=El nom de la caixa forta no és vàlid. Si us plau, escribiu un mom de directori amb caràcters estàndard.
 ### Password
 addvaultwizard.new.createVaultBtn=Crea la caixa forta
@@ -97,10 +95,12 @@ unlock.title=Desbloquejar la caixa forta
 unlock.passwordPrompt=Introduïu la contrasenya de "%s":
 unlock.savePassword=Recorda la contrasenya
 unlock.unlockBtn=Desbloqueja
+##
+unlock.chooseMasterkey.filePickerTitle=Seleccioneu el fitxer Masterkey
 ## Success
-unlock.success.message="%s" s'ha desbloquejat correctament! Ja es pot accedir a la caixa forta.
+unlock.success.message=S'ha desblocat %s correctament! Podeu accedir a la vostra caixa forta a través de la unitat virtual.
 unlock.success.rememberChoice=Recorda l'elecció. No ho tornis a mostrar.
-unlock.success.revealBtn=Mostra la caixa forta
+unlock.success.revealBtn=Mostra la unitat
 ## Failure
 unlock.error.heading=No ha estat possible desblocar la caixa forta
 ### Invalid Mount Point
@@ -174,11 +174,14 @@ preferences.updates.currentVersion=Versió actual: %s
 preferences.updates.autoUpdateCheck=Comprova automàticament si hi ha actualitzacions
 preferences.updates.checkNowBtn=Comprova-ho ara
 preferences.updates.updateAvailable=L'actualització a la versió %s es troba disponible.
-## Donation Key
-preferences.donationKey=Donacions
-preferences.donationKey.registeredFor=Registrat per %s
-preferences.donationKey.noDonationKey=No s'ha trobar una clau de donació vàlida. És sembla a una clau de llicència però per gent meravellosa qui utilitza programari lliure. ;-)
-preferences.donationKey.getDonationKey=Obtingau una clau de donació
+## Contribution
+preferences.contribute=Doneu-nos suport
+preferences.contribute.registeredFor=Certificat de col·laborador registrat per a %s
+preferences.contribute.noCertificate=Doneu suport a Cryptomator i rebeu un certificat de col·laborador. És com una clau de llicència però per a gent meravellosa que fa servir programari lliure. ;-)
+preferences.contribute.getCertificate=Encara no en teniu cap? Sapigueu com aconseguir-ne un.
+preferences.contribute.promptText=Enganxeu aquí el certificat de col·laborador
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=Quant a
 
@@ -223,7 +226,12 @@ main.dropZone.dropVault=Afegeix aquesta caixa forta
 main.dropZone.unknownDragboardContent=Si voleu afegir una caixa forta, arrossegueu-la a aquesta finestra
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=Feu clic aquí per afegir una caixa forta
-main.vaultlist.contextMenu.remove=Elimina la caixa forta…
+main.vaultlist.contextMenu.remove=Elimina…
+main.vaultlist.contextMenu.lock=Bloqueja
+main.vaultlist.contextMenu.unlock=Desbloca…
+main.vaultlist.contextMenu.unlockNow=Desbloqueja ara
+main.vaultlist.contextMenu.vaultoptions=Opcions de la caixa forta
+main.vaultlist.contextMenu.reveal=Mostra la unitat
 main.vaultlist.addVaultBtn=Afegir una caixa forta
 ## Vault Detail
 ### Welcome
diff --git a/main/ui/src/main/resources/i18n/strings_cs.properties b/main/ui/src/main/resources/i18n/strings_cs.properties
index ee4f9b92a..dc55afa41 100644
--- a/main/ui/src/main/resources/i18n/strings_cs.properties
+++ b/main/ui/src/main/resources/i18n/strings_cs.properties
@@ -44,8 +44,10 @@ addvaultwizard.new.locationPrompt=...
 addvaultwizard.new.directoryPickerLabel=Vlastní umístění
 addvaultwizard.new.directoryPickerButton=Vybrat...
 addvaultwizard.new.directoryPickerTitle=Vyberte adresář
-addvaultwizard.new.fileAlreadyExists=Trezor nemůže být vytvořen na tomto umístění, protože stejný objekt již existuje.
-addvaultwizard.new.locationDoesNotExist=Trezor nemůže být vytvořen v tomto umístění, protože přinejmenším jedna položka z daného umístění neexistuje.
+addvaultwizard.new.fileAlreadyExists=Soubor nebo složka s tímto názvem trezoru již existuje
+addvaultwizard.new.locationDoesNotExist=Složka v zadané cestě neexistuje nebo není přístupná
+addvaultwizard.new.locationIsNotWritable=Není možné zapisovat na zadané cestě
+addvaultwizard.new.locationIsOk=Vhodné umístění pro váš trezor
 addvaultwizard.new.invalidName=Neplatné jméno trezoru. Prosím změňte jméno adresáře.
 ### Password
 addvaultwizard.new.createVaultBtn=Vytvořit trezor
@@ -97,10 +99,12 @@ unlock.title=Odemknout trezor
 unlock.passwordPrompt=Zadejte heslo pro "%s":
 unlock.savePassword=Zapamatovat heslo
 unlock.unlockBtn=Odemknout
+##
+unlock.chooseMasterkey.filePickerTitle=Vyberte Masterkey soubor
 ## Success
-unlock.success.message=Trezor "%s" byl úspěšně odemčen a nyní je dostupný.
+unlock.success.message=Trezor "%s" byl úspěšně odemčen a nyní je dostupný jako virtuální jednotka.
 unlock.success.rememberChoice=Pamatovat si volbu, nezobrazovat to znovu
-unlock.success.revealBtn=Zobrazit trezor
+unlock.success.revealBtn=Zobrazit jednotku
 ## Failure
 unlock.error.heading=Nelze odemknout trezor
 ### Invalid Mount Point
@@ -109,7 +113,12 @@ unlock.error.invalidMountPoint.existing=Připojovací bod %s již existuje nebo
 
 # Lock
 ## Force
+lock.forced.heading=Běžné uzamčení selhalo
+lock.forced.message=Uzamčení "%s" bylo zablokováno nevyřízenými operacemi nebo otevřenými soubory. Můžete vynutit uzamčení tohoto trezoru, ale přerušení I/O může mít za následek ztrátu neuložených dat.
+lock.forced.confirmBtn=Přesto uzamknout
 ## Failure
+lock.fail.heading=Uzamčení trezoru selhalo.
+lock.fail.message=Trezor "%s" nelze uzamknout. Ujistěte se, že je neuložená práce uložena jinde a že jsou dokončeny důležité operace čtení/zápis. Za účelem uzavření trezoru ukončte proces Cryptomatoru.
 
 # Migration
 migration.title=Upgrade trezoru
@@ -169,11 +178,14 @@ preferences.updates.currentVersion=Aktuální verze: %s
 preferences.updates.autoUpdateCheck=Automaticky kontrolovat aktualizace
 preferences.updates.checkNowBtn=Zkontrolovat nyní
 preferences.updates.updateAvailable=Dostupná nová verze %s.
-## Donation Key
-preferences.donationKey=Příspěvek
-preferences.donationKey.registeredFor=Registrováno na: %s
-preferences.donationKey.noDonationKey=Nebyl nalezen žádný platný darovací klíč. Je to jako licenční klíč, ale pro úžasné lidi využívající software zadarmo. ;-)
-preferences.donationKey.getDonationKey=Získat darovací klíč
+## Contribution
+preferences.contribute=Podpořte nás
+preferences.contribute.registeredFor=Certifikát podporovatele byl registrován pro %s
+preferences.contribute.noCertificate=Podpořte Cryptomator a získejte certifikát podporovatele. Je to jako licenční klíč, ale pro skvělé lidi, kteří používají svobodný software. ;-)
+preferences.contribute.getCertificate=Ještě žádný nemáte? Naučte se, jak ho můžete získat.
+preferences.contribute.promptText=Sem vložte kód certifikátu podporovatele
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=O aplikaci
 
@@ -218,7 +230,12 @@ main.dropZone.dropVault=Přidat tento trezor
 main.dropZone.unknownDragboardContent=Pokud chcete přidat trezor, přetáhněte jej do tohoto okna
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=Klikněte zde pro přidání nového trezoru
-main.vaultlist.contextMenu.remove=Odstranit trezor…
+main.vaultlist.contextMenu.remove=Odstranit…
+main.vaultlist.contextMenu.lock=Zamknout
+main.vaultlist.contextMenu.unlock=Odemknout…
+main.vaultlist.contextMenu.unlockNow=Odemknout nyní
+main.vaultlist.contextMenu.vaultoptions=Zobrazit možnosti trezoru
+main.vaultlist.contextMenu.reveal=Zobrazit jednotku
 main.vaultlist.addVaultBtn=Přidat trezor
 ## Vault Detail
 ### Welcome
diff --git a/main/ui/src/main/resources/i18n/strings_de.properties b/main/ui/src/main/resources/i18n/strings_de.properties
index d5e541f6e..f06913980 100644
--- a/main/ui/src/main/resources/i18n/strings_de.properties
+++ b/main/ui/src/main/resources/i18n/strings_de.properties
@@ -14,7 +14,7 @@ generic.button.next=Weiter
 generic.button.print=Drucken
 ## Error
 generic.error.title=Ein unerwarteter Fehler ist aufgetreten
-generic.error.instruction=Das hätte nicht passieren dürfen. Bitte melde die folgende Fehlermeldung und beschreibe kurz, durch welche Schritte er aufgetreten ist.
+generic.error.instruction=Das hätte nicht passieren dürfen. Bitte melde den folgenden Fehlertext und beschreibe kurz, durch welche Schritte der Fehler aufgetreten ist.
 
 # Defaults
 defaults.vault.vaultName=Tresor
@@ -38,14 +38,16 @@ addvaultwizard.welcome.existingButton=Existierenden Tresor öffnen
 addvaultwizard.new.nameInstruction=Wähle einen Namen für den Tresor
 addvaultwizard.new.namePrompt=Tresorname
 ### Location
-addvaultwizard.new.locationInstruction=Wo soll Cryptomator die verschlüsselten Daten deines Tresors ablegen?
+addvaultwizard.new.locationInstruction=Wo soll Cryptomator die verschlüsselten Dateien deines Tresors ablegen?
 addvaultwizard.new.locationLabel=Speicherort
 addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=Eigener Ort
 addvaultwizard.new.directoryPickerButton=Durchsuchen …
 addvaultwizard.new.directoryPickerTitle=Verzeichnis auswählen
-addvaultwizard.new.fileAlreadyExists=Der Tresor konnte nicht erstellt werden, da am Speicherort so eine Datei bereits existiert.
-addvaultwizard.new.locationDoesNotExist=Der Tresor kann nicht erstellt werden, da mindestens ein Speicherort nicht existiert.
+addvaultwizard.new.fileAlreadyExists=Eine Datei oder ein Ordner mit diesem Namen ist bereits vorhanden
+addvaultwizard.new.locationDoesNotExist=Der Ordner im angegebenen Pfad existiert nicht oder kann nicht geöffnet werden
+addvaultwizard.new.locationIsNotWritable=Kein Schreibzugriff auf den angegebenen Pfad
+addvaultwizard.new.locationIsOk=Geeigneter Ort für deinen Tresor
 addvaultwizard.new.invalidName=Ungültiger Tresorname. Bitte wähle einen regulären Namen, mit dem auch Verzeichnisse erstellt werden können.
 ### Password
 addvaultwizard.new.createVaultBtn=Tresor erstellen
@@ -79,7 +81,7 @@ addvaultwizard.success.unlockNow=Jetzt entsperren
 
 # Remove Vault
 removeVault.title=Tresor entfernen
-removeVault.information=Dein Tresor wird nicht gelöscht, sondern lediglich aus Cryptomators Tresorliste entfernt. Du kannst ihn daher später jederzeit wieder hinzufügen.
+removeVault.information=Dieser Tresor wird nur aus der Tresorliste entfernt. Du kannst den Tresor später jederzeit wieder hinzufügen. Es werden keine verschlüsselten Daten gelöscht.
 removeVault.confirmBtn=Tresor entfernen
 
 # Change Password
@@ -97,10 +99,12 @@ unlock.title=Tresor entsperren
 unlock.passwordPrompt=Gib das Passwort für „%s“ ein:
 unlock.savePassword=Passwort merken
 unlock.unlockBtn=Entsperren
+##
+unlock.chooseMasterkey.filePickerTitle=Masterkey-Datei auswählen
 ## Success
-unlock.success.message=„%s“ erfolgreich entsperrt! Nun kannst du auf deinen Tresor zugreifen.
+unlock.success.message=„%s“ erfolgreich entsperrt! Nun kannst du über das virtuelle Laufwerk auf deinen Tresor zugreifen.
 unlock.success.rememberChoice=Auswahl speichern und nicht mehr anzeigen
-unlock.success.revealBtn=Tresor anzeigen
+unlock.success.revealBtn=Laufwerk anzeigen
 ## Failure
 unlock.error.heading=Tresor konnte nicht entsperrt werden
 ### Invalid Mount Point
@@ -172,13 +176,16 @@ preferences.volume.webdav.scheme=WebDAV-Schema
 preferences.updates=Updates
 preferences.updates.currentVersion=Aktuelle Version: %s
 preferences.updates.autoUpdateCheck=Automatisch nach Updates suchen
-preferences.updates.checkNowBtn=Jetzt suchen
+preferences.updates.checkNowBtn=Jetzt prüfen
 preferences.updates.updateAvailable=Update auf Version %s verfügbar.
-## Donation Key
-preferences.donationKey=Spende
-preferences.donationKey.registeredFor=Registriert für %s
-preferences.donationKey.noDonationKey=Kein gültiger Spendenschlüssel gefunden. Er ist wie ein Lizenzschlüssel, aber für tolle Leute, die freie Software verwenden. ;-)
-preferences.donationKey.getDonationKey=Hol dir einen Spendenschlüssel
+## Contribution
+preferences.contribute=Unterstütze uns
+preferences.contribute.registeredFor=Supporter-Zertifikat registriert für %s
+preferences.contribute.noCertificate=Unterstütze Cryptomator und erhalte ein Supporter-Zertifikat. Es ist wie ein Lizenzschlüssel, aber für großartige Menschen, die freie Software verwenden. ;-)
+preferences.contribute.getCertificate=Du hast noch keines? Erfahre, wie du es erhalten kannst.
+preferences.contribute.promptText=Code des Supporter-Zertifikats hier einfügen
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=Über
 
@@ -223,7 +230,12 @@ main.dropZone.dropVault=Diesen Tresor hinzufügen
 main.dropZone.unknownDragboardContent=Wenn Sie einen Tresor hinzufügen möchten, ziehen Sie ihn in dieses Fenster
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=Klicke hier, um einen Tresor hinzuzufügen
-main.vaultlist.contextMenu.remove=Tresor entfernen…
+main.vaultlist.contextMenu.remove=Entfernen …
+main.vaultlist.contextMenu.lock=Sperren
+main.vaultlist.contextMenu.unlock=Entsperren …
+main.vaultlist.contextMenu.unlockNow=Jetzt entsperren
+main.vaultlist.contextMenu.vaultoptions=Tresoroptionen anzeigen
+main.vaultlist.contextMenu.reveal=Laufwerk anzeigen
 main.vaultlist.addVaultBtn=Tresor hinzufügen
 ## Vault Detail
 ### Welcome
@@ -246,7 +258,7 @@ main.vaultDetail.throughput.kbps=%.1f kiB/s
 main.vaultDetail.throughput.mbps=%.1f MiB/s
 main.vaultDetail.stats=Tresorstatistik
 ### Missing
-main.vaultDetail.missing.info=Mit diesem Pfad konnte Cryptomator keinen Tresor finden.
+main.vaultDetail.missing.info=Cryptomator konnte keinen Tresor mit diesem Pfad finden.
 main.vaultDetail.missing.recheck=Erneut prüfen
 main.vaultDetail.missing.remove=Aus Tresorliste entfernen…
 main.vaultDetail.missing.changeLocation=Speicherort des Tresors ändern…
@@ -261,8 +273,8 @@ wrongFileAlert.header.lead=Für diesen Zweck stellt Cryptomator ein Laufwerk in
 wrongFileAlert.instruction.0=Folge diesen Schritten, um Dateien zu verschlüsseln:
 wrongFileAlert.instruction.1=1. Entsperre deinen Tresor.
 wrongFileAlert.instruction.2=2. Klicke auf „Anzeigen“, um das Laufwerk in deinem Dateimanager zu öffnen.
-wrongFileAlert.instruction.3=3. Füge deine Dateien diesem Laufwerk hinzu.
-wrongFileAlert.link=Für weitere Unterstützung besuche
+wrongFileAlert.instruction.3=3. Füge deine Dateien zu diesem Laufwerk hinzu.
+wrongFileAlert.link=Besuche für weitere Hilfe
 
 # Vault Options
 ## General
@@ -276,26 +288,26 @@ vaultOptions.general.actionAfterUnlock.ask=Nachfragen
 ## Mount
 vaultOptions.mount=Laufwerk
 vaultOptions.mount.readonly=Schreibgeschützt
-vaultOptions.mount.customMountFlags=Benutzerdefinierte Mount-Flags
+vaultOptions.mount.customMountFlags=Benutzerdefinierte Einhänge-Optionen
 vaultOptions.mount.winDriveLetterOccupied=belegt
 vaultOptions.mount.mountPoint=Einhängepunkt
-vaultOptions.mount.mountPoint.auto=Automatisch einen passenden Ort auswählen
-vaultOptions.mount.mountPoint.driveLetter=Zugewiesenen Laufwerksbuchstaben verwenden
-vaultOptions.mount.mountPoint.custom=Pfad selbst wählen
+vaultOptions.mount.mountPoint.auto=Wähle automatisch einen geeigneten Ort aus
+vaultOptions.mount.mountPoint.driveLetter=Laufwerksbuchstaben zuweisen
+vaultOptions.mount.mountPoint.custom=Eigener Pfad
 vaultOptions.mount.mountPoint.directoryPickerButton=Durchsuchen …
 vaultOptions.mount.mountPoint.directoryPickerTitle=Wähle ein leeres Verzeichnis
 ## Master Key
 vaultOptions.masterkey=Passwort
 vaultOptions.masterkey.changePasswordBtn=Passwort ändern
 vaultOptions.masterkey.forgetSavedPasswordBtn=Gespeichertes Passwort vergessen
-vaultOptions.masterkey.recoveryKeyExpanation=Bei Verlust deines Passworts ist ein Wiederherstellungsschlüssel deine einzige Möglichkeit, den Zugriff auf einen Tresor wiederherzustellen.
+vaultOptions.masterkey.recoveryKeyExpanation=Dein Wiederherstellungsschlüssel gehört nur dir! Dieser wird benötigt, um deinen Tresor wiederherzustellen, für den Fall das du dein Passwort verloren hast.
 vaultOptions.masterkey.showRecoveryKeyBtn=Wiederherstellungsschlüssel anzeigen
 vaultOptions.masterkey.recoverPasswordBtn=Passwort wiederherstellen
 
 # Recovery Key
 recoveryKey.title=Wiederherstellungsschlüssel
 recoveryKey.enterPassword.prompt=Gib dein Passwort ein, um den Wiederherstellungsschlüssel für „%s“ anzuzeigen:
-recoveryKey.display.message=Mit folgendem Wiederherstellungsschlüssel kannst du den Zugriff auf „%s“ wiederherstellen:
+recoveryKey.display.message=Mit dem folgenden Wiederherstellungsschlüssel kannst du den Zugriff auf „%s“ wiederherstellen:
 recoveryKey.display.StorageHints=Bewahre ihn möglichst sicher auf, z. B.\n • in einem Passwortmanager\n • auf einem USB-Speicherstick\n • auf Papier ausgedruckt
 recoveryKey.recover.prompt=Gib deinen Wiederherstellungsschlüssel für „%s“ ein:
 recoveryKey.recover.validKey=Dies ist ein gültiger Wiederherstellungsschlüssel
diff --git a/main/ui/src/main/resources/i18n/strings_el.properties b/main/ui/src/main/resources/i18n/strings_el.properties
index 105219c26..d4a7e5b04 100644
--- a/main/ui/src/main/resources/i18n/strings_el.properties
+++ b/main/ui/src/main/resources/i18n/strings_el.properties
@@ -44,8 +44,10 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=Προσαρμοσμένη τοποθεσία
 addvaultwizard.new.directoryPickerButton=Επιλογή…
 addvaultwizard.new.directoryPickerTitle=Επιλογή φακέλου
-addvaultwizard.new.fileAlreadyExists=Το vault δεν μπορεί να δημιουργηθεί σε αυτό το μονοπάτι καθώς κάποια αντικείμενα υπάρχουν ήδη.
-addvaultwizard.new.locationDoesNotExist=Το vault δεν μπορεί να δημιουργηθεί σε αυτό το μονοπάτι καθώς τουλάχιστον ένα στοιχείο του μονοπατιού δεν υπάρχει.
+addvaultwizard.new.fileAlreadyExists=Ένα αρχείο ή φάκελος με το όνομα του vault υπάρχει ήδη
+addvaultwizard.new.locationDoesNotExist=Στην καθορισμένη διαδρομή δεν υπάρχει ή δεν μπορεί να προσπελαστεί ένας φάκελος
+addvaultwizard.new.locationIsNotWritable=Δεν υπάρχει πρόσβαση εγγραφής στην καθορισμένη διαδρομή
+addvaultwizard.new.locationIsOk=Κατάλληλη τοποθεσία για το vault σας
 addvaultwizard.new.invalidName=Λάθος όνομα vault. Παρακαλώ χρησιμοποιείστε ένα κανονικό όνομα φακέλου.
 ### Password
 addvaultwizard.new.createVaultBtn=Δημιουργία Vault
@@ -97,10 +99,12 @@ unlock.title=Ξεκλείδωμα Vault
 unlock.passwordPrompt=Εισάγετε τον κωδικό για "%s":
 unlock.savePassword=Απομνημόνευση κωδικού πρόσβασης
 unlock.unlockBtn=Ξεκλείδωμα
+##
+unlock.chooseMasterkey.filePickerTitle=Επιλέξτε το αρχείο Masterkey
 ## Success
-unlock.success.message="%s" ξεκλειδώθηκε επιτυχώς! Το vault σας είναι διαθέσιμο.
+unlock.success.message=Ξεκλειδώθηκε "%s" επιτυχώς! Το vault σας είναι διαθέσιμο μέσω του εικονικού δίσκου του.
 unlock.success.rememberChoice=Απομνημόνευση επιλογής, μην ρωτήσεις ξανά
-unlock.success.revealBtn=Αποκάλυψη Vault
+unlock.success.revealBtn=Αποκάλυψη εικονικού δίσκου
 ## Failure
 unlock.error.heading=Αδυναμία ξεκλειδώματος vault
 ### Invalid Mount Point
@@ -174,11 +178,14 @@ preferences.updates.currentVersion=Τρέχουσα έκδοση: %s
 preferences.updates.autoUpdateCheck=Αυτόματος έλεγχος για ενημερώσεις
 preferences.updates.checkNowBtn=Έλεγχος τώρα
 preferences.updates.updateAvailable=Η ενημέρωση για την έκδοση %s είναι διαθέσιμη.
-## Donation Key
-preferences.donationKey=Δωρεά
-preferences.donationKey.registeredFor=Καταχωρημένο σε %s
-preferences.donationKey.noDonationKey=Δεν βρέθηκε ενεργό κλειδί δωρεάς. Είναι σαν κλειδί αγοράς αλλά για απίθανους ανθρώπους που χρησιμοποιούν δωρεάν λογισμικό. ;-)
-preferences.donationKey.getDonationKey=Πάρε ένα κλειδί δωρεάς
+## Contribution
+preferences.contribute=Υποστηρίξτε μας
+preferences.contribute.registeredFor=Το πιστοποιητικό υποστήριξης καταχωρήθηκε για %s
+preferences.contribute.noCertificate=Υποστηρίξτε το Cryptomator και λάβετε ένα πιστοποιητικό υποστηρικτή. Είναι σαν κλειδί άδειας χρήσης, αλλά για φοβερά άτομα που χρησιμοποιούν ελεύθερο λογισμικό. ;-)
+preferences.contribute.getCertificate=Δεν έχετε ένα ήδη; Μάθετε πώς μπορείτε να το αποκτήσετε.
+preferences.contribute.promptText=Επικολλήστε τον κωδικό πιστοποιητικού υποστηρικτή εδώ
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=Σχετικά με
 
@@ -223,7 +230,12 @@ main.dropZone.dropVault=Προσθήκη vault
 main.dropZone.unknownDragboardContent=Αν θέλετε να προσθέσετε ένα vault, σύρετε το σε αυτό το παράθυρο
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=Κάντε κλικ εδώ για να προσθέσετε ένα vault
-main.vaultlist.contextMenu.remove=Διαγραφή Vault…
+main.vaultlist.contextMenu.remove=Αφαίρεση…
+main.vaultlist.contextMenu.lock=Κλείδωμα
+main.vaultlist.contextMenu.unlock=Ξεκλείδωμα…
+main.vaultlist.contextMenu.unlockNow=Ξεκλείδωμα τώρα
+main.vaultlist.contextMenu.vaultoptions=Εμφάνιση επιλογών Vault
+main.vaultlist.contextMenu.reveal=Αποκάλυψη εικονικού δίσκου
 main.vaultlist.addVaultBtn=Προσθήκη Vault
 ## Vault Detail
 ### Welcome
diff --git a/main/ui/src/main/resources/i18n/strings_es.properties b/main/ui/src/main/resources/i18n/strings_es.properties
index bea555acd..33c29d6a7 100644
--- a/main/ui/src/main/resources/i18n/strings_es.properties
+++ b/main/ui/src/main/resources/i18n/strings_es.properties
@@ -44,8 +44,10 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=Ubicación personalizada
 addvaultwizard.new.directoryPickerButton=Elegir…
 addvaultwizard.new.directoryPickerTitle=Seleccionar directorio
-addvaultwizard.new.fileAlreadyExists=La bóveda no puede crearse en esta ruta porque ya existe un objeto.
-addvaultwizard.new.locationDoesNotExist=La bóveda no puede ser creada en esta ruta porque al menos un componente no existe.
+addvaultwizard.new.fileAlreadyExists=Ya existe un archivo o directorio con el nombre de la bóveda
+addvaultwizard.new.locationDoesNotExist=No existe un directorio en la ruta especificada o no se puede acceder
+addvaultwizard.new.locationIsNotWritable=Sin acceso de escritura en la ruta especificada
+addvaultwizard.new.locationIsOk=Ubicación adecuada para la bóveda
 addvaultwizard.new.invalidName=Nombre de bóveda inválido. Considere un nombre de directorio regular.
 ### Password
 addvaultwizard.new.createVaultBtn=Crear bóveda
@@ -97,10 +99,12 @@ unlock.title=Desbloquear bóveda
 unlock.passwordPrompt=Ingresar contraseña para "%s":
 unlock.savePassword=Recordar contraseña
 unlock.unlockBtn=Desbloquear
+##
+unlock.chooseMasterkey.filePickerTitle=Seleccionar archivo Masterkey
 ## Success
-unlock.success.message=¡"%s" se desbloqueó con éxito! La bóveda ya es accesible.
+unlock.success.message=¡Desbloqueo de "%s" exitoso! Su bóveda ahora es accesible a través de su unidad virtual.
 unlock.success.rememberChoice=Recordar opción y no mostrar de nuevo
-unlock.success.revealBtn=Revelar bóveda
+unlock.success.revealBtn=Revelar unidad
 ## Failure
 unlock.error.heading=No se puede desbloquear la bóveda
 ### Invalid Mount Point
@@ -174,11 +178,9 @@ preferences.updates.currentVersion=Versión actual: %s
 preferences.updates.autoUpdateCheck=Buscar actualizaciones automáticamente
 preferences.updates.checkNowBtn=Buscar ahora
 preferences.updates.updateAvailable=Actualización a la versión %s disponible.
-## Donation Key
-preferences.donationKey=Donación
-preferences.donationKey.registeredFor=Registrado para %s
-preferences.donationKey.noDonationKey=No se encontró una clave de donación válida. Es como una clave de licencia pero para personas geniales que usan software libre.
-preferences.donationKey.getDonationKey=Obtener clave de donación
+## Contribution
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=Acerca de
 
@@ -223,7 +225,12 @@ main.dropZone.dropVault=Añadir esta bóveda
 main.dropZone.unknownDragboardContent=Si desea añadir una bóveda, arrástrela a esta ventana
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=Hacer clic aquí para añadir una bóveda
-main.vaultlist.contextMenu.remove=Eliminar bóveda…
+main.vaultlist.contextMenu.remove=Eliminar…
+main.vaultlist.contextMenu.lock=Bloquear
+main.vaultlist.contextMenu.unlock=Desbloquear…
+main.vaultlist.contextMenu.unlockNow=Desbloquear ahora
+main.vaultlist.contextMenu.vaultoptions=Mostrar opciones de la bóveda
+main.vaultlist.contextMenu.reveal=Revelar unidad
 main.vaultlist.addVaultBtn=Añadir bóveda
 ## Vault Detail
 ### Welcome
diff --git a/main/ui/src/main/resources/i18n/strings_fr.properties b/main/ui/src/main/resources/i18n/strings_fr.properties
index dbcc83a00..6d91dabe4 100644
--- a/main/ui/src/main/resources/i18n/strings_fr.properties
+++ b/main/ui/src/main/resources/i18n/strings_fr.properties
@@ -44,8 +44,10 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=Emplacement personnalisé
 addvaultwizard.new.directoryPickerButton=Choisir...
 addvaultwizard.new.directoryPickerTitle=Choisissez le répertoire
-addvaultwizard.new.fileAlreadyExists=Le coffre ne peut pas être créé sur ce chemin car un objet existe déjà.
-addvaultwizard.new.locationDoesNotExist=Le coffre ne peut pas être créé à cet endroit car au moins un répertoire du chemin n'existe pas.
+addvaultwizard.new.fileAlreadyExists=Un fichier ou un répertoire avec ce nom existe déjà
+addvaultwizard.new.locationDoesNotExist=Un répertoire dans le chemin spécifié n'existe pas ou ne peut pas être accédé
+addvaultwizard.new.locationIsNotWritable=Pas d'accès en écriture au chemin spécifié
+addvaultwizard.new.locationIsOk=Lieu approprié pour votre coffre
 addvaultwizard.new.invalidName=Nom de coffre invalide. Préférez un nom de répertoire habituel.
 ### Password
 addvaultwizard.new.createVaultBtn=Créer un coffre
@@ -97,10 +99,12 @@ unlock.title=Déverrouiller le coffre
 unlock.passwordPrompt=Entrez le mot de passe pour “%s” :
 unlock.savePassword=Mémoriser le mot de passe
 unlock.unlockBtn=Déverrouiller
+##
+unlock.chooseMasterkey.filePickerTitle=Sélectionner le fichier clef
 ## Success
-unlock.success.message=“%s” déverrouillé ! Le contenu de votre coffre est maintenant accessible.
+unlock.success.message=“%s” déverrouillé ! Le contenu de votre coffre est maintenant accessible par son lecteur virtuel.
 unlock.success.rememberChoice=Se souvenir de mon choix et ne plus me demander
-unlock.success.revealBtn=Révéler le coffre
+unlock.success.revealBtn=Révéler le lecteur
 ## Failure
 unlock.error.heading=Impossible de déverrouiller le coffre
 ### Invalid Mount Point
@@ -174,11 +178,14 @@ preferences.updates.currentVersion=Version actuelle : “%s”
 preferences.updates.autoUpdateCheck=Vérifier automatiquement l’existence de mise à jour
 preferences.updates.checkNowBtn=Vérifier maintenant
 preferences.updates.updateAvailable=Mise à jour “%s” disponible.
-## Donation Key
-preferences.donationKey=Faire un Don
-preferences.donationKey.registeredFor=Licence enregistrée à %s
-preferences.donationKey.noDonationKey=Aucune clé de don valide trouvée. C'est comme une clé de licence mais pour des personnes géniales utilisant un logiciel libre ;-)
-preferences.donationKey.getDonationKey=Obtenir une clé de don
+## Contribution
+preferences.contribute=Nous soutenir
+preferences.contribute.registeredFor=Certificat de soutien enregistré pour %s
+preferences.contribute.noCertificate=Soutenez Cryptomator et recevez un certificat de soutien. C'est comme une clé de licence, mais pour des gens géniaux qui utilisent des logiciels libres. ;-)
+preferences.contribute.getCertificate=Vous n'en avez pas encore? Découvrez comment vous pouvez l'obtenir.
+preferences.contribute.promptText=Collez le code du certificat du supporter ici
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=A propos
 
@@ -223,7 +230,12 @@ main.dropZone.dropVault=Ajouter ce coffre
 main.dropZone.unknownDragboardContent=Si vous voulez ajouter un coffre, faites-le glisser dans cette fenêtre
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=Cliquez ici pour ajouter un coffre
-main.vaultlist.contextMenu.remove=Supprimer le coffre…
+main.vaultlist.contextMenu.remove=Retirer…
+main.vaultlist.contextMenu.lock=Verrouiller
+main.vaultlist.contextMenu.unlock=Déverrouiller…
+main.vaultlist.contextMenu.unlockNow=Déverrouiller maintenant
+main.vaultlist.contextMenu.vaultoptions=Afficher les options du coffre
+main.vaultlist.contextMenu.reveal=Révéler le lecteur
 main.vaultlist.addVaultBtn=Ajouter un coffre
 ## Vault Detail
 ### Welcome
diff --git a/main/ui/src/main/resources/i18n/strings_hi.properties b/main/ui/src/main/resources/i18n/strings_hi.properties
index c2433517a..fec5898a4 100644
--- a/main/ui/src/main/resources/i18n/strings_hi.properties
+++ b/main/ui/src/main/resources/i18n/strings_hi.properties
@@ -44,8 +44,6 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=अपने पसंद की जगह डालें
 addvaultwizard.new.directoryPickerButton=चुनें…
 addvaultwizard.new.directoryPickerTitle=निर्देशिका चुनें
-addvaultwizard.new.fileAlreadyExists=तिजोरी इस रास्ते पर नहीं बनाई जा सकती क्योंकि कुछ वस्तु पहले से मौजूद है।
-addvaultwizard.new.locationDoesNotExist=तिजोरी इस रास्ते पर नहीं बनाई जा सकती क्योंकि कम से कम एक पथ घटक मौजूद नहीं है।
 addvaultwizard.new.invalidName=अमान्य वॉल्ट नाम। कृपया एक नियमित निर्देशिका नाम पर विचार करें।
 ### Password
 addvaultwizard.new.createVaultBtn=वॉल्ट बनाएं
@@ -72,6 +70,7 @@ changepassword.title=पासवर्ड बदलें
 
 # Unlock
 unlock.unlockBtn=अनलॉक करें
+##
 ## Success
 ## Failure
 ### Invalid Mount Point
@@ -94,7 +93,9 @@ preferences.title=प्राथमिकताएं
 preferences.general=सामान्य
 ## Volume
 ## Updates
-## Donation Key
+## Contribution
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 
 # Vault Statistics
@@ -106,6 +107,7 @@ main.closeBtn.tooltip=बंद करें
 main.preferencesBtn.tooltip=प्राथमिकताएं
 ## Drag 'n' Drop
 ## Vault List
+main.vaultlist.contextMenu.lock=लॉक करें
 main.vaultlist.addVaultBtn=वाउल्ट डालें
 ## Vault Detail
 ### Welcome
diff --git a/main/ui/src/main/resources/i18n/strings_hr.properties b/main/ui/src/main/resources/i18n/strings_hr.properties
index 9f2898f25..b16aa1abb 100644
--- a/main/ui/src/main/resources/i18n/strings_hr.properties
+++ b/main/ui/src/main/resources/i18n/strings_hr.properties
@@ -25,6 +25,7 @@
 # Forget Password
 
 # Unlock
+##
 ## Success
 ## Failure
 ### Invalid Mount Point
@@ -44,7 +45,9 @@
 ## General
 ## Volume
 ## Updates
-## Donation Key
+## Contribution
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 
 # Vault Statistics
diff --git a/main/ui/src/main/resources/i18n/strings_hu.properties b/main/ui/src/main/resources/i18n/strings_hu.properties
index 4a6d80c2f..c13f5cc64 100644
--- a/main/ui/src/main/resources/i18n/strings_hu.properties
+++ b/main/ui/src/main/resources/i18n/strings_hu.properties
@@ -43,8 +43,6 @@ addvaultwizard.new.locationLabel=Tárolási hely
 addvaultwizard.new.directoryPickerLabel=Egyedi hely
 addvaultwizard.new.directoryPickerButton=Választás…
 addvaultwizard.new.directoryPickerTitle=Könyvtár kiválasztása
-addvaultwizard.new.fileAlreadyExists=Nem lehet a széfet létrehozni ezen a helyen, mert egy fájl már létezik itt.
-addvaultwizard.new.locationDoesNotExist=Nem lehet a széfet létrehozni ezen a helyen, mert az útvonal legalább egy darabja nem létezik.
 addvaultwizard.new.invalidName=Érvénytelen széf elnevezés. Kérjük vegye figyelembe a szabályos könyvtárelnevezésre vonatkozó szabályokat.
 ### Password
 addvaultwizard.new.createVaultBtn=Új széf létrehozása
@@ -95,8 +93,9 @@ forgetPassword.confirmBtn=Jelszó elfelejtése
 unlock.title=Széf feloldása
 unlock.passwordPrompt=Írja be a jelszavát a következő széfhez "%s":
 unlock.unlockBtn=Feloldás
+##
+unlock.chooseMasterkey.filePickerTitle=Mesterkulcs fájl kiválasztása
 ## Success
-unlock.success.message="%s" sikreresen feloldásra került! Mostmár hozzáférhet a széféhez.
 unlock.success.rememberChoice=Jegyezze meg a választást és ne mutassa többet
 unlock.success.revealBtn=Széf megjelenítése
 ## Failure
@@ -159,11 +158,9 @@ preferences.updates.currentVersion=Jelenlegi verzió: %s
 preferences.updates.autoUpdateCheck=Frissítések autómatikus keresése
 preferences.updates.checkNowBtn=Ellenőrzés most
 preferences.updates.updateAvailable=Frissítés a %s verzióra elérhető.
-## Donation Key
-preferences.donationKey=Adomány
-preferences.donationKey.registeredFor=Regisztrálva %s számára
-preferences.donationKey.noDonationKey=Nem található érvényes adománykulcs. Mint egy licenckulcs, csak olyan nagyszerű emberek számára, akik ingyenes szofvereket használnak. ;-)
-preferences.donationKey.getDonationKey=Adománykulcs beszerzése
+## Contribution
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=Rólunk
 
@@ -207,7 +204,10 @@ main.dropZone.dropVault=Adja hozzá ezt a széfet
 main.dropZone.unknownDragboardContent=Ha egy széfet szeretne hozzáadni, akkor húzza át erre az ablakra.
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=Kattintson ide egy széf hozzáadásához
-main.vaultlist.contextMenu.remove=Széf eltávolítása…
+main.vaultlist.contextMenu.lock=Zárolás
+main.vaultlist.contextMenu.unlock=Feloldás…
+main.vaultlist.contextMenu.unlockNow=Azonnali feloldás
+main.vaultlist.contextMenu.reveal=Széf megjelenítése
 main.vaultlist.addVaultBtn=Széf hozzáadása
 ## Vault Detail
 ### Welcome
diff --git a/main/ui/src/main/resources/i18n/strings_id.properties b/main/ui/src/main/resources/i18n/strings_id.properties
index 96ea796fb..0c014b317 100644
--- a/main/ui/src/main/resources/i18n/strings_id.properties
+++ b/main/ui/src/main/resources/i18n/strings_id.properties
@@ -44,8 +44,9 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=Sesuaikan Lokasi
 addvaultwizard.new.directoryPickerButton=Pilih…
 addvaultwizard.new.directoryPickerTitle=Pilih Folder
-addvaultwizard.new.fileAlreadyExists=Brankas tidak dibuat disini karena beberapa item telah ada disini.
-addvaultwizard.new.locationDoesNotExist=Brankas tidak bisa dibuat disini karena setidaknya satu jalur komponen tidak ada.
+addvaultwizard.new.fileAlreadyExists=Sudah ada file atau direktori dengan nama yang sama
+addvaultwizard.new.locationDoesNotExist=Direktori pada path yang dipilih tidak ada atau tidak dapat diakses
+addvaultwizard.new.locationIsNotWritable=Anda tidak memiliki hak akses untuk menulis pada path yang dipilih
 addvaultwizard.new.invalidName=Nama brankas salah. Harap pilih nama folder yang umum.
 ### Password
 addvaultwizard.new.createVaultBtn=Buat Brankas
@@ -57,6 +58,8 @@ addvault.new.readme.storageLocation.fileName=PENTING.rtf
 addvault.new.readme.storageLocation.1=⚠️  BERKAS BRANKAS  ⚠️
 addvault.new.readme.storageLocation.2=Ini adalah lokasi penyimpanan brankas kamu.
 addvault.new.readme.storageLocation.3=JANGAN
+addvault.new.readme.storageLocation.4=•  mengubah file dalam direktori ini, atau
+addvault.new.readme.storageLocation.5=•  menempelkan file untuk dienkripsi ke dalam direktori ini.
 addvault.new.readme.storageLocation.6=Jika kamu ingin mengenkripsi berkas dan melihat isi brankas, lakukan hal berikut:
 addvault.new.readme.storageLocation.7=1. Tambahkan brankas ini ke Cryptomator.
 addvault.new.readme.storageLocation.8=2. Buka gembok brankas di Cryptomator.
@@ -65,18 +68,34 @@ addvault.new.readme.storageLocation.10=Jika kamu butuh bantuan, kunjungi dokumen
 addvault.new.readme.accessLocation.fileName=SELAMAT_DATANG.rtf
 addvault.new.readme.accessLocation.1=🔐️  ISI TERENKRIPSI  🔐️
 addvault.new.readme.accessLocation.2=Ini adalah lokasi akses brankas kamu.
+addvault.new.readme.accessLocation.3=File yang ditambahkan ke volume ini akan dienkripsi oleh Cryptomator. Anda dapat mempergunakan isi vault seperti dalam folder lain. Saat ini Anda sedang mengakses tampilan versi dekripsi, file Anda selalu terenkripsi di dalam cakram keras Anda.
+addvault.new.readme.accessLocation.4=Anda dapat menghapus file ini.
 ## Existing
+addvaultwizard.existing.instruction=Pilih file "masterkey.cryptomator" dalam vault Anda.
 addvaultwizard.existing.chooseBtn=Pilih…
+addvaultwizard.existing.filePickerTitle=Pilih File Kunci Induk
 ## Success
+addvaultwizard.success.nextStepsInstructions=Vault "%s" telah dibuat.\nAnda harus membuka kunci vault ini untuk mengakses atau menambahkan konten. Anda juga dapat membuka kunci vault ini kapan saja di kemudian hari.
+addvaultwizard.success.unlockNow=Buka Kunci Sekarang
 
 # Remove Vault
+removeVault.title=Hapus Vault
+removeVault.information=Cryptomator hanya akan melupakan vault ini. Anda dapat menambahkan vault ini lagi nantinya. File yang telah dienkripsi tidak akan dihapus dari cakram keras Anda.
+removeVault.confirmBtn=Hapus Vault
 
 # Change Password
+changepassword.title=Ubah Kata Sandi
+changepassword.enterOldPassword=Masukkan kata sandi untuk "%s" saat ini
+changepassword.finalConfirmation=Saya mengerti bahwa saya tidak akan dapat mengakses data saya apabila saya lupa kata sandi saya
 
 # Forget Password
+forgetPassword.title=Lupa Kata Sandi
+forgetPassword.confirmBtn=Lupa Kata Sandi
 
 # Unlock
 unlock.unlockBtn=Buka Gembok
+##
+unlock.chooseMasterkey.filePickerTitle=Pilih File Kunci Induk
 ## Success
 ## Failure
 ### Invalid Mount Point
@@ -89,6 +108,7 @@ unlock.unlockBtn=Buka Gembok
 ## Start
 ## Run
 ## Sucess
+migration.success.unlockNow=Buka Kunci Sekarang
 ## Missing file system capabilities
 ## Impossible
 
@@ -97,7 +117,9 @@ preferences.title=Preferensi
 ## General
 ## Volume
 ## Updates
-## Donation Key
+## Contribution
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 
 # Vault Statistics
@@ -109,10 +131,13 @@ main.closeBtn.tooltip=Tutup
 main.preferencesBtn.tooltip=Preferensi
 ## Drag 'n' Drop
 ## Vault List
+main.vaultlist.contextMenu.lock=Gembok
+main.vaultlist.contextMenu.unlockNow=Buka Kunci Sekarang
 main.vaultlist.addVaultBtn=Tambah Brankas
 ## Vault Detail
 ### Welcome
 ### Locked
+main.vaultDetail.unlockNowBtn=Buka Kunci Sekarang
 ### Unlocked
 main.vaultDetail.lockBtn=Gembok
 ### Missing
@@ -126,6 +151,7 @@ vaultOptions.general.vaultName=Nama Brankas
 ## Mount
 vaultOptions.mount.mountPoint.directoryPickerButton=Pilih…
 ## Master Key
+vaultOptions.masterkey.changePasswordBtn=Ubah Kata Sandi
 
 # Recovery Key
 
diff --git a/main/ui/src/main/resources/i18n/strings_it.properties b/main/ui/src/main/resources/i18n/strings_it.properties
index c11ba1bc3..218089555 100644
--- a/main/ui/src/main/resources/i18n/strings_it.properties
+++ b/main/ui/src/main/resources/i18n/strings_it.properties
@@ -44,8 +44,10 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=Posizione personalizzata
 addvaultwizard.new.directoryPickerButton=Scegli…
 addvaultwizard.new.directoryPickerTitle=Seleziona cartella
-addvaultwizard.new.fileAlreadyExists=La cassaforte non può essere creata in questo percorso perché un oggetto esiste già.
-addvaultwizard.new.locationDoesNotExist=La cassaforte non può essere creata in questo percorso perché almeno un componente di percorso non esiste.
+addvaultwizard.new.fileAlreadyExists=Un file o una cartella con il nome del vault esiste già
+addvaultwizard.new.locationDoesNotExist=Una cartella nel percorso specificato non esiste o non è accessibile
+addvaultwizard.new.locationIsNotWritable=Non c'è accesso in scrittura nel percorso specificato
+addvaultwizard.new.locationIsOk=Posizione adatta per il tuo vault
 addvaultwizard.new.invalidName=Nome della cassaforte non valido. Si prega di considerare un nome di directory regolare.
 ### Password
 addvaultwizard.new.createVaultBtn=Crea Cassaforte
@@ -97,10 +99,12 @@ unlock.title=Sblocca Cassaforte
 unlock.passwordPrompt=Inserisci la password per "%s":
 unlock.savePassword=Ricorda la Password
 unlock.unlockBtn=Sblocca
+##
+unlock.chooseMasterkey.filePickerTitle=Seleziona file Masterkey
 ## Success
-unlock.success.message=Sbloccato "%s" con successo! La tua cassaforte è ora accessibile.
+unlock.success.message="%s" sbloccato con successo! La tua cassaforte è ora accessibile tramite il suo drive virtuale.
 unlock.success.rememberChoice=Ricorda la scelta, non mostrare ancora
-unlock.success.revealBtn=Rivela Cassaforte
+unlock.success.revealBtn=Rivela Drive
 ## Failure
 unlock.error.heading=Impossibile sbloccare la cassaforte
 ### Invalid Mount Point
@@ -150,6 +154,7 @@ preferences.general.theme.light=Chiaro
 preferences.general.theme.dark=Scuro
 preferences.general.unlockThemes=Sblocca modalità scura
 preferences.general.showMinimizeButton=Mostra pulsante riduci a icona
+preferences.general.showTrayIcon=Mostra icona nel tray (richiede riavvio)
 preferences.general.startHidden=Nascondi la finestra all'avvio di Cryptomator
 preferences.general.debugLogging=Abilita i registri di debug
 preferences.general.debugDirectory=Mostra file log
@@ -173,11 +178,14 @@ preferences.updates.currentVersion=Versione attuale %s
 preferences.updates.autoUpdateCheck=Controlla automaticamente la presenza di aggiornamenti
 preferences.updates.checkNowBtn=Controlla adesso
 preferences.updates.updateAvailable=Disponibile aggiornamento alla versione %s.
-## Donation Key
-preferences.donationKey=Donazione
-preferences.donationKey.registeredFor=Registrato per %s
-preferences.donationKey.noDonationKey=Nessuna chiave di donazione valida. È come una chiave di licenza ma per persone fantastiche che usano software gratuito. ;-)
-preferences.donationKey.getDonationKey=Ottieni una chiave di donazione
+## Contribution
+preferences.contribute=Supportaci
+preferences.contribute.registeredFor=Certificato del supporto registrato per %s
+preferences.contribute.noCertificate=Supporta Cryptomator e ricevi un certificato di supporter. È come una chiave di licenza, ma per persone fantastiche che utilizzano software libero. ;-)
+preferences.contribute.getCertificate=Non ne hai già uno? Impara come puoi ottenerlo.
+preferences.contribute.promptText=Incolla qui il codice del certificato di supporter
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=Informazioni
 
@@ -221,7 +229,12 @@ main.dropZone.dropVault=Aggiungi questa cassaforte
 main.dropZone.unknownDragboardContent=Se vuoi aggiungere una cassaforte, trascinala in questa finestra
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=Clicca qui per aggiungere una cassaforte
-main.vaultlist.contextMenu.remove=Rimuovi Cassaforte…
+main.vaultlist.contextMenu.remove=Rimuovi…
+main.vaultlist.contextMenu.lock=Blocca
+main.vaultlist.contextMenu.unlock=Sblocca…
+main.vaultlist.contextMenu.unlockNow=Sblocca Ora
+main.vaultlist.contextMenu.vaultoptions=Mostra Opzioni Cassaforte
+main.vaultlist.contextMenu.reveal=Rivela Drive
 main.vaultlist.addVaultBtn=Aggiungi Cassaforte
 ## Vault Detail
 ### Welcome
diff --git a/main/ui/src/main/resources/i18n/strings_ja.properties b/main/ui/src/main/resources/i18n/strings_ja.properties
index 8f8b8a124..c0c47711b 100644
--- a/main/ui/src/main/resources/i18n/strings_ja.properties
+++ b/main/ui/src/main/resources/i18n/strings_ja.properties
@@ -44,8 +44,10 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=ユーザー設定
 addvaultwizard.new.directoryPickerButton=選択...
 addvaultwizard.new.directoryPickerTitle=ディレクトリを選択
-addvaultwizard.new.fileAlreadyExists=いくつかのオブジェクトが既に存在しているため、このパスに金庫を作成することはできません。
-addvaultwizard.new.locationDoesNotExist=このパスには階層がないため金庫を作成することができません。
+addvaultwizard.new.fileAlreadyExists=金庫名と同じ名前のファイルまたはディレクトリがすでに存在しています
+addvaultwizard.new.locationDoesNotExist=指定されたパスのディレクトリが存在しないかアクセスできません
+addvaultwizard.new.locationIsNotWritable=指定されたパスに書き込み権限がありません
+addvaultwizard.new.locationIsOk=金庫に適した場所
 addvaultwizard.new.invalidName=無効な金庫の名前です。一般的なディレクトリの名前を検討してください。
 ### Password
 addvaultwizard.new.createVaultBtn=金庫を作成
@@ -97,10 +99,12 @@ unlock.title=金庫を解錠
 unlock.passwordPrompt="%s" のパスワードを入力してください:
 unlock.savePassword=パスワードを記憶させる
 unlock.unlockBtn=解錠
+##
+unlock.chooseMasterkey.filePickerTitle=Masterkey ファイルを選択
 ## Success
-unlock.success.message="%s" の解錠に成功しました! 金庫にアクセス可能です。
+unlock.success.message="%s" の解錠に成功しました! 仮想ドライブから金庫にアクセス可能です。
 unlock.success.rememberChoice=選択を記憶させて、再度表示しない
-unlock.success.revealBtn=金庫を表示
+unlock.success.revealBtn=ドライブを表示
 ## Failure
 unlock.error.heading=金庫の解錠に失敗
 ### Invalid Mount Point
@@ -174,11 +178,14 @@ preferences.updates.currentVersion=現在のバージョン: %s
 preferences.updates.autoUpdateCheck=自動的に更新を確認する
 preferences.updates.checkNowBtn=今すぐ確認
 preferences.updates.updateAvailable=利用可能なバージョン %s に更新します。
-## Donation Key
-preferences.donationKey=寄付
-preferences.donationKey.registeredFor=%s で登録されています
-preferences.donationKey.noDonationKey=有効な Donation Key が見つかりませんでした。ライセンスキーに似ていますがフリーソフトを使う寄付者向けのキーです。 ;-)
-preferences.donationKey.getDonationKey=Donation Key を入手する
+## Contribution
+preferences.contribute=サポートする
+preferences.contribute.registeredFor=サポーター証明書が %s に登録されました
+preferences.contribute.noCertificate=Cryptomator を支援し、サポーター証明書を受け取りましょう。ライセンスキーに似ていますがフリーソフトを使う寄付者向けのキーです。 ;-)
+preferences.contribute.getCertificate=まだ証明書を手に入れていませんか? 詳細を確認しましょう。
+preferences.contribute.promptText=サポーター証明書をここに張り付けてください
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=詳細情報
 
@@ -223,7 +230,12 @@ main.dropZone.dropVault=この金庫を追加
 main.dropZone.unknownDragboardContent=このウィンドウにドラッグして、金庫を追加
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=ここをクリックして金庫を追加
-main.vaultlist.contextMenu.remove=金庫を削除...
+main.vaultlist.contextMenu.remove=削除...
+main.vaultlist.contextMenu.lock=施錠
+main.vaultlist.contextMenu.unlock=解錠...
+main.vaultlist.contextMenu.unlockNow=今すぐ解錠
+main.vaultlist.contextMenu.vaultoptions=金庫のオプションを表示
+main.vaultlist.contextMenu.reveal=ドライブを表示
 main.vaultlist.addVaultBtn=金庫を追加
 ## Vault Detail
 ### Welcome
diff --git a/main/ui/src/main/resources/i18n/strings_ko.properties b/main/ui/src/main/resources/i18n/strings_ko.properties
index c5ca492f6..ae8079cd2 100644
--- a/main/ui/src/main/resources/i18n/strings_ko.properties
+++ b/main/ui/src/main/resources/i18n/strings_ko.properties
@@ -44,8 +44,10 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=사용자 지정 위치
 addvaultwizard.new.directoryPickerButton=선택
 addvaultwizard.new.directoryPickerTitle=디렉터리 선택
-addvaultwizard.new.fileAlreadyExists=이미 다른 객체가 존재하고 있어 해당 경로에 Vault를 생성할 수 없습니다.
-addvaultwizard.new.locationDoesNotExist=하나 이상의 경로 구성 요소가 없기 때문에 이 경로에 Vault가 생성 될 수 없습니다.
+addvaultwizard.new.fileAlreadyExists=Vault 내에 이미 존재하는 파일 또는 디렉터리 이름입니다.
+addvaultwizard.new.locationDoesNotExist=지정된 디렉터리가 존재하지 않거나 접근 할 수 없습니다.
+addvaultwizard.new.locationIsNotWritable=지정된 경로에 쓰기 권한이 없습니다.
+addvaultwizard.new.locationIsOk=Vault에 적당한 위치
 addvaultwizard.new.invalidName=유효하지 않은 Vault 이름입니다. 일반적인 디렉터리 이름으로 지정해주십시요.
 ### Password
 addvaultwizard.new.createVaultBtn=Vault 생성
@@ -67,7 +69,7 @@ addvault.new.readme.storageLocation.10=만일 도움이 필요하신 경우, 다
 addvault.new.readme.accessLocation.fileName=WELCOME.rtf
 addvault.new.readme.accessLocation.1=🔐️  암호화 된 볼륨  🔐️
 addvault.new.readme.accessLocation.2=이것은 당신의 Vault 접근 위치입니다.
-addvault.new.readme.accessLocation.3=이 볼륨에 추가된 모든 파일은 Cryptomator로 암호화됩니다. 다른 드라이브/폴더처럼 작업할 수 있습니다. 볼륨의 내용은 복호화 된 것 처럼 보여질 뿐이며, 모든 파일은 항상 암호화되어 하드디스크에 저장됩니다.
+addvault.new.readme.accessLocation.3=이 볼륨에 추가된 모든 파일은 Cryptomator로 암호화됩니다. 다른 드라이브/폴더처럼 작업할 수 있습니다. 볼륨의 내용은 복호화 된 것 처럼 보여지지만, 모든 파일은 항상 암호화되어 하드디스크에 저장됩니다.
 addvault.new.readme.accessLocation.4=이 파일은 지우셔도 무방합니다.
 ## Existing
 addvaultwizard.existing.instruction=기존 Vault 의 "masterkey.cryptomator" 파일을 선택하여 주십시요.
@@ -97,10 +99,12 @@ unlock.title=Vault 잠금해제
 unlock.passwordPrompt="%s"의 비밀번호를 입력하십시요.
 unlock.savePassword=비밀번호 기억
 unlock.unlockBtn=잠금해제
+##
+unlock.chooseMasterkey.filePickerTitle=마스터키 파일 선택
 ## Success
-unlock.success.message="%s"의 잠금해제가 성공적으로 수행되었습니다! 이제 이 Vault의 접근이 가능합니다.
+unlock.success.message="%s"이(가) 성공적으로 잠금해제되었습니다. 이제 이 Vault를 가상드라이브로 접근할 수 있습니다.
 unlock.success.rememberChoice=선택 기억함, 다시 묻지 않음
-unlock.success.revealBtn=Vault 표시
+unlock.success.revealBtn=드라이브 표시
 ## Failure
 unlock.error.heading=Vault 잠금을 해제 할 수 없습니다.
 ### Invalid Mount Point
@@ -174,11 +178,9 @@ preferences.updates.currentVersion=현재 버전: %s
 preferences.updates.autoUpdateCheck=자동으로 업데이트 확인
 preferences.updates.checkNowBtn=지금 확인
 preferences.updates.updateAvailable=버전 %s의 업데이트가 가능합니다.
-## Donation Key
-preferences.donationKey=기부하기
-preferences.donationKey.registeredFor=%s (으)로 등록되어 있습니다.
-preferences.donationKey.noDonationKey=유효한 도네이션(기부) 키를 찾지 못했습니다. 라이센스 키와 비슷하나, 무료 소프트웨어를 사용하는 멋진 사람들을 위한 것입니다. ;-)
-preferences.donationKey.getDonationKey=도네이션(기부) 키 얻기
+## Contribution
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=제품 정보
 
@@ -223,7 +225,12 @@ main.dropZone.dropVault=이 Vault를 추가
 main.dropZone.unknownDragboardContent=Vault를 추가하려면, 이 창에 드래그 하십시요.
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=Vault를 추가하기 위해 이곳을 클릭합니다.
-main.vaultlist.contextMenu.remove=Vault 제거...
+main.vaultlist.contextMenu.remove=제거...
+main.vaultlist.contextMenu.lock=잠금
+main.vaultlist.contextMenu.unlock=잠금해제...
+main.vaultlist.contextMenu.unlockNow=지금 잠금해제
+main.vaultlist.contextMenu.vaultoptions=Vault 옵션 보기
+main.vaultlist.contextMenu.reveal=드라이브 표시
 main.vaultlist.addVaultBtn=Vault 추가
 ## Vault Detail
 ### Welcome
@@ -294,7 +301,7 @@ vaultOptions.masterkey.recoverPasswordBtn=비밀번호 복구
 
 # Recovery Key
 recoveryKey.title=복구 키
-recoveryKey.enterPassword.prompt="%s"의 복구 키를 표시하려면 비밀번호를 입력하여 주십시요.
+recoveryKey.enterPassword.prompt="%s"의 복구 키를 표시하려면 비밀번호를 입력해 주세요.
 recoveryKey.display.message="%s" 데이터 접근을 복원하는데 사용 할 수 있는 복구 키 입니다:
 recoveryKey.display.StorageHints=매우 안전한곳에 보관하십시요. 예시:\n • 비밀번호 관리자를 사용하여 저장\n • USB 플래시 드라이브에 저장\n • 종이에 출력
 recoveryKey.recover.prompt="%s"의 복구키를 입력하십시요:
@@ -302,7 +309,7 @@ recoveryKey.recover.validKey=올바른 복구 키 입니다.
 recoveryKey.printout.heading=Cryptomator 복구 키\n"%s"\n
 
 # New Password
-newPassword.promptText=새 비밀번호를 입력하십시요.
+newPassword.promptText=새 비밀번호를 입력하세요
 newPassword.reenterPassword=새 비밀번호를 확인하여 주십시요.
 newPassword.passwordsMatch=비밀번호가 일치합니다!
 newPassword.passwordsDoNotMatch=비밀번호가 일치하지 않습니다.
diff --git a/main/ui/src/main/resources/i18n/strings_lv.properties b/main/ui/src/main/resources/i18n/strings_lv.properties
index 938ac5833..cf037615a 100644
--- a/main/ui/src/main/resources/i18n/strings_lv.properties
+++ b/main/ui/src/main/resources/i18n/strings_lv.properties
@@ -43,7 +43,6 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=Pielāgota atrašanās vieta
 addvaultwizard.new.directoryPickerButton=Izvēlies...
 addvaultwizard.new.directoryPickerTitle=Izvēlēties mapi
-addvaultwizard.new.fileAlreadyExists=Glabātuvi nevar izveidot šajā ceļā, jo kāds objekts jau pastāv.
 addvaultwizard.new.invalidName=Nederīgs glabātuves nosaukums. Lūdzu izvēlieties vienkāršu mapes nosaukumu.
 ### Password
 addvaultwizard.new.createVaultBtn=Izveidot glabātuvi
@@ -94,9 +93,10 @@ forgetPassword.confirmBtn=Aizmirst paroli
 unlock.title=Atslēgt glabātuvi
 unlock.passwordPrompt=Ievadiet "%s" paroli:
 unlock.unlockBtn=Atslēgt
+##
+unlock.chooseMasterkey.filePickerTitle=Atlasīt galveno atslēgas datni
 ## Success
-unlock.success.message="%s" sekmīgi atslēgts! Jūsu glabātuve tagad ir pieejama.
-unlock.success.revealBtn=Atklāt glabātuvi
+unlock.success.revealBtn=Atklāt disku
 ## Failure
 ### Invalid Mount Point
 
@@ -149,11 +149,9 @@ preferences.updates.currentVersion=Pašreizējā versija: %s
 preferences.updates.autoUpdateCheck=Automātiski pārbaudīt atjauninājumus
 preferences.updates.checkNowBtn=Pārbaudīt tagad
 preferences.updates.updateAvailable=Pieejams atjauninājums uz versiju %s.
-## Donation Key
-preferences.donationKey=Ziedojums
-preferences.donationKey.registeredFor=Reģistrēts uz %s
-preferences.donationKey.noDonationKey=Nav atrasta derīga ziedojuma atslēga. Tā ir kā licences atslēga , bet priekš satriecošiem cilvēkiem, kas izmanto bezmaksas programmatūru. ;-)
-preferences.donationKey.getDonationKey=Iegūt ziedojuma atslēgu
+## Contribution
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=Par lietotni
 
@@ -171,6 +169,9 @@ main.dropZone.dropVault=Pievienot šo glabātuvi
 main.dropZone.unknownDragboardContent=Ja jūs vēlaties pievienot glabātuvi, velciet to uz šo logu
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=Spied šeit, lai pievienotu glabātuvi
+main.vaultlist.contextMenu.lock=Aizslēgt
+main.vaultlist.contextMenu.unlockNow=Atslēgt tagad
+main.vaultlist.contextMenu.reveal=Atklāt disku
 main.vaultlist.addVaultBtn=Pievienot glabātuvi
 ## Vault Detail
 ### Welcome
diff --git a/main/ui/src/main/resources/i18n/strings_nb.properties b/main/ui/src/main/resources/i18n/strings_nb.properties
index 2bda8d0b3..01586e91a 100644
--- a/main/ui/src/main/resources/i18n/strings_nb.properties
+++ b/main/ui/src/main/resources/i18n/strings_nb.properties
@@ -44,8 +44,6 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=Tilpasset lagringssted
 addvaultwizard.new.directoryPickerButton=Velg…
 addvaultwizard.new.directoryPickerTitle=Velg mappe
-addvaultwizard.new.fileAlreadyExists=Hvelvet kan ikke opprettes på denne søkestien fordi et objekt allerede eksisterer.
-addvaultwizard.new.locationDoesNotExist=Hvelvet kan ikke opprettes på denne søkestien fordi minst én søkestikomponent ikke finnes.
 addvaultwizard.new.invalidName=Ugyldig navn på hvelvet. Vennligst vurder et vanlig mappenavn.
 ### Password
 addvaultwizard.new.createVaultBtn=Opprett hvelv
@@ -95,11 +93,13 @@ forgetPassword.confirmBtn=Glem passord
 # Unlock
 unlock.title=Lås opp hvelvet
 unlock.passwordPrompt=Skriv inn passordet for "%s":
+unlock.savePassword=Husk passord
 unlock.unlockBtn=Lås opp
+##
+unlock.chooseMasterkey.filePickerTitle=Velg hovednøkkelfil
 ## Success
-unlock.success.message=Vellykket opplåsning av "%s"! Hvelvet ditt er nå tilgjengelig.
 unlock.success.rememberChoice=Husk valget - ikke vis dette igjen
-unlock.success.revealBtn=Gjør hvelvet synlig
+unlock.success.revealBtn=Gjør enheten synlig
 ## Failure
 unlock.error.heading=Klarer ikke å låse opp hvelvet
 ### Invalid Mount Point
@@ -173,11 +173,9 @@ preferences.updates.currentVersion=Gjeldende versjon: %s
 preferences.updates.autoUpdateCheck=Se etter oppdateringer automatisk
 preferences.updates.checkNowBtn=Sjekk nå
 preferences.updates.updateAvailable=Oppdatering til versjon %s er tilgjengelig.
-## Donation Key
-preferences.donationKey=Donasjon
-preferences.donationKey.registeredFor=Registrert for %s
-preferences.donationKey.noDonationKey=Ingen gyldig donasjonsnøkkel funnet. Det er som en lisensnøkkel, men for fantastiske mennesker som bruker gratis programvare. ;-)
-preferences.donationKey.getDonationKey=Få en donasjonsnøkkel
+## Contribution
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=Om
 
@@ -201,6 +199,7 @@ stats.read.accessCount=Lesninger totalt: %d
 stats.write.throughput.idle=Skrive: inaktiv
 stats.write.throughput.kibs=Skriver: %.2f kiB/s
 stats.write.throughput.mibs=Skriver: %.2f MiB/s
+stats.write.total.data.none=Data skrevet: -
 stats.write.total.data.kib=Data skrevet: %.1f kiB
 stats.write.total.data.mib=Data skrevet: %.1f MiB
 stats.write.total.data.gib=Data skrevet: %.1f GiB
@@ -221,7 +220,10 @@ main.dropZone.dropVault=Legg til dette hvelvet
 main.dropZone.unknownDragboardContent=Hvis du vil legge til et hvelv, kan du dra det til dette vinduet
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=Klikk her for å legge til et hvelv
-main.vaultlist.contextMenu.remove=Fjern hvelvet…
+main.vaultlist.contextMenu.lock=Lås
+main.vaultlist.contextMenu.unlock=Lås opp…
+main.vaultlist.contextMenu.unlockNow=Lås opp nå
+main.vaultlist.contextMenu.reveal=Gjør enheten synlig
 main.vaultlist.addVaultBtn=Legg til hvelv
 ## Vault Detail
 ### Welcome
diff --git a/main/ui/src/main/resources/i18n/strings_nl.properties b/main/ui/src/main/resources/i18n/strings_nl.properties
index d824bfc7b..c473d407e 100644
--- a/main/ui/src/main/resources/i18n/strings_nl.properties
+++ b/main/ui/src/main/resources/i18n/strings_nl.properties
@@ -44,8 +44,6 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=Andere locatie
 addvaultwizard.new.directoryPickerButton=Kies…
 addvaultwizard.new.directoryPickerTitle=Selecteer map
-addvaultwizard.new.fileAlreadyExists=Er kan op deze locatie geen kluis aangemaakt worden, omdat er een bepaald object bestaat.
-addvaultwizard.new.locationDoesNotExist=Er kan geen kluis op dit pad aangemaakt worden omdat ten minste één onderdeel van het pad niet bestaat.
 addvaultwizard.new.invalidName=Ongeldige kluisnaam. Overweeg een standaard mapnaam.
 ### Password
 addvaultwizard.new.createVaultBtn=Kluis aanmaken
@@ -96,10 +94,11 @@ forgetPassword.confirmBtn=Wachtwoord vergeten
 unlock.title=Kluis ontgrendelen
 unlock.passwordPrompt=Voer wachtwoord voor "%s" in:
 unlock.unlockBtn=Ontgrendel
+##
+unlock.chooseMasterkey.filePickerTitle=Selecteer het Masterkey-bestand
 ## Success
-unlock.success.message="%s" is met succes ontgrendeld! Uw kluis is nu toegankelijk.
 unlock.success.rememberChoice=Keuze onthouden en dit niet opnieuw tonen
-unlock.success.revealBtn=Toon kluis
+unlock.success.revealBtn=Toon Schijf
 ## Failure
 unlock.error.heading=Kan kluis niet ontgrendelen
 ### Invalid Mount Point
@@ -173,11 +172,9 @@ preferences.updates.currentVersion=Huidige Versie: "%s"
 preferences.updates.autoUpdateCheck=Automatisch controleren op updates
 preferences.updates.checkNowBtn=Controleer nu
 preferences.updates.updateAvailable=Update naar versie "%s" beschikbaar.
-## Donation Key
-preferences.donationKey=Donatie
-preferences.donationKey.registeredFor=Geregistreerd voor %s
-preferences.donationKey.noDonationKey=Geen geldige donatiesleutel gevonden. Het is als een licentiesleutel, maar dan voor geweldige mensen die gratis software gebruiken. ;-)
-preferences.donationKey.getDonationKey=Verkrijg een donatiesleutel
+## Contribution
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=Over
 
@@ -221,7 +218,10 @@ main.dropZone.dropVault=Voeg deze kluis toe
 main.dropZone.unknownDragboardContent=Als u een kluis wilt toevoegen, sleep deze dan naar dit venster
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=Klik hier om een kluis toe te voegen
-main.vaultlist.contextMenu.remove=Verwijder Kluis…
+main.vaultlist.contextMenu.lock=Vergrendel
+main.vaultlist.contextMenu.unlock=Ontgrendelen…
+main.vaultlist.contextMenu.unlockNow=Nu Ontgrendelen
+main.vaultlist.contextMenu.reveal=Toon Schijf
 main.vaultlist.addVaultBtn=Kluis toevoegen
 ## Vault Detail
 ### Welcome
diff --git a/main/ui/src/main/resources/i18n/strings_nn.properties b/main/ui/src/main/resources/i18n/strings_nn.properties
index 7d291d646..6529afaf4 100644
--- a/main/ui/src/main/resources/i18n/strings_nn.properties
+++ b/main/ui/src/main/resources/i18n/strings_nn.properties
@@ -43,8 +43,6 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=Tilpassa lagringsstad
 addvaultwizard.new.directoryPickerButton=Vel…
 addvaultwizard.new.directoryPickerTitle=Vel mappe
-addvaultwizard.new.fileAlreadyExists=Kvelven kan ikkje opprettast på denne søkestien fordi eit objekt allereie eksisterer her.
-addvaultwizard.new.locationDoesNotExist=Kvelven kan ikkje opprettast på denne søkjestien fordi minst éin søkjestikomponent ikkje finst.
 addvaultwizard.new.invalidName=Ugyldig namn på kvelven. Ver vennleg og vurder eit vanleg mappenamn.
 ### Password
 addvaultwizard.new.createVaultBtn=Opprett kvelven
@@ -95,10 +93,11 @@ forgetPassword.confirmBtn=Gløym passord
 unlock.title=Lås opp kvelven
 unlock.passwordPrompt=Skriv inn passordet for "%s":
 unlock.unlockBtn=Låse opp
+##
+unlock.chooseMasterkey.filePickerTitle=Vel hovudnøkkelfil
 ## Success
-unlock.success.message=Vellykka opplåsning av "%s"! Kvelven din er no tilgjengeleg.
 unlock.success.rememberChoice=Hugs valet - ikkje vis dette igjen
-unlock.success.revealBtn=Gjer kvelven synleg
+unlock.success.revealBtn=Gjer eininga synleg
 ## Failure
 ### Invalid Mount Point
 
@@ -156,11 +155,9 @@ preferences.updates.currentVersion=Gjeldande versjon: %s
 preferences.updates.autoUpdateCheck=Sjå etter oppdateringar automatisk
 preferences.updates.checkNowBtn=Sjekk no
 preferences.updates.updateAvailable=Oppdatering til versjon %s er tilgjengeleg.
-## Donation Key
-preferences.donationKey=Donasjon
-preferences.donationKey.registeredFor=Registrert for %s
-preferences.donationKey.noDonationKey=Ingen gyldig donasjonsnøkkel funne. Det er som ein lisensnøkkel, men for fantastiske menneske som bruker gratis programvare. ;-)
-preferences.donationKey.getDonationKey=Få ein donasjonsnøkkel
+## Contribution
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=Om
 
@@ -178,6 +175,10 @@ main.dropZone.dropVault=Legg til denne kvelven
 main.dropZone.unknownDragboardContent=Viss du vil legga til ein kvelv, kan du dra det til dette vindauget
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=Klikk her for å legga til ein kvelv
+main.vaultlist.contextMenu.lock=Lås
+main.vaultlist.contextMenu.unlock=Lås opp…
+main.vaultlist.contextMenu.unlockNow=Lås opp no
+main.vaultlist.contextMenu.reveal=Gjer eininga synleg
 main.vaultlist.addVaultBtn=Legg til kvelv
 ## Vault Detail
 ### Welcome
diff --git a/main/ui/src/main/resources/i18n/strings_pa.properties b/main/ui/src/main/resources/i18n/strings_pa.properties
index 33660d71e..d0e49ebf8 100644
--- a/main/ui/src/main/resources/i18n/strings_pa.properties
+++ b/main/ui/src/main/resources/i18n/strings_pa.properties
@@ -44,8 +44,6 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=ਪਸੰਦੀਦਾ ਟਿਕਾਣਾ
 addvaultwizard.new.directoryPickerButton=…ਚੁਣੋ
 addvaultwizard.new.directoryPickerTitle=ਡਾਇਰੈਕਟਰੀ ਚੁਣੋ
-addvaultwizard.new.fileAlreadyExists=ਇਸ ਮਾਰਗ ਉੱਤੇ ਵਾਲਟ ਨਹੀਂ ਬਣਾਇਆ ਜਾ ਸਕਦਾ ਹੈ, ਕਿਉਂਕਿ ਕੁਝ ਚੀਜ਼ਾਂ ਪਹਿਲਾਂ ਹੀ ਮੌਜੂਦ ਹਨ।
-addvaultwizard.new.locationDoesNotExist=ਇਸ ਮਾਰਗ ਉੱਤੇ ਵਾਲੇਟ ਨਹੀਂ ਬਣਾਇਆ ਜਾ ਸਕਦਾ, ਕਿਉਂਕਿ ਮਾਰਗ ਦਾ ਇੱਕ ਭਾਗ ਮੌਜੂਦ ਨਹੀਂ ਹੈ।
 addvaultwizard.new.invalidName=ਵਾਲਟ ਦਾ ਨਾਂ ਗਲਤ ਹੈ। ਨਿਯਮਤ ਡਾਇਰੈਕਟਰੀ ਨਾਂ ਦੇਣ ਬਾਰੇ ਵਿਚਾਰੋ।
 ### Password
 addvaultwizard.new.createVaultBtn=ਵਾਲਟ ਬਣਾਓ
@@ -95,11 +93,13 @@ forgetPassword.confirmBtn=ਪਾਸਵਰਡ ਭੁੱਲ ਗਏ
 # Unlock
 unlock.title=ਵਾਲਟ ਅਣ-ਲਾਕ ਕਰੋ
 unlock.passwordPrompt="%s" ਲਈ ਪਾਸਵਰਡ ਦਿਓ:
+unlock.savePassword=ਪਾਸਵਰਡ ਯਾਦ ਰੱਖੋ
 unlock.unlockBtn=ਅਣ-ਲਾਕ ਕਰੋ
+##
+unlock.chooseMasterkey.filePickerTitle=ਮਾਸਟਰ-ਕੁੰਜੀ ਫਾਇਲ ਚੁਣੋ
 ## Success
-unlock.success.message="%s" ਕਾਮਯਾਬੀ ਨਾਲ ਅਣ-ਲਾਕ ਕੀਤਾ! ਤੁਹਾਡਾ ਵਾਲਟ ਹੁਣ ਵਰਤਿਆ ਜਾ ਸਕਦਾ ਹੈ।
 unlock.success.rememberChoice=ਚੋਣਾਂ ਯਾਦ ਰੱਖੋ, ਇਹ ਮੁੜ ਕੇ ਨਾ ਵੇਖਾਓ
-unlock.success.revealBtn=ਵਾਲਟ ਦਿਖਾਓ
+unlock.success.revealBtn=ਡਰਾਇਵ ਦਿਖਾਓ
 ## Failure
 unlock.error.heading=ਵਾਲਟ ਅਣ-ਲਾਕ ਕਰਨ ਲਈ ਅਸਮਰੱਥ
 ### Invalid Mount Point
@@ -173,11 +173,9 @@ preferences.updates.currentVersion=ਮੌਜੂਦਾ ਵਰਜ਼ਨ: %s
 preferences.updates.autoUpdateCheck=ਅੱਪਡੇਟ ਲਈ ਆਪਣੇ-ਆਪ ਜਾਂਚ ਕਰੋ
 preferences.updates.checkNowBtn=ਹੁਣੇ ਜਾਂਚ ਕਰੋ
 preferences.updates.updateAvailable=ਉਪਲੱਬਧ %s ਵਰਜ਼ਨ ਲਈ ਅੱਪਡੇਟ ਕਰੋ।
-## Donation Key
-preferences.donationKey=ਦਾਨ ਦਿਓ
-preferences.donationKey.registeredFor=%s ਲਈ ਰਜਿਸਟਰ ਕਰੋ
-preferences.donationKey.noDonationKey=ਕੋਈ ਵਾਜਬ ਦਾਨ ਕੁੰਜੀ ਨਹੀਂ ਲੱਭੀ ਹੈ। ਇਹ ਲਸੰਸ ਕੁੰਜੀ ਵਾਂਗ ਹੀ ਹੈ, ਪਰ ਮੁਫ਼ਤ ਸਾਫਟਵੇਅਰ ਵਰਤਣ ਵਾਲੇ ਬੇਮਿਸਾਲ ਲੋਕਾਂ ਲਈ। ;-)
-preferences.donationKey.getDonationKey=ਦਾਨ ਕੁੰਜੀ ਦਿਓ
+## Contribution
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=ਇਸ ਬਾਰੇ
 
@@ -201,6 +199,7 @@ stats.read.accessCount=ਕੁੱਲ ਪੜ੍ਹੇ: %d
 stats.write.throughput.idle=ਲਿਖੇ: ਵੇਹਲ
 stats.write.throughput.kibs=ਲਿਖੇ: %.2f kiB/s
 stats.write.throughput.mibs=ਲਿਖੇ: %.2f MiB/s
+stats.write.total.data.none=ਲਿਖਿਆ ਡਾਟਾ: -
 stats.write.total.data.kib=ਡਾਟਾ ਲਿਖਿਆ: %.1f kiB
 stats.write.total.data.mib=ਡਾਟਾ ਲਿਖਿਆ: %.1f MiB
 stats.write.total.data.gib=ਡਾਟਾ ਲਿਖਿਆ: %.1f GiB
@@ -221,7 +220,10 @@ main.dropZone.dropVault=ਇਹ ਵਾਲਟ ਜੋੜੋ
 main.dropZone.unknownDragboardContent=ਜੇ ਤੁਸੀਂ ਵਾਲਟ ਜੋੜਨਾ ਚਾਹੁੰਦੇ ਹੋ ਤਾਂ ਇਸ ਨੂੰ ਬੰਦ ਵਿੰਡੋ ਉੱਤੇ ਖਿੱਚੋ
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=ਵਾਲਟ ਜੋੜਨ ਲਈ ਇੱਥੇ ਕਲਿੱਕ ਕਰੋ
-main.vaultlist.contextMenu.remove=…ਵਾਲਟ ਹਟਾਓ
+main.vaultlist.contextMenu.lock=ਲਾਕ ਕਰੋ
+main.vaultlist.contextMenu.unlock=ਅਣ-ਲਾਕ ਕਰੋ…
+main.vaultlist.contextMenu.unlockNow=ਹੁਣੇ ਅਣ-ਲਾਕ ਕਰੋ
+main.vaultlist.contextMenu.reveal=ਡਰਾਇਵ ਦਿਖਾਓ
 main.vaultlist.addVaultBtn=ਵਾਲਟ ਜੋੜੋ
 ## Vault Detail
 ### Welcome
diff --git a/main/ui/src/main/resources/i18n/strings_pl.properties b/main/ui/src/main/resources/i18n/strings_pl.properties
index f3c18adfe..36a724039 100644
--- a/main/ui/src/main/resources/i18n/strings_pl.properties
+++ b/main/ui/src/main/resources/i18n/strings_pl.properties
@@ -44,8 +44,10 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=Własna lokalizacja
 addvaultwizard.new.directoryPickerButton=Wybierz…
 addvaultwizard.new.directoryPickerTitle=Wybierz katalog
-addvaultwizard.new.fileAlreadyExists=Sejf nie może być utworzony w tym miejscu, ponieważ jakiś obiekt już istnieje.
-addvaultwizard.new.locationDoesNotExist=Sejf nie może być utworzony w tej ścieżce, ponieważ co najmniej jeden katalog nie istnieje.
+addvaultwizard.new.fileAlreadyExists=Plik lub katalog z nazwą sejfu już istnieje
+addvaultwizard.new.locationDoesNotExist=Katalog w określonej ścieżce nie istnieje lub nie można uzyskać dostępu
+addvaultwizard.new.locationIsNotWritable=Brak możliwości zapisu w określonej ścieżce
+addvaultwizard.new.locationIsOk=Odpowiednia lokalizacja dla Twojego sejfu
 addvaultwizard.new.invalidName=Nieprawidłowa nazwa sejfu. Proszę spróbować prawidłową nazwę dla katalogu.
 ### Password
 addvaultwizard.new.createVaultBtn=Utwórz sejf
@@ -97,10 +99,12 @@ unlock.title=Odblokuj sejf
 unlock.passwordPrompt=Wprowadź hasło dla "%s":
 unlock.savePassword=Zapamiętaj hasło
 unlock.unlockBtn=Odblokuj
+##
+unlock.chooseMasterkey.filePickerTitle=Wybierz plik Masterkey
 ## Success
-unlock.success.message="%s" został odblokowany! Twój sejf jest teraz dostępny.
+unlock.success.message=Odblokowano "%s" pomyślnie! Twój sejf jest teraz dostępny za pomocą dysku wirtualnego.
 unlock.success.rememberChoice=Zapamiętaj wybór, nie pokazuj tego ponownie
-unlock.success.revealBtn=Otwórz sejf
+unlock.success.revealBtn=Pokaż Dysk
 ## Failure
 unlock.error.heading=Nie można odblokować sejfu
 ### Invalid Mount Point
@@ -174,11 +178,14 @@ preferences.updates.currentVersion=Obecna wersja: %s
 preferences.updates.autoUpdateCheck=Automatycznie sprawdzaj aktualizacje
 preferences.updates.checkNowBtn=Sprawdź teraz
 preferences.updates.updateAvailable=Dostępna jest aktualizacja do wersji %s.
-## Donation Key
-preferences.donationKey=Dotacja
-preferences.donationKey.registeredFor=Zarejestrowano dla %s
-preferences.donationKey.noDonationKey=Nie znaleziono aktualnego klucza donacji. To taki klucz licencyjny, ale dla niesamowitych ludzi używających darmowego softu. ;-)
-preferences.donationKey.getDonationKey=Zdobądź klucz donacji
+## Contribution
+preferences.contribute=Wesprzyj nas
+preferences.contribute.registeredFor=Certyfikat darczyńcy zarejestrowany dla %s
+preferences.contribute.noCertificate=Wspomóż Cryptomator i otrzymaj certyfikat darczyńcy. Jest on jak klucz licencyjny, ale dla niesamowitych ludzi korzystających z darmowego oprogramowania. ;-)
+preferences.contribute.getCertificate=Nie masz jeszcze? Dowiedz się, jak możesz to uzyskać.
+preferences.contribute.promptText=Wklej tutaj kod certyfikatu darczyńcy
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=O programie
 
@@ -223,7 +230,12 @@ main.dropZone.dropVault=Dodaj ten sejf
 main.dropZone.unknownDragboardContent=Jeśli chcesz dodać sejf, przeciągnij go do tego okna
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=Kliknij tutaj, aby dodać sejf
-main.vaultlist.contextMenu.remove=Usuń sejf…
+main.vaultlist.contextMenu.remove=Usuń…
+main.vaultlist.contextMenu.lock=Zablokuj
+main.vaultlist.contextMenu.unlock=Odblokuj…
+main.vaultlist.contextMenu.unlockNow=Odblokuj teraz
+main.vaultlist.contextMenu.vaultoptions=Pokaż opcje sejfu
+main.vaultlist.contextMenu.reveal=Otwórz lokalizację
 main.vaultlist.addVaultBtn=Dodaj sejf
 ## Vault Detail
 ### Welcome
diff --git a/main/ui/src/main/resources/i18n/strings_pt.properties b/main/ui/src/main/resources/i18n/strings_pt.properties
index 4f1ad61f4..540a4763b 100644
--- a/main/ui/src/main/resources/i18n/strings_pt.properties
+++ b/main/ui/src/main/resources/i18n/strings_pt.properties
@@ -17,6 +17,7 @@ generic.error.title=Ocorreu um erro inesperado
 generic.error.instruction=Isto não devia ter acontecido. Por favor reporte o texto do erro abaixo e descreva os passos que levaram a este problema.
 
 # Defaults
+defaults.vault.vaultName=Cofre
 
 # Tray Menu
 traymenu.showMainWindow=Mostrar
@@ -43,8 +44,7 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=Outro Local
 addvaultwizard.new.directoryPickerButton=Escolher…
 addvaultwizard.new.directoryPickerTitle=Selecionar diretório
-addvaultwizard.new.fileAlreadyExists=O cofre não pode ser criado neste diretório porque algum objeto já existe.
-addvaultwizard.new.locationDoesNotExist=O cofre não pode ser criado neste diretório porque pelo menos um componente de diretório não existe.
+addvaultwizard.new.fileAlreadyExists=Aviso: Já existe um Ficheiro ou Diretório com o mesmo nome
 addvaultwizard.new.invalidName=Nome de cofre inválido. Por favor considere um nome de diretório regular.
 ### Password
 addvaultwizard.new.createVaultBtn=Criar Cofre
@@ -87,15 +87,16 @@ forgetPassword.confirmBtn=Esqueci a Senha
 unlock.title=Destrancar Cofre
 unlock.passwordPrompt=Insira a senha para "%s":
 unlock.unlockBtn=Destrancar
+##
+unlock.chooseMasterkey.filePickerTitle=Selecionar ficheiro MasterKey
 ## Success
-unlock.success.message=Desbloqueado "%s" com sucesso! O seu cofre está agora acessível.
 unlock.success.rememberChoice=Lembrar escolha, não mostrar isto novamente
-unlock.success.revealBtn=Revelar Cofre
 ## Failure
 ### Invalid Mount Point
 
 # Lock
 ## Force
+lock.forced.confirmBtn=Forçar Bloqueio
 ## Failure
 
 # Migration
@@ -122,11 +123,9 @@ preferences.updates.currentVersion=Versão atual: %s
 preferences.updates.autoUpdateCheck=Verificar automaticamente por atualizações
 preferences.updates.checkNowBtn=Verificar Agora
 preferences.updates.updateAvailable=Atualização para a versão %s disponível.
-## Donation Key
-preferences.donationKey=Doação
-preferences.donationKey.registeredFor=Registado para %s
-preferences.donationKey.noDonationKey=Não foi encontrada uma chave de doação válida. É como uma chave de licença, mas para pessoas incríveis que usam software livre. ;-)
-preferences.donationKey.getDonationKey=Obter chave de doação
+## Contribution
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=Sobre
 
@@ -140,6 +139,8 @@ main.minimizeBtn.tooltip=Minimizar
 main.preferencesBtn.tooltip=Preferências
 ## Drag 'n' Drop
 ## Vault List
+main.vaultlist.contextMenu.lock=Trancar
+main.vaultlist.contextMenu.unlockNow=Destrancar agora
 main.vaultlist.addVaultBtn=Adicionar Cofre
 ## Vault Detail
 ### Welcome
@@ -185,5 +186,8 @@ vaultOptions.masterkey.recoverPasswordBtn=Recuperar Senha
 recoveryKey.title=Chave de Recuperação
 
 # New Password
+passwordStrength.messageLabel.3=Forte
+passwordStrength.messageLabel.4=Muito forte
 
 # Quit
+quit.lockAndQuit=Bloquear e Sair
diff --git a/main/ui/src/main/resources/i18n/strings_pt_BR.properties b/main/ui/src/main/resources/i18n/strings_pt_BR.properties
index 6323b2cb6..73f53502f 100644
--- a/main/ui/src/main/resources/i18n/strings_pt_BR.properties
+++ b/main/ui/src/main/resources/i18n/strings_pt_BR.properties
@@ -44,8 +44,10 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=Local Personalizado
 addvaultwizard.new.directoryPickerButton=Escolher…
 addvaultwizard.new.directoryPickerTitle=Selecionar Diretório
-addvaultwizard.new.fileAlreadyExists=O cofre não pode ser criado neste local porque algum objeto já existe.
-addvaultwizard.new.locationDoesNotExist=O cofre não pode ser criado neste caminho porque pelo menos um componente do caminho não existe.
+addvaultwizard.new.fileAlreadyExists=Um arquivo ou diretório com o nome do cofre já existe
+addvaultwizard.new.locationDoesNotExist=Um diretório no caminho especificado não existe ou não pode ser acessado
+addvaultwizard.new.locationIsNotWritable=Sem acesso de escrita no caminho especificado
+addvaultwizard.new.locationIsOk=Localização adequada para o seu cofre
 addvaultwizard.new.invalidName=Nome de cofre inválido. Por favor considere usar um nome de diretório comum.
 ### Password
 addvaultwizard.new.createVaultBtn=Criar Cofre
@@ -97,10 +99,12 @@ unlock.title=Desbloquear Cofre
 unlock.passwordPrompt=Digite a senha para "%s":
 unlock.savePassword=Lembrar Senha
 unlock.unlockBtn=Desbloquear
+##
+unlock.chooseMasterkey.filePickerTitle=Selecionar Arquivo Masterkey
 ## Success
-unlock.success.message="%s" foi desbloqueado com sucesso! Seu cofre agora está acessível.
+unlock.success.message="%s" desbloqueado com êxito! Seu cofre agora está acessível na unidade virtual.
 unlock.success.rememberChoice=Lembrar opção escolhida, não mostrar isto novamente
-unlock.success.revealBtn=Revelar Cofre
+unlock.success.revealBtn=Revelar Volume
 ## Failure
 unlock.error.heading=Não foi possível desbloquear o cofre
 ### Invalid Mount Point
@@ -174,11 +178,14 @@ preferences.updates.currentVersion=Versão atual: %s
 preferences.updates.autoUpdateCheck=Buscar atualizações automaticamente
 preferences.updates.checkNowBtn=Buscar Agora
 preferences.updates.updateAvailable=Atualizar para versão %s disponível.
-## Donation Key
-preferences.donationKey=Doação
-preferences.donationKey.registeredFor=Registrado para %s
-preferences.donationKey.noDonationKey=Nenhuma chave de doação válida encontrada. É como uma chave de licença, mas para pessoas incríveis usando software gratuito. ;-)
-preferences.donationKey.getDonationKey=Obtenha uma chave de doação
+## Contribution
+preferences.contribute=Nos Apoie
+preferences.contribute.registeredFor=Certificado de apoiador registrado para %s
+preferences.contribute.noCertificate=Apoie o Cryptomator e receba um certificado de apoiador. Ele é uma chave de licença mas é para pessoas maravilhosas que usam software livre. ;-)
+preferences.contribute.getCertificate=Não tem um ainda? Saiba como obtê-lo.
+preferences.contribute.promptText=Cole o código do certificado de apoiador aqui
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=Sobre
 
@@ -202,6 +209,7 @@ stats.read.accessCount=Total de leituras: %d
 stats.write.throughput.idle=Escrita: ociosa
 stats.write.throughput.kibs=Escrita: %.2f kiB/s
 stats.write.throughput.mibs=Escrita: %.2f MiB/s
+stats.write.total.data.none=Dados gravados: -
 stats.write.total.data.kib=Dados gravados: %.1f kiB
 stats.write.total.data.mib=Dados gravados: %.1f MiB
 stats.write.total.data.gib=Dados gravados: %.1f GiB
@@ -222,7 +230,12 @@ main.dropZone.dropVault=Adicionar este cofre
 main.dropZone.unknownDragboardContent=Se você quer adicionar um cofre, arraste-o para esta janela
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=Clique aqui para adicionar um cofre
-main.vaultlist.contextMenu.remove=Remover Cofre…
+main.vaultlist.contextMenu.remove=Remover…
+main.vaultlist.contextMenu.lock=Bloquear
+main.vaultlist.contextMenu.unlock=Desbloquear…
+main.vaultlist.contextMenu.unlockNow=Desbloquear Agora
+main.vaultlist.contextMenu.vaultoptions=Exibir Opções de Cofre
+main.vaultlist.contextMenu.reveal=Revelar Volume
 main.vaultlist.addVaultBtn=Adicionar Cofre
 ## Vault Detail
 ### Welcome
diff --git a/main/ui/src/main/resources/i18n/strings_ro.properties b/main/ui/src/main/resources/i18n/strings_ro.properties
index 9f2898f25..b16aa1abb 100644
--- a/main/ui/src/main/resources/i18n/strings_ro.properties
+++ b/main/ui/src/main/resources/i18n/strings_ro.properties
@@ -25,6 +25,7 @@
 # Forget Password
 
 # Unlock
+##
 ## Success
 ## Failure
 ### Invalid Mount Point
@@ -44,7 +45,9 @@
 ## General
 ## Volume
 ## Updates
-## Donation Key
+## Contribution
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 
 # Vault Statistics
diff --git a/main/ui/src/main/resources/i18n/strings_ru.properties b/main/ui/src/main/resources/i18n/strings_ru.properties
index ba7b08e0d..cde140232 100644
--- a/main/ui/src/main/resources/i18n/strings_ru.properties
+++ b/main/ui/src/main/resources/i18n/strings_ru.properties
@@ -11,7 +11,7 @@ generic.button.copy=Скопировать
 generic.button.copied=Скопировано!
 generic.button.done=Готово
 generic.button.next=Далее
-generic.button.print=Распечатать
+generic.button.print=Печать
 ## Error
 generic.error.title=Неизвестная ошибка
 generic.error.instruction=Этого не должно было произойти. Создайте отчёт об ошибке ниже и опишите, какие шаги к ней привели.
@@ -44,8 +44,10 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=Своё место
 addvaultwizard.new.directoryPickerButton=Выбрать…
 addvaultwizard.new.directoryPickerTitle=Выберите папку
-addvaultwizard.new.fileAlreadyExists=Хранилище не может быть создано по этому пути, потому что некоторые объекты уже существуют.
-addvaultwizard.new.locationDoesNotExist=Хранилище не может быть создано по этому пути, потому что по крайней мере один компонент пути не существует.
+addvaultwizard.new.fileAlreadyExists=Файл или папка с именем хранилища уже существует
+addvaultwizard.new.locationDoesNotExist=Папка с указанным адресом не существует или недоступна
+addvaultwizard.new.locationIsNotWritable=Указанный адрес - только для чтения
+addvaultwizard.new.locationIsOk=Подходящее расположение для вашего хранилища
 addvaultwizard.new.invalidName=Неверное имя хранилища. Укажите корректное имя папки.
 ### Password
 addvaultwizard.new.createVaultBtn=Создать хранилище
@@ -57,8 +59,8 @@ addvault.new.readme.storageLocation.fileName=ВАЖНО.rtf
 addvault.new.readme.storageLocation.1=⚠️  ФАЙЛЫ ХРАНИЛИЩА  ⚠️
 addvault.new.readme.storageLocation.2=Это место, где находится ваше хранилище.
 addvault.new.readme.storageLocation.3=НЕЛЬЗЯ
-addvault.new.readme.storageLocation.4=•  изменять любые файлы в этой папке или
-addvault.new.readme.storageLocation.5=• добавляйте в эту папку любые файлы для шифрования.
+addvault.new.readme.storageLocation.4=•  изменять любые файлы в этой папке
+addvault.new.readme.storageLocation.5=• добавлять в эту папку любые файлы для шифрования
 addvault.new.readme.storageLocation.6=Чтобы зашифровать файлы и просмотреть содержимое хранилища, сделайте следующее:
 addvault.new.readme.storageLocation.7=1. Добавьте это хранилище в Cryptomator.
 addvault.new.readme.storageLocation.8=2. Разблокируйте хранилище в Cryptomator.
@@ -97,14 +99,16 @@ unlock.title=Разблокировать хранилище
 unlock.passwordPrompt=Введите пароль для "%s"
 unlock.savePassword=Запомнить пароль
 unlock.unlockBtn=Разблокировать
+##
+unlock.chooseMasterkey.filePickerTitle=Выберите файл MasterKey
 ## Success
-unlock.success.message=Разблокировка "%s" успешно выполнена! Доступ в хранилище открыт.
+unlock.success.message=Разблокировка "%s" успешно выполнена! Доступ в хранилище открыт через его виртуальный диск.
 unlock.success.rememberChoice=Запомнить выбор и больше не спрашивать
-unlock.success.revealBtn=Показать хранилище
+unlock.success.revealBtn=Показать диск
 ## Failure
-unlock.error.heading=Не удалось разблокировать хранилище
+unlock.error.heading=Невозможно разблокировать хранилище
 ### Invalid Mount Point
-unlock.error.invalidMountPoint.notExisting=Точка монтирования "%s" не является пустой папкой или не существует.
+unlock.error.invalidMountPoint.notExisting=Точка монтирования %s - не папка, не пуста или не существует.
 unlock.error.invalidMountPoint.existing=Точка монтирования %s уже существует, либо отсутствует родительская папка.
 
 # Lock
@@ -144,7 +148,7 @@ migration.impossible.moreInfo=Хранилище по-прежнему можн
 preferences.title=Настройки
 ## General
 preferences.general=Общие
-preferences.general.theme=Оформление
+preferences.general.theme=Тема
 preferences.general.theme.automatic=Автоматически
 preferences.general.theme.light=Светлая
 preferences.general.theme.dark=Тёмная
@@ -155,7 +159,7 @@ preferences.general.startHidden=Скрывать окно при запуске
 preferences.general.debugLogging=Вести журнал отладки
 preferences.general.debugDirectory=Показать файлы журнала
 preferences.general.autoStart=Запускать Cryptomator при старте системы
-preferences.general.keychainBackend=Хранить пароли в
+preferences.general.keychainBackend=Хранение паролей
 preferences.general.keychainBackend.org.cryptomator.linux.keychain.SecretServiceKeychainAccess=Связка ключей Gnome
 preferences.general.keychainBackend.org.cryptomator.linux.keychain.KDEWalletKeychainAccess=Хранилище ключей KDE
 preferences.general.keychainBackend.org.cryptomator.macos.keychain.MacSystemKeychainAccess=Доступ к связке ключей macOS
@@ -174,11 +178,14 @@ preferences.updates.currentVersion=Текущая версия: %s
 preferences.updates.autoUpdateCheck=Автоматически проверять наличие обновлений
 preferences.updates.checkNowBtn=Проверить
 preferences.updates.updateAvailable=Доступно обновление до версии %s.
-## Donation Key
-preferences.donationKey=Пожертвование
-preferences.donationKey.registeredFor=Зарегистрировано: %s
-preferences.donationKey.noDonationKey=Не найден ключ пожертвования. Этот ключ похож на лицензионный, но для тех, кто использует бесплатное ПО. ;-)
-preferences.donationKey.getDonationKey=Получить ключ пожертвования
+## Contribution
+preferences.contribute=Поддержите нас
+preferences.contribute.registeredFor=Сертификат мецената зарегистрирован на имя %s
+preferences.contribute.noCertificate=Поддержите Cryptomator и получите сертификат мецената. Он действует как лицензионный ключ, но для тех, кто пользуется бесплатным ПО. ;-)
+preferences.contribute.getCertificate=Ещё нет сертификата? Узнайте, как его получить.
+preferences.contribute.promptText=Вставьте сюда код сертификата мецената
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=О программе
 
@@ -223,14 +230,19 @@ main.dropZone.dropVault=Добавить это хранилище
 main.dropZone.unknownDragboardContent=Если вы хотите добавить хранилище, перетащите его в это окно
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=Нажмите здесь, чтобы добавить хранилище
-main.vaultlist.contextMenu.remove=Удалить хранилище…
+main.vaultlist.contextMenu.remove=Удалить…
+main.vaultlist.contextMenu.lock=Заблокировать
+main.vaultlist.contextMenu.unlock=Разблокировать…
+main.vaultlist.contextMenu.unlockNow=Разблокировать
+main.vaultlist.contextMenu.vaultoptions=Параметры хранилища
+main.vaultlist.contextMenu.reveal=Показать диск
 main.vaultlist.addVaultBtn=Добавить хранилище
 ## Vault Detail
 ### Welcome
 main.vaultDetail.welcomeOnboarding=Благодарим за выбор Cryptomator для защиты ваших файлов. Если требуется помощь, ознакомьтесь с документацией по началу работы:
 ### Locked
 main.vaultDetail.lockedStatus=ЗАБЛОКИРОВАНО
-main.vaultDetail.unlockBtn=Разблокировка…
+main.vaultDetail.unlockBtn=Разблокировать…
 main.vaultDetail.unlockNowBtn=Разблокировать
 main.vaultDetail.optionsBtn=Параметры хранилища
 main.vaultDetail.passwordSavedInKeychain=Пароль сохранён
@@ -279,7 +291,7 @@ vaultOptions.mount.readonly=Только чтение
 vaultOptions.mount.customMountFlags=Свои флаги монтирования
 vaultOptions.mount.winDriveLetterOccupied=занято
 vaultOptions.mount.mountPoint=Точка монтирования
-vaultOptions.mount.mountPoint.auto=Автоматически выбрать подходящее расположение
+vaultOptions.mount.mountPoint.auto=Автоматически выбирать подходящее расположение
 vaultOptions.mount.mountPoint.driveLetter=Использовать назначенную букву диска
 vaultOptions.mount.mountPoint.custom=Свой путь
 vaultOptions.mount.mountPoint.directoryPickerButton=Выбрать…
diff --git a/main/ui/src/main/resources/i18n/strings_sk.properties b/main/ui/src/main/resources/i18n/strings_sk.properties
index cbd5a22cc..7f8e17839 100644
--- a/main/ui/src/main/resources/i18n/strings_sk.properties
+++ b/main/ui/src/main/resources/i18n/strings_sk.properties
@@ -43,8 +43,6 @@ addvaultwizard.new.locationLabel=Umiestnenie úložiska
 addvaultwizard.new.directoryPickerLabel=Vlastné umiestnenie
 addvaultwizard.new.directoryPickerButton=Vybrať…
 addvaultwizard.new.directoryPickerTitle=Vybrať adresár
-addvaultwizard.new.fileAlreadyExists=Na tejto ceste nie je možné vytvoriť trezor, pretože niektorý objekt už existuje.
-addvaultwizard.new.locationDoesNotExist=Peňaženka sa nedá vytvoriť na danej ceste pretože ani jedna cesta neexistuje.
 addvaultwizard.new.invalidName=Neplatný názov trezoru. Zvážte bežný názov adresára.
 ### Password
 addvaultwizard.new.createVaultBtn=Vytvoriť trezor
@@ -95,9 +93,10 @@ unlock.title=Odomknúť trezor
 unlock.passwordPrompt=Zadajte heslo pre "%s":
 unlock.savePassword=Odomknúť.uložiťHeslo
 unlock.unlockBtn=Odomknúť
+##
 ## Success
-unlock.success.message=Úspešne sa odomkol "%s"! Váš trezor je teraz prístupný.
-unlock.success.revealBtn=Odhaliť trezor
+unlock.success.message=Odomknutie "%s" úspešné! Vaša peňaženka je už prístupná cez jej virtuálny disk.
+unlock.success.revealBtn=Odkry disk
 ## Failure
 unlock.error.heading=Nie je možné odomknúť účet
 ### Invalid Mount Point
@@ -133,7 +132,14 @@ preferences.general.keychainBackend.org.cryptomator.macos.keychain.MacSystemKeyc
 preferences.general.keychainBackend.org.cryptomator.windows.keychain.WindowsProtectedKeychainAccess=Windows ochrana dát
 ## Volume
 ## Updates
-## Donation Key
+## Contribution
+preferences.contribute=Podporte nás
+preferences.contribute.registeredFor=Certifikát podporovateľa registrovaný na %s
+preferences.contribute.noCertificate=Podpor Cryptomator a získaj certifikát podporovateľa. Je to ako licenčný klúč ale dobrí ľudia používajú voľný software. ;-)
+preferences.contribute.getCertificate=Ešte ho nemáš? Sleduj ako ho vieš získať.
+preferences.contribute.promptText=Vlož sem kód certifikátu podporovateľa
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 
 # Vault Statistics
@@ -172,7 +178,12 @@ main.preferencesBtn.tooltip=Predvoľby
 main.debugModeEnabled.tooltip=Debagovací mód je aktivovaný
 ## Drag 'n' Drop
 ## Vault List
-main.vaultlist.contextMenu.remove=Odstrániť peňaženku…
+main.vaultlist.contextMenu.remove=Odstráň…
+main.vaultlist.contextMenu.lock=Uzamknúť
+main.vaultlist.contextMenu.unlock=Odomknúť…
+main.vaultlist.contextMenu.unlockNow=Odomknúť teraz
+main.vaultlist.contextMenu.vaultoptions=Ukáž možnosti peňaženky
+main.vaultlist.contextMenu.reveal=Odkry disk
 main.vaultlist.addVaultBtn=Pridať trezor
 ## Vault Detail
 ### Welcome
@@ -181,6 +192,7 @@ main.vaultDetail.unlockBtn=Odomknúť…
 main.vaultDetail.unlockNowBtn=Odomknúť teraz
 main.vaultDetail.passwordSavedInKeychain=Heslo uložené
 ### Unlocked
+main.vaultDetail.revealBtn=Odkry disk
 main.vaultDetail.lockBtn=Uzamknúť
 main.vaultDetail.bytesPerSecondRead=Čítanie:
 main.vaultDetail.bytesPerSecondWritten=Zápis:
@@ -195,6 +207,7 @@ main.vaultDetail.missing.remove=Odstrániť zo zoznamu peňaženky…
 # Vault Options
 ## General
 vaultOptions.general.vaultName=Názov trezoru
+vaultOptions.general.actionAfterUnlock.reveal=Odkry disk
 ## Mount
 vaultOptions.mount.mountPoint.directoryPickerButton=Vybrať…
 ## Master Key
diff --git a/main/ui/src/main/resources/i18n/strings_sr.properties b/main/ui/src/main/resources/i18n/strings_sr.properties
new file mode 100644
index 000000000..05dbe2aad
--- /dev/null
+++ b/main/ui/src/main/resources/i18n/strings_sr.properties
@@ -0,0 +1,330 @@
+# Locale Specific CSS files such as CJK, RTL,...
+
+# Generics
+## Button
+generic.button.apply=Примени
+generic.button.back=Назад
+generic.button.cancel=Откажи
+generic.button.change=Измени
+generic.button.close=Затвори
+generic.button.copy=Копирај
+generic.button.copied=Копирано!
+generic.button.done=Завршено
+generic.button.next=Даље
+generic.button.print=Штампај
+## Error
+generic.error.title=Догодила се неочекивана грешка
+generic.error.instruction=Ово није требало да се догоди. Молимо вас пријавите текст грешке испод и додајте опис корака који су довели до ове грешке.
+
+# Defaults
+defaults.vault.vaultName=Сеф
+
+# Tray Menu
+traymenu.showMainWindow=Прикажи
+traymenu.showPreferencesWindow=Подешавања
+traymenu.lockAllVaults=Закључај све
+traymenu.quitApplication=Излаз
+traymenu.vault.unlock=Откључај
+traymenu.vault.lock=Закључај
+traymenu.vault.reveal=Откриј
+
+# Add Vault Wizard
+addvaultwizard.title=Додавање сефа
+## Welcome
+addvaultwizard.welcome.newButton=Направи нови сеф
+addvaultwizard.welcome.existingButton=Отвори постојећи сеф
+## New
+### Name
+addvaultwizard.new.nameInstruction=Одабери назив за сеф
+addvaultwizard.new.namePrompt=Назив сефа
+### Location
+addvaultwizard.new.locationInstruction=Где Cryptomator да складишти шифроване датотеке вашег сефа?
+addvaultwizard.new.locationLabel=Локација складишта
+addvaultwizard.new.locationPrompt=…
+addvaultwizard.new.directoryPickerLabel=Друга локација
+addvaultwizard.new.directoryPickerButton=Изабери…
+addvaultwizard.new.directoryPickerTitle=Изабери директоријум
+addvaultwizard.new.fileAlreadyExists=Датотека или директоријум са овим именом сефа већ постоји
+addvaultwizard.new.locationDoesNotExist=Директоријум на датој локацији не постоји или му се не може приступити
+addvaultwizard.new.locationIsNotWritable=Немате приступ писању на датој локацији
+addvaultwizard.new.locationIsOk=Прикладна локација за ваш сеф
+addvaultwizard.new.invalidName=Неважеће име сефа. Молимо вас за одабир обичног имена директоријума.
+### Password
+addvaultwizard.new.createVaultBtn=Направи сеф
+addvaultwizard.new.generateRecoveryKeyChoice=Нећете моћи да приступите вашим подацима без ваше лозинке. Да ли желите резервни кључ у случају губитка лозинке?
+addvaultwizard.new.generateRecoveryKeyChoice.yes=Да молим, увек је добро имати резерву
+addvaultwizard.new.generateRecoveryKeyChoice.no=Не хвала, нећу изгубити своју лозинку
+### Information
+addvault.new.readme.storageLocation.fileName=ВАЖНО.rtf
+addvault.new.readme.storageLocation.1=⚠️  ДОКУМЕНТИ СЕФА  ⚠️
+addvault.new.readme.storageLocation.2=Ово је локација где је складиштен ваш сеф.
+addvault.new.readme.storageLocation.3=НИ У КОМ СЛУЧАЈУ НЕМОЈТЕ
+addvault.new.readme.storageLocation.4=•  мењати било коју датотеку у овом директоријуму или
+addvault.new.readme.storageLocation.5=•  стављати било коју датотеку који желите да заштитите директно у овај директоријум.
+addvault.new.readme.storageLocation.6=Ако желите да заштитите документе или прегледате садржај сефа, урадите следеће:
+addvault.new.readme.storageLocation.7=1.  Додајте овај сеф у Cryptomator.
+addvault.new.readme.storageLocation.8=2.  Откључајте сеф у Cryptomator.
+addvault.new.readme.storageLocation.9=3.  Отворите локацију сефа притиском на дугме "Откриј".
+addvault.new.readme.storageLocation.10=Ако вам је потребна помоћ, прочитајте документацију: %s
+addvault.new.readme.accessLocation.fileName=ДОБРОДОШЛИ.rtf
+addvault.new.readme.accessLocation.1=🔐️  ШИФРОВАНА ПАРТИЦИЈА  🔐️
+addvault.new.readme.accessLocation.2=Ово је приступна локација вашег сефа.
+addvault.new.readme.accessLocation.3=Било која датотека додата у ову партицију биће шифровани са Cryptomator. Можете да радите у њој баш као у било којој другој партицији или директоријуму. Ово је само дешифрован преглед њеног садржаја, ваше датотеке остају шифроване на вашем тврдом диску све време.
+addvault.new.readme.accessLocation.4=Слободно можете да обришете ову датотеку.
+## Existing
+addvaultwizard.existing.instruction=Изабери "masterkey.cryptomator" датотеку свог постојећег сефа.
+addvaultwizard.existing.chooseBtn=Изабери…
+addvaultwizard.existing.filePickerTitle=Изабери "Masterkey" датотеку
+## Success
+addvaultwizard.success.nextStepsInstructions=Додат је сеф "%s".\nМорате да откључате овај сеф да бисте приступили или додали садржај. Такође можете да га откључате касније у било ком тренутку.
+addvaultwizard.success.unlockNow=Откључај сада
+
+# Remove Vault
+removeVault.title=Уклони сеф
+removeVault.information=Ово ће урадити да Cryptomator заборави ваш сеф. Увек га поново можете додати касније. Шифроване датотеке неће бити обрисане са вашег тврдог диска.
+removeVault.confirmBtn=Уклони сеф
+
+# Change Password
+changepassword.title=Промена лозинке
+changepassword.enterOldPassword=Унеси тренутну лозинку за "%s"
+changepassword.finalConfirmation=Разумем да нећу моћи приступити својим подацима уколико заборавим лозинку
+
+# Forget Password
+forgetPassword.title=Заборави лозинку
+forgetPassword.information=Ово ће избрисати сачувану лозинку овог сефа из вашег системског менаџера лозинки.
+forgetPassword.confirmBtn=Заборави лозинку
+
+# Unlock
+unlock.title=Откључавање сефа
+unlock.passwordPrompt=Унесите лозинку за "%s":
+unlock.savePassword=Запамти лозинку
+unlock.unlockBtn=Откључај
+##
+unlock.chooseMasterkey.filePickerTitle=Изабери "Masterkey" датотеку
+## Success
+unlock.success.message=Успешно сте откључали "%s"! Ваш сеф је сада доступан путем свог виртуелног диска.
+unlock.success.rememberChoice=Запамти избор, не приказуј ово поново
+unlock.success.revealBtn=Отвори диск
+## Failure
+unlock.error.heading=Сеф није могуће откључати
+### Invalid Mount Point
+unlock.error.invalidMountPoint.notExisting=Тачка везивања "%s" није директоријум, није празна или не постоји.
+unlock.error.invalidMountPoint.existing=Тачка везивања "%s" већ постоји или је надређени директоријум непостојећи.
+
+# Lock
+## Force
+lock.forced.heading=Нормално закључавање није успело
+lock.forced.message=Закључавање "%s" је блокирано операцијама на чекању или отвореним датотекама. Можете присилно закључати овај сеф, међутим прекид "I/O" операција може резултирати губитком несачуваних података.
+lock.forced.confirmBtn=Присилно закључај
+## Failure
+lock.fail.heading=Закључавање сефа није успело.
+lock.fail.message=Сеф "%s" није могуће закључати. Будите сигурни да је несачувани рад сачуван негде другде и да су важне операције читања/писања завршене. Како бисте затворили сеф, зауставите Cryptomator процес у систему.
+
+# Migration
+migration.title=Надогради сеф
+## Start
+migration.start.prompt=Ваш сеф "%s" мора бити ажуриран на новији формат. Пре наставка, проверите да нема синхронизације на чекању која утиче на овај сеф.
+migration.start.confirm=Да, мој сеф је у потпуности синхронизован
+## Run
+migration.run.enterPassword=Унесите лозинку за "%s"
+migration.run.startMigrationBtn=Преместите сеф
+migration.run.progressHint=Ово би могло потрајати…
+## Sucess
+migration.success.nextStepsInstructions="%s" је успешно премештен. Сада можете да откључате ваш сеф.
+migration.success.unlockNow=Откључај сада
+## Missing file system capabilities
+migration.error.missingFileSystemCapabilities.title=Неподржан фајл систем
+migration.error.missingFileSystemCapabilities.description=Премештање није започето, јер се ваш сеф налази на неадекватном фајл систему.
+migration.error.missingFileSystemCapabilities.reason.LONG_FILENAMES=Фајл систем не подржава дугачка имена датотека.
+migration.error.missingFileSystemCapabilities.reason.LONG_PATHS=Фајл систем не подржава дугачке адресе локација.
+migration.error.missingFileSystemCapabilities.reason.READ_ACCESS=Фајл систем не дозвољава читање.
+migration.error.missingFileSystemCapabilities.reason.WRITE_ACCESS=Фајл систем не дозвољава писање.
+## Impossible
+migration.impossible.heading=Сеф не може да се премести
+migration.impossible.reason=Сеф се не може аутоматски преместити јер је његова складишна локација или тачка приступа некомпатибилна.
+migration.impossible.moreInfo=Сеф се и даље може отворити са старијом верзијом. За упутства како ручно преместити сеф, посетите
+
+# Preferences
+preferences.title=Подешавања
+## General
+preferences.general=Опште
+preferences.general.theme=Тема
+preferences.general.theme.automatic=Аутоматска
+preferences.general.theme.light=Светла
+preferences.general.theme.dark=Тамна
+preferences.general.unlockThemes=Откључај тамну тему
+preferences.general.showMinimizeButton=Прикажи дугме за умањење програма
+preferences.general.showTrayIcon=Прикажи "tray" иконицу (потребан рестарт)
+preferences.general.startHidden=Сакриј прозор приликом покретања Cryptomator
+preferences.general.debugLogging=Омогући евиденцију отклањања грешака
+preferences.general.debugDirectory=Прикажи датотеке евиденције
+preferences.general.autoStart=Покрени Cryptomator при покретању система
+preferences.general.keychainBackend=Похрани лозинке са
+preferences.general.keychainBackend.org.cryptomator.linux.keychain.SecretServiceKeychainAccess=Gnome Keyring
+preferences.general.keychainBackend.org.cryptomator.linux.keychain.KDEWalletKeychainAccess=KDE Wallet
+preferences.general.keychainBackend.org.cryptomator.macos.keychain.MacSystemKeychainAccess=macOS Keychain Access
+preferences.general.keychainBackend.org.cryptomator.windows.keychain.WindowsProtectedKeychainAccess=Windows Data Protection
+preferences.general.interfaceOrientation=Оријентација интерфејса
+preferences.general.interfaceOrientation.ltr=Са лева на десно
+preferences.general.interfaceOrientation.rtl=Са десна на лево
+## Volume
+preferences.volume=Виртуелни Диск
+preferences.volume.type=Тип партиције
+preferences.volume.webdav.port=WebDAV Порт
+preferences.volume.webdav.scheme=WebDAV Шема
+## Updates
+preferences.updates=Ажурирања
+preferences.updates.currentVersion=Тренутна верзија: %s
+preferences.updates.autoUpdateCheck=Аутоматска провера доступних ажурирања
+preferences.updates.checkNowBtn=Провери сада
+preferences.updates.updateAvailable=Ажурирање на верзију %s је доступно.
+## Contribution
+preferences.contribute=Подржите Нас
+preferences.contribute.registeredFor=Сертификат "Пријатељ Пројекта" регистрован на %s
+preferences.contribute.noCertificate=Подржите Cryptomator и добићете сертификат "Пријатељ Пројекта". Нешто као лиценцни кључ али за сјајне људе који користе и подржавају бесплатан софтвер. ;-)
+preferences.contribute.getCertificate=Немате сертификат? Сазнајте како га можете прибавити.
+preferences.contribute.promptText=Унесите ваш "Пријатељ Пројекта" код овде
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
+## About
+preferences.about=О програму
+
+# Vault Statistics
+stats.title=Статистика за %s
+stats.cacheHitRate=Фреквентност кеш меморије
+## Read
+stats.read.throughput.idle=Читање: у приправности
+stats.read.throughput.kibs=Читање: %.2f kiB/s
+stats.read.throughput.mibs=Читање: %.2f MiB/s
+stats.read.total.data.none=Учитано података: -
+stats.read.total.data.kib=Учитано података: %.1f kiB
+stats.read.total.data.mib=Учитано података: %.1f MiB
+stats.read.total.data.gib=Учитано података: %.1f GiB
+stats.decr.total.data.none=Дешифровано података: -
+stats.decr.total.data.kib=Дешифровано података: %.1f kiB
+stats.decr.total.data.mib=Дешифровано података: %.1f MiB
+stats.decr.total.data.gib=Дешифровано података: %.1f GiB
+stats.read.accessCount=Укупно учитано: %d
+## Write
+stats.write.throughput.idle=Писање: у приправности
+stats.write.throughput.kibs=Писање: %.2f kiB/s
+stats.write.throughput.mibs=Писање: %.2f MiB/s
+stats.write.total.data.none=Уписано података: -
+stats.write.total.data.kib=Уписано података: %.1f kiB
+stats.write.total.data.mib=Уписано података: %.1f MiB
+stats.write.total.data.gib=Уписано података: %.1f GiB
+stats.encr.total.data.none=Шифровано података: -
+stats.encr.total.data.kib=Шифровано података: %.1f kiB
+stats.encr.total.data.mib=Шифровано података: %.1f MiB
+stats.encr.total.data.gib=Шифровано података: %.1f GiB
+stats.write.accessCount=Укупно уписано: %d
+
+# Main Window
+main.closeBtn.tooltip=Затвори
+main.minimizeBtn.tooltip=Умањи
+main.preferencesBtn.tooltip=Подешавања
+main.debugModeEnabled.tooltip=Омогућен је режим отклањања грешака
+main.donationKeyMissing.tooltip=Молимо Вас размислите о донацији пројекту
+## Drag 'n' Drop
+main.dropZone.dropVault=Додај овај сеф
+main.dropZone.unknownDragboardContent=Ако желите додати сеф, превуците га у овај прозор
+## Vault List
+main.vaultlist.emptyList.onboardingInstruction=Кликните овде да додате сеф
+main.vaultlist.contextMenu.remove=Уклони…
+main.vaultlist.contextMenu.lock=Закључај
+main.vaultlist.contextMenu.unlock=Откључај…
+main.vaultlist.contextMenu.unlockNow=Откључај сада
+main.vaultlist.contextMenu.vaultoptions=Прикажи опције сефа
+main.vaultlist.contextMenu.reveal=Прикажи диск
+main.vaultlist.addVaultBtn=Додај сеф
+## Vault Detail
+### Welcome
+main.vaultDetail.welcomeOnboarding=Хвала вам што сте одабрали Cryptomator за заштиту ваших података. Ако вам је потребна помоћ, прегледајте наше корисничко упутство:
+### Locked
+main.vaultDetail.lockedStatus=ЗАКЉУЧАНО
+main.vaultDetail.unlockBtn=Откључај…
+main.vaultDetail.unlockNowBtn=Откључај сада
+main.vaultDetail.optionsBtn=Опције сефа
+main.vaultDetail.passwordSavedInKeychain=Лозинка је сачувана
+### Unlocked
+main.vaultDetail.unlockedStatus=ОТКЉУЧАНО
+main.vaultDetail.accessLocation=Садржај Вашег сефа је доступан овде:
+main.vaultDetail.revealBtn=Прикажи диск
+main.vaultDetail.lockBtn=Закључај
+main.vaultDetail.bytesPerSecondRead=Читање:
+main.vaultDetail.bytesPerSecondWritten=Писање:
+main.vaultDetail.throughput.idle=у стању мировања
+main.vaultDetail.throughput.kbps=%.1f kiB/s
+main.vaultDetail.throughput.mbps=%.1f MiB/s
+main.vaultDetail.stats=Статистика сефа
+### Missing
+main.vaultDetail.missing.info=Cryptomator није пронашао сеф на овој локацији.
+main.vaultDetail.missing.recheck=Провери поново
+main.vaultDetail.missing.remove=Удаљи са листе сефова…
+main.vaultDetail.missing.changeLocation=Промени локацију сефа…
+### Needs Migration
+main.vaultDetail.migrateButton=Надогради сеф
+main.vaultDetail.migratePrompt=Да бисте приступили вашем сефу, он мора бити надограђен на нови формат
+
+# Wrong File Alert
+wrongFileAlert.title=Како шифровати датотеке
+wrongFileAlert.header.title=Да ли сте покушали да шифрујете ове датотеке?
+wrongFileAlert.header.lead=У ту сврху, Cryptomator вам пружа партицију унутар вашег системског менаџера датотека.
+wrongFileAlert.instruction.0=Да бисте шифрирали датотеке, пратите следеће кораке:
+wrongFileAlert.instruction.1=1. Откључајте Ваш сеф.
+wrongFileAlert.instruction.2=2. Кликните на "Откриј" да бисте отворили партицију унутар вашег менаџера датотека.
+wrongFileAlert.instruction.3=3. Додајте Ваше датотеке у ову партицију.
+wrongFileAlert.link=За даљу подршку, посетите
+
+# Vault Options
+## General
+vaultOptions.general=Опште
+vaultOptions.general.vaultName=Назив сефа
+vaultOptions.general.unlockAfterStartup=Откључај сеф при покретању Cryptomator
+vaultOptions.general.actionAfterUnlock=Након успешног откључавања
+vaultOptions.general.actionAfterUnlock.ignore=Не ради ништа
+vaultOptions.general.actionAfterUnlock.reveal=Прикажи диск
+vaultOptions.general.actionAfterUnlock.ask=Питај
+## Mount
+vaultOptions.mount=Монтирање
+vaultOptions.mount.readonly=Само читање
+vaultOptions.mount.customMountFlags=Прилагођена обележја монтирања
+vaultOptions.mount.winDriveLetterOccupied=заузето
+vaultOptions.mount.mountPoint=Монтажна тачка
+vaultOptions.mount.mountPoint.auto=Аутоматски одабери погодну локацију
+vaultOptions.mount.mountPoint.driveLetter=Користи додељено слово диска
+vaultOptions.mount.mountPoint.custom=Друга локација
+vaultOptions.mount.mountPoint.directoryPickerButton=Изабери…
+vaultOptions.mount.mountPoint.directoryPickerTitle=Изаберите празан директоријум
+## Master Key
+vaultOptions.masterkey=Лозинка
+vaultOptions.masterkey.changePasswordBtn=Промена лозинке
+vaultOptions.masterkey.forgetSavedPasswordBtn=Заборави сачувану лозинку
+vaultOptions.masterkey.recoveryKeyExpanation=Резервни кључ је Ваш једини начин да вратите приступ сефу уколико изгубите лозинку.
+vaultOptions.masterkey.showRecoveryKeyBtn=Прикажи Резервни Кључ
+vaultOptions.masterkey.recoverPasswordBtn=Обнови лозинку
+
+# Recovery Key
+recoveryKey.title=Резервни Кључ
+recoveryKey.enterPassword.prompt=Унесите Вашу лозинку како бисте приказали резервни кључ за %s:
+recoveryKey.display.message=Следећи резервни кључ може се користити за враћање приступа "%s":
+recoveryKey.display.StorageHints=Чувајте га на веома сигурном месту, нпр.:\n • Похраните га унутар менаџера лозинки\n • Сачувајте га на екстерни диск\n • Одштампајте га на папиру
+recoveryKey.recover.prompt=Унесите резервни кључ за "%s":
+recoveryKey.recover.validKey=Ово је исправан резервни кључ
+recoveryKey.printout.heading=Cryptomator Резервни Кључ\n"%s"\n
+
+# New Password
+newPassword.promptText=Унесите нову лозинку
+newPassword.reenterPassword=Потврдите нову лозинку
+newPassword.passwordsMatch=Лозинке се подударају!
+newPassword.passwordsDoNotMatch=Лозинке се не подударају
+passwordStrength.messageLabel.tooShort=Користите најмање %d карактера
+passwordStrength.messageLabel.0=Веома слаба
+passwordStrength.messageLabel.1=Слаба
+passwordStrength.messageLabel.2=Осредња
+passwordStrength.messageLabel.3=Jakа
+passwordStrength.messageLabel.4=Веома јака
+
+# Quit
+quit.prompt=Затворити програм? Имате откључаних сефова.
+quit.lockAndQuit=Закључај и Изађи
diff --git a/main/ui/src/main/resources/i18n/strings_sr_Latn.properties b/main/ui/src/main/resources/i18n/strings_sr_Latn.properties
new file mode 100644
index 000000000..61f562cf9
--- /dev/null
+++ b/main/ui/src/main/resources/i18n/strings_sr_Latn.properties
@@ -0,0 +1,246 @@
+# Locale Specific CSS files such as CJK, RTL,...
+
+# Generics
+## Button
+generic.button.apply=Primeni
+generic.button.back=Nazad
+generic.button.cancel=Otkaži
+generic.button.change=Izmeni
+generic.button.close=Zatvori
+generic.button.copy=Kopiraj
+generic.button.copied=Kopirano!
+generic.button.done=Završeno
+generic.button.next=Dalje
+generic.button.print=Štampaj
+## Error
+generic.error.title=Dogodila se neočekivana greška
+generic.error.instruction=Ovo nije trebalo da se dogodi. Molimo vas prijavite tekst greške ispod i dodajte opis koraka koji su doveli do ove greške.
+
+# Defaults
+defaults.vault.vaultName=Sef
+
+# Tray Menu
+traymenu.showMainWindow=Prikaži
+traymenu.showPreferencesWindow=Podešavanja
+traymenu.lockAllVaults=Zaključaj sve
+traymenu.quitApplication=Izlaz
+traymenu.vault.unlock=Otključaj
+traymenu.vault.lock=Zaključaj
+traymenu.vault.reveal=Otkrij
+
+# Add Vault Wizard
+addvaultwizard.title=Dodavanje safa
+## Welcome
+addvaultwizard.welcome.newButton=Napravi novi sef
+addvaultwizard.welcome.existingButton=Otvori postojeći sef
+## New
+### Name
+addvaultwizard.new.nameInstruction=Odaberi naziv za sef
+addvaultwizard.new.namePrompt=Naziv sefa
+### Location
+addvaultwizard.new.locationInstruction=Gde Cryptomator da skladišti šifrovane datoteke vašeg sefa?
+addvaultwizard.new.locationLabel=Lokacija skladišta
+addvaultwizard.new.locationPrompt=…
+addvaultwizard.new.directoryPickerLabel=Druga lokacija
+addvaultwizard.new.directoryPickerButton=Izaberi…
+addvaultwizard.new.directoryPickerTitle=Izaberi direktorijum
+addvaultwizard.new.fileAlreadyExists=Datoteka ili direktorijum sa ovim imenom sefa već postoji
+addvaultwizard.new.locationDoesNotExist=Direktorijum na datoj lokaciji ne postoji ili mu se ne može pristupiti
+addvaultwizard.new.locationIsNotWritable=Nemate pristup pisanju na datoj lokaciji
+addvaultwizard.new.locationIsOk=Prikladna lokacija za vaš sef
+addvaultwizard.new.invalidName=Nevažeće ime sefa. Molimo vas za odabir običnog imena direktorijuma.
+### Password
+addvaultwizard.new.createVaultBtn=Napravi sef
+addvaultwizard.new.generateRecoveryKeyChoice=Nećete moći da pristupite vašim podacima bez vaše lozinke. Da li želite rezervni ključ u slučaju gubitka lozinke?
+addvaultwizard.new.generateRecoveryKeyChoice.yes=Da molim, uvek je dobro imati rezervu
+addvaultwizard.new.generateRecoveryKeyChoice.no=Ne hvala, neću izgubiti svoju lozinku
+### Information
+addvault.new.readme.storageLocation.fileName=VAŽNO.rtf
+addvault.new.readme.storageLocation.1=⚠️  DOKUMENTI SEFA  ⚠️
+addvault.new.readme.storageLocation.2=Ovo je lokacija gde je skladišten vaš sef.
+addvault.new.readme.storageLocation.3=NI U KOM SLUČAJU NEMOJTE
+addvault.new.readme.storageLocation.4=•  menjati bilo koju datoteku u ovom direktorijumu ili
+addvault.new.readme.storageLocation.5=•  stavljati bilo koju datoteku koji želite da zaštitite direktno u ovaj direktorijum.
+addvault.new.readme.storageLocation.6=Ako želite da zaštitite dokumente ili pregledate sadržaj sefa, uradite sledeće:
+addvault.new.readme.storageLocation.7=1.  Dodajte ovaj sef u Cryptomator.
+addvault.new.readme.storageLocation.8=2.  Otključajte sef u Cryptomator.
+addvault.new.readme.storageLocation.9=3.  Otvorite lokaciju sefa pritiskom na dugme "Otkrij".
+addvault.new.readme.storageLocation.10=Ako vam je potrebna pomoć, pročitajte dokumentaciju: %s
+addvault.new.readme.accessLocation.fileName=DOBRODOŠLI.rtf
+addvault.new.readme.accessLocation.1=🔐️  ŠIFROVANA PARTICIJA  🔐️
+addvault.new.readme.accessLocation.2=Ovo je pristupna lokacija vašeg sefa.
+addvault.new.readme.accessLocation.3=Bilo koja datoteka dodata u ovu particiju biće šifrovana sa Cryptomator. Možete da radite u njoj baš kao i u bilo kojoj drugoj particiji ili direktorijumu. Ovo je samo dešifrovan pregled njenog sadržaja, vaše datoteke ostaju šifrovane na vašem tvrdom disku sve vreme.
+addvault.new.readme.accessLocation.4=Slobodno možete da obrišete ovu datoteku.
+## Existing
+addvaultwizard.existing.instruction=Izaberi "masterkey.cryptomator" datoteku svog postojećeg sefa.
+addvaultwizard.existing.chooseBtn=Izaberi…
+addvaultwizard.existing.filePickerTitle=Izaberi "Masterkey" datoteku
+## Success
+addvaultwizard.success.nextStepsInstructions=Dodat je sef "%s".\nMorate da otključate ovaj sef da biste pristupili ili dodali sadržaj. Takođe možete da ga otključate kasnije u bilo kom trenutku.
+addvaultwizard.success.unlockNow=Otključaj sada
+
+# Remove Vault
+removeVault.title=Ukloni sef
+removeVault.information=Ovo će uraditi da Cryptomator zaboravi vaš sef. Uvek ga ponovo možete dodati kasnije. Šifrovane datoteke neće biti obrisane sa vašeg tvrdog diska.
+removeVault.confirmBtn=Ukloni sef
+
+# Change Password
+changepassword.title=Promena lozinke
+changepassword.enterOldPassword=Unesi trenutnu lozinku za "%s"
+changepassword.finalConfirmation=Razumem da neću moći pristupiti svojim podacima ukoliko zaboravim lozinku
+
+# Forget Password
+forgetPassword.title=Zaboravi lozinku
+forgetPassword.information=Ovo će izbrisati sačuvanu lozinku ovog sefa iz vašeg sistemskog menadžera lozinki.
+forgetPassword.confirmBtn=Zaboravi lozinku
+
+# Unlock
+unlock.title=Otključavanje sefa
+unlock.passwordPrompt=Unesite lozinku za "%s":
+unlock.savePassword=Zapamti lozinku
+unlock.unlockBtn=Otključaj
+##
+unlock.chooseMasterkey.filePickerTitle=Izaberi "Masterkey" datoteku
+## Success
+unlock.success.message=Uspešno ste otključali "%s"! Vaš sef je sada dostupan putem ovog virtuelnog diska.
+unlock.success.rememberChoice=Zapamti izbor, ne prikazuj ovo ponovo
+unlock.success.revealBtn=Otvori disk
+## Failure
+unlock.error.heading=Sef nije moguće otključati
+### Invalid Mount Point
+unlock.error.invalidMountPoint.notExisting=Tačka vezivanja "%s" nije direktorijum, nije prazna ili ne postoji.
+unlock.error.invalidMountPoint.existing=Tačka vezivanja "%s" već postoji ili je nadređeni direktorijum nepostojeći.
+
+# Lock
+## Force
+lock.forced.heading=Normalno zaključavanje nije uspelo
+lock.forced.message=Zaključavanje "%s" je blokirano operacijama na čekanju ili otvorenim datotekama. Možete prisilno zaključati ovaj sef, međutim prekid "I/O" operacija može rezultirati gubitkom nesačuvanih podataka.
+lock.forced.confirmBtn=Prisilno zaključaj
+## Failure
+lock.fail.heading=Zaključavanje sefa nije uspelo.
+lock.fail.message=Sef "%s" nije moguće zaključati. Budite sigurni da je nesačuvani rad sačuvan negde drugde i da su važne operacije čitanja/pisanja završene. Kako biste zatvorili sef, zaustavite Cryptomator proces u sistemu.
+
+# Migration
+migration.title=Nadogradi sef
+## Start
+migration.start.prompt=Vaš sef "%s" mora biti ažuriran na noviji format. Pre nastavka, proverite da nema sinhronizacije na čekanju koja utiče na ovaj sef.
+migration.start.confirm=Da moj sef je u potpunosti sinhronizovan
+## Run
+migration.run.enterPassword=Unesite lozinku za "%s"
+migration.run.startMigrationBtn=Premestite sef
+migration.run.progressHint=Ovo bi moglo potrajati…
+## Sucess
+migration.success.nextStepsInstructions="%s" je uspešno premešten. Sada možete da otključate vaš šef.
+migration.success.unlockNow=Otključaj sada
+## Missing file system capabilities
+migration.error.missingFileSystemCapabilities.title=Nepodržan fajl sistem
+migration.error.missingFileSystemCapabilities.description=Premeštanje nije započeto, jer se vaš sef nalazi na neadekvatnom fajl sistemu.
+migration.error.missingFileSystemCapabilities.reason.LONG_FILENAMES=Fajl sistem ne podržava dugačka imena datoteka.
+migration.error.missingFileSystemCapabilities.reason.LONG_PATHS=Fajl sistem ne podržava dugačke adrese lokacija.
+migration.error.missingFileSystemCapabilities.reason.READ_ACCESS=Fajl sistem ne dozvoljava čitanje.
+migration.error.missingFileSystemCapabilities.reason.WRITE_ACCESS=Fajl sistem ne dozvoljava pisanje.
+## Impossible
+migration.impossible.heading=Sef ne može da se premesti
+migration.impossible.reason=Sef se ne može automatski premestiti jer je njegova skladišna lokacija ili tačka pristupa nekompatibilna.
+migration.impossible.moreInfo=Sef se i dalje može otvoriti sa starijom verzijom. Za uputstva kako ručno premestiti sef, posetite
+
+# Preferences
+preferences.title=Podešavanja
+## General
+preferences.general=Opšte
+preferences.general.theme=Tema
+preferences.general.theme.automatic=Automatska
+preferences.general.theme.light=Svetla
+preferences.general.theme.dark=Tamna
+preferences.general.unlockThemes=Otključaj tamnu temu
+preferences.general.showMinimizeButton=Prikaži dugme za umanjenje programa
+preferences.general.showTrayIcon=Prikaži "tray" ikonicu (potreban restart)
+preferences.general.startHidden=Sakrij prozor prilikom pokretanja Cryptomator
+preferences.general.debugLogging=Omogući evidenciju otklanjanja grešaka
+preferences.general.debugDirectory=Prikaži datoteke evidencije
+preferences.general.autoStart=Pokreni Cryptomator pri pokretanju sistema
+preferences.general.keychainBackend=Pohrani lozinke sa
+preferences.general.keychainBackend.org.cryptomator.linux.keychain.SecretServiceKeychainAccess=Gnome Keyring
+preferences.general.keychainBackend.org.cryptomator.linux.keychain.KDEWalletKeychainAccess=KDE Wallet
+preferences.general.keychainBackend.org.cryptomator.macos.keychain.MacSystemKeychainAccess=macOS Keychain Access
+preferences.general.keychainBackend.org.cryptomator.windows.keychain.WindowsProtectedKeychainAccess=Windows Data Protection
+preferences.general.interfaceOrientation=Orijentacija interfejsa
+preferences.general.interfaceOrientation.ltr=Sa leva na desno
+preferences.general.interfaceOrientation.rtl=Sa desna na levo
+## Volume
+preferences.volume=Virtuelni Disk
+preferences.volume.type=Tip particije
+preferences.volume.webdav.port=WebDAV Port
+preferences.volume.webdav.scheme=WebDAV Šema
+## Updates
+preferences.updates=Ažuriranja
+preferences.updates.currentVersion=Trenutna verzija: %s
+preferences.updates.autoUpdateCheck=Automatska provera dostupnih ažuriranja
+preferences.updates.checkNowBtn=Proveri sada
+preferences.updates.updateAvailable=Ažuriranje na verziju %s je dostupno.
+## Contribution
+preferences.contribute=Podržite Nas
+preferences.contribute.registeredFor=Sertifikat "Prijatelj Projekta" registrovan je na %s
+preferences.contribute.noCertificate=Podržite Cryptomator i dobićete sertifikat "Prijatelj Projekta". Nešto kao licencni ključ ali za sjajne ljude koji koriste i podržavaju besplatan softver. ;-)
+preferences.contribute.getCertificate=Nemate sertifikat? Saznajte kako ga možete pribaviti.
+preferences.contribute.promptText=Unesite vaš "Prijatelj Projekta" kod ovde
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
+## About
+preferences.about=O programu
+
+# Vault Statistics
+stats.title=Statistika za %s
+stats.cacheHitRate=Frekventnost keš memorije
+## Read
+stats.read.throughput.idle=Čitanje: u pripravnosti
+stats.read.throughput.kibs=Čitanje: %.2f kiB/s
+stats.read.throughput.mibs=Čitanje: %.2f MiB/s
+stats.read.total.data.none=Učitano podataka: -
+stats.read.total.data.kib=Učitano podataka: %.1f kiB
+stats.read.total.data.mib=Učitano podataka: %.1f MiB
+stats.read.total.data.gib=Učitano podataka: %.1f GiB
+stats.decr.total.data.none=Dešifrovano podataka: -
+stats.decr.total.data.kib=Dešifrovano podataka: %.1f kiB
+stats.decr.total.data.mib=Dešifrovano podataka: %.1f MiB
+stats.decr.total.data.gib=Dešifrovano podataka: %.1f GiB
+## Write
+
+# Main Window
+main.closeBtn.tooltip=Zatvori
+main.preferencesBtn.tooltip=Podešavanja
+## Drag 'n' Drop
+## Vault List
+main.vaultlist.contextMenu.lock=Zaključaj
+main.vaultlist.contextMenu.unlockNow=Otključaj sada
+main.vaultlist.contextMenu.reveal=Otvori disk
+main.vaultlist.addVaultBtn=Dodavanje safa
+## Vault Detail
+### Welcome
+### Locked
+main.vaultDetail.unlockNowBtn=Otključaj sada
+### Unlocked
+main.vaultDetail.revealBtn=Otvori disk
+main.vaultDetail.lockBtn=Zaključaj
+### Missing
+### Needs Migration
+main.vaultDetail.migrateButton=Nadogradi sef
+
+# Wrong File Alert
+
+# Vault Options
+## General
+vaultOptions.general=Opšte
+vaultOptions.general.vaultName=Naziv sefa
+vaultOptions.general.actionAfterUnlock.reveal=Otvori disk
+## Mount
+vaultOptions.mount.mountPoint.directoryPickerButton=Izaberi…
+## Master Key
+vaultOptions.masterkey.changePasswordBtn=Promena lozinke
+
+# Recovery Key
+
+# New Password
+
+# Quit
+quit.lockAndQuit=Zaključaj i Izađi
diff --git a/main/ui/src/main/resources/i18n/strings_sv.properties b/main/ui/src/main/resources/i18n/strings_sv.properties
index 9677fa732..08c9f6871 100644
--- a/main/ui/src/main/resources/i18n/strings_sv.properties
+++ b/main/ui/src/main/resources/i18n/strings_sv.properties
@@ -14,7 +14,7 @@ generic.button.next=Nästa
 generic.button.print=Skriv ut
 ## Error
 generic.error.title=Ett oväntat fel uppstod
-generic.error.instruction=Det här borde inte ha hänt. Vänligen rapportera feltexten nedan och inkludera en beskrivning av vilka steg som ledde till detta fel.
+generic.error.instruction=Detta borde inte hänt. Vänligen rapportera feltexten nedan och inkludera en beskrivning av vilka steg som ledde till detta fel.
 
 # Defaults
 defaults.vault.vaultName=Valv
@@ -44,8 +44,6 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=Anpassad plats
 addvaultwizard.new.directoryPickerButton=Välj…
 addvaultwizard.new.directoryPickerTitle=Välj katalog
-addvaultwizard.new.fileAlreadyExists=Valvet kan inte skapas på denna plats då vissa filer redan existerar.
-addvaultwizard.new.locationDoesNotExist=Valvet kan inte skapas på den här platsen då åtminstone en komponent inte finns.
 addvaultwizard.new.invalidName=Felaktigt namn på valvet. Vänligen ange ett vanligt katalognamn.
 ### Password
 addvaultwizard.new.createVaultBtn=Skapa Valv
@@ -56,7 +54,7 @@ addvaultwizard.new.generateRecoveryKeyChoice.no=Nej tack. Här slarvas inga lös
 addvault.new.readme.storageLocation.fileName=VIKTIGT.rtf
 addvault.new.readme.storageLocation.1=⚠️  VALVFILER ⚠️
 addvault.new.readme.storageLocation.2=Detta är ditt valvs lagringsplats.
-addvault.new.readme.storageLocation.3=INTE
+addvault.new.readme.storageLocation.3=DU SKA INTE
 addvault.new.readme.storageLocation.4=• ändra någon fil i denna katalog eller
 addvault.new.readme.storageLocation.5=• klistra in filer för kryptering i denna katalog.
 addvault.new.readme.storageLocation.6=Om du vill kryptera filer och se innehållet i valvet, gör följande:
@@ -74,7 +72,7 @@ addvaultwizard.existing.instruction=Välj "masterkey.cryptomator" för ditt befi
 addvaultwizard.existing.chooseBtn=Välj…
 addvaultwizard.existing.filePickerTitle=Välj Masterkey-fil
 ## Success
-addvaultwizard.success.nextStepsInstructions=Lade till valv "%s".\nDu behöver låsa upp detta valv för att komma åt eller lägga till innehåll. Du kan även låsa upp det vid ett senare tillfälle.
+addvaultwizard.success.nextStepsInstructions=Lade till valv "%s".\nDu måste låsa upp detta valv för att komma åt eller lägga till innehåll. Du kan även låsa upp det vid ett senare tillfälle.
 addvaultwizard.success.unlockNow=Lås upp nu
 
 # Remove Vault
@@ -97,10 +95,12 @@ unlock.title=Lås upp valv
 unlock.passwordPrompt=Ange lösenord för "%s":
 unlock.savePassword=Kom ihåg lösenord
 unlock.unlockBtn=Lås upp
+##
+unlock.chooseMasterkey.filePickerTitle=Välj Masterkey-fil
 ## Success
-unlock.success.message="%s" upplåst! Ditt valv är nu åtkomligt.
+unlock.success.message="%s" upplåst! Ditt valv är nu åtkomligt från den virtuella enheten.
 unlock.success.rememberChoice=Kom ihåg valet, visa inte detta igen
-unlock.success.revealBtn=Visa valv
+unlock.success.revealBtn=Visa enhet
 ## Failure
 unlock.error.heading=Kan inte låsa upp valvet
 ### Invalid Mount Point
@@ -126,7 +126,7 @@ migration.run.enterPassword=Ange lösenordet för "%s"
 migration.run.startMigrationBtn=Migrera valv
 migration.run.progressHint=Detta kan ta lite tid…
 ## Sucess
-migration.success.nextStepsInstructions="%s" migrerades fullständigt.\nDu kan nu låsa upp ditt valv.
+migration.success.nextStepsInstructions="%s" migrerades korrekt.\nDu kan nu låsa upp ditt valv.
 migration.success.unlockNow=Lås upp nu
 ## Missing file system capabilities
 migration.error.missingFileSystemCapabilities.title=Filsystemet stöds ej
@@ -137,7 +137,7 @@ migration.error.missingFileSystemCapabilities.reason.READ_ACCESS=Filsystemet til
 migration.error.missingFileSystemCapabilities.reason.WRITE_ACCESS=Filsystemet tillåter inte att skrivas till.
 ## Impossible
 migration.impossible.heading=Kan inte migrera valv
-migration.impossible.reason=Valvet kan inte migreras automatiskt eftersom dess lagringsplats eller åtkomstpunkt inte är kompatibel.
+migration.impossible.reason=Valvet kan inte migreras automatiskt eftersom dess lagringsplats eller åtkomstpunkt inte är kompatibelt.
 migration.impossible.moreInfo=Valvet kan fortfarande öppnas med en äldre version. För instruktioner om hur du manuellt migrerar ett valv, besök
 
 # Preferences
@@ -149,8 +149,8 @@ preferences.general.theme.automatic=Automatiskt
 preferences.general.theme.light=Ljust
 preferences.general.theme.dark=Mörkt
 preferences.general.unlockThemes=Lås upp mörkt läge
-preferences.general.showMinimizeButton=Visa minimera knappen
-preferences.general.showTrayIcon=Visa tray-ikon (kräver omstart)
+preferences.general.showMinimizeButton=Visa minimera-knappen
+preferences.general.showTrayIcon=Visa ikon i aktivitetsfältet (kräver omstart)
 preferences.general.startHidden=Dölj fönster när Cryptomator startar
 preferences.general.debugLogging=Aktivera loggning för felsökning
 preferences.general.debugDirectory=Visa loggfiler
@@ -171,14 +171,12 @@ preferences.volume.webdav.scheme=WebDAV Schema
 ## Updates
 preferences.updates=Uppdateringar
 preferences.updates.currentVersion=Nuvarande version: %s
-preferences.updates.autoUpdateCheck=Kontrollera uppdateringar automatiskt
+preferences.updates.autoUpdateCheck=Sök efter uppdateringar automatiskt
 preferences.updates.checkNowBtn=Kontrollera nu
 preferences.updates.updateAvailable=Uppdatering till version %s finns tillgänglig.
-## Donation Key
-preferences.donationKey=Donation
-preferences.donationKey.registeredFor=Registrerad till %s
-preferences.donationKey.noDonationKey=Ingen giltig donationsnyckel funnen. Det är som en licensnyckel fast för grymma personer som kör fri mjukvara ;-)
-preferences.donationKey.getDonationKey=Skaffa en donationsnyckel
+## Contribution
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=Om
 
@@ -223,11 +221,16 @@ main.dropZone.dropVault=Lägg till detta valv
 main.dropZone.unknownDragboardContent=Om du vill lägga till ett valv, dra in det till detta fönster
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=Klicka här för att lägga till valv
-main.vaultlist.contextMenu.remove=Ta bort valv…
+main.vaultlist.contextMenu.remove=Ta bort…
+main.vaultlist.contextMenu.lock=Lås
+main.vaultlist.contextMenu.unlock=Lås upp…
+main.vaultlist.contextMenu.unlockNow=Lås upp nu
+main.vaultlist.contextMenu.vaultoptions=Visa inställningar för valv
+main.vaultlist.contextMenu.reveal=Visa enhet
 main.vaultlist.addVaultBtn=Lägg till valv
 ## Vault Detail
 ### Welcome
-main.vaultDetail.welcomeOnboarding=Tack för att du väljer Cryptomator för att skydda dina filer. Om du behöver hjälp, kolla in våra kom-gång guider:
+main.vaultDetail.welcomeOnboarding=Tack för att du väljer Cryptomator för att skydda dina filer. Om du behöver hjälp kan du kolla in våra guider:
 ### Locked
 main.vaultDetail.lockedStatus=LÅST
 main.vaultDetail.unlockBtn=Lås upp…
@@ -246,7 +249,7 @@ main.vaultDetail.throughput.kbps=%.1f kiB/s
 main.vaultDetail.throughput.mbps=%.1f MiB/s
 main.vaultDetail.stats=Valv Statistik
 ### Missing
-main.vaultDetail.missing.info=Cryptomator kunde inte hitta ett valv i denna sökväg.
+main.vaultDetail.missing.info=Cryptomator kunde inte hitta någt valv i denna sökväg.
 main.vaultDetail.missing.recheck=Kontrollera igen
 main.vaultDetail.missing.remove=Ta bort från listan…
 main.vaultDetail.missing.changeLocation=Ändra valvets plats…
diff --git a/main/ui/src/main/resources/i18n/strings_tr.properties b/main/ui/src/main/resources/i18n/strings_tr.properties
index c531555a4..3d11bc469 100644
--- a/main/ui/src/main/resources/i18n/strings_tr.properties
+++ b/main/ui/src/main/resources/i18n/strings_tr.properties
@@ -14,7 +14,7 @@ generic.button.next=İleri
 generic.button.print=Yazdır
 ## Error
 generic.error.title=Beklenmedik bir hata oluştu
-generic.error.instruction=Bu olmamalıydı. Lütfen aşağıdaki hata metnini ve bu hatayı aldığınızda hangi adımları uyguladığınızı rapor edin.
+generic.error.instruction=Bu olmamalıydı. Lütfen aşağıdaki hata metnini bildirin ve bu hataya neden olan adımların bir açıklamasını ekleyin.
 
 # Defaults
 defaults.vault.vaultName=Kasa
@@ -44,13 +44,15 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=Özel Konum
 addvaultwizard.new.directoryPickerButton=Seç…
 addvaultwizard.new.directoryPickerTitle=Dizin Seç
-addvaultwizard.new.fileAlreadyExists=Bazı nesneler varolduğu için kasa bu yolda oluşturulamıyor.
-addvaultwizard.new.locationDoesNotExist=En az bir yol bileşeni varolmadığı için kasa bu yolda oluşturulamıyor.
+addvaultwizard.new.fileAlreadyExists=Kasa adına sahip bir dosya veya dizin zaten mevcut
+addvaultwizard.new.locationDoesNotExist=Belirtilen yoldaki bir dizin mevcut değil veya erişilemez
+addvaultwizard.new.locationIsNotWritable=Belirtilen yolda yazma erişimi yok
+addvaultwizard.new.locationIsOk=Kasanız için uygun yer
 addvaultwizard.new.invalidName=Geçersiz kasa adı. Lütfen normal bir dizin adı kullanın.
 ### Password
 addvaultwizard.new.createVaultBtn=Kasa Oluştur
 addvaultwizard.new.generateRecoveryKeyChoice=Şifreniz olmadan verilerinize erişemeyeceksiniz. Şifrenizi kaybetmeniz durumunda kullanabileceğiniz bir kurtarma anahtarı ister misiniz?
-addvaultwizard.new.generateRecoveryKeyChoice.yes=Evet lütfen, kafamı taşlara vurmaktan iyidir
+addvaultwizard.new.generateRecoveryKeyChoice.yes=Evet lütfen, üzgün olmaktan daha güvenli
 addvaultwizard.new.generateRecoveryKeyChoice.no=Hayır teşekkürler, şifremi kaybetmeyeceğim
 ### Information
 addvault.new.readme.storageLocation.fileName=IMPORTANT.rtf
@@ -67,7 +69,7 @@ addvault.new.readme.storageLocation.10=Yardım lazımsa, belgeleri ziyaret edin:
 addvault.new.readme.accessLocation.fileName=WELCOME.rtf
 addvault.new.readme.accessLocation.1=🔐️  ŞİFRELENMİŞ BİRİM  🔐️
 addvault.new.readme.accessLocation.2=Burası kasanızın erişim konumudur.
-addvault.new.readme.accessLocation.3=Bu birime eklenen dosyalar Cryptomator tarafından şifrelenecektir. Diğer herhangi bir sürücü / klasörde olduğu gibi üzerinde çalışabilirsiniz. Bu sadece içeriğinin şifresi çözülmüş bir görünümdür, dosyalarınız her zaman sabit diskinizde şifrelenir.
+addvault.new.readme.accessLocation.3=Bu birime eklenen tüm dosyalar Cryptomator tarafından şifrelenecektir. Başka herhangi bir sürücü/klasörde olduğu gibi üzerinde çalışabilirsiniz. Bu sadece içeriğinin şifresi çözülmüş bir görünümüdür, dosyalarınız her zaman sabit sürücünüzde şifrelenmiş halde kalır.
 addvault.new.readme.accessLocation.4=Bu dosyayı silmeye çekinmeyin.
 ## Existing
 addvaultwizard.existing.instruction=Varolan kasanızın "masterkey.cryptomator" dosyasını seçin.
@@ -84,7 +86,7 @@ removeVault.confirmBtn=Kasayı Sil
 
 # Change Password
 changepassword.title=Şifreyi Değiştir
-changepassword.enterOldPassword="%s" için şuanki şifreyi gir
+changepassword.enterOldPassword="%s" için mevcut şifreyi girin
 changepassword.finalConfirmation=Şifremi unutursam verilerime ulaşamayacağımın farkındayım
 
 # Forget Password
@@ -97,10 +99,12 @@ unlock.title=Kasa Kilidini Aç
 unlock.passwordPrompt="%s" için şifre girin:
 unlock.savePassword=Şifreyi Hatırla
 unlock.unlockBtn=Kilidi Aç
+##
+unlock.chooseMasterkey.filePickerTitle=Masterkey Dosyasını Seç
 ## Success
-unlock.success.message="%s" 'nin kilidi başarıyla açıldı! Kasanız şimdi erişilebilir durumda.
+unlock.success.message="%s" 'nin kilidi başarıyla açıldı! Kasanız şimdi sanal sürücüsü ile erişilebilir durumda.
 unlock.success.rememberChoice=Seçimi hatırla, bunu bir daha gösterme
-unlock.success.revealBtn=Kasayı Göster
+unlock.success.revealBtn=Sürücüyü Göster
 ## Failure
 unlock.error.heading=Kasanın kilidi açılamıyor
 ### Invalid Mount Point
@@ -174,11 +178,14 @@ preferences.updates.currentVersion=Şuanki Sürüm: %s
 preferences.updates.autoUpdateCheck=Güncellemeleri otomatik kontrol et
 preferences.updates.checkNowBtn=Şimdi Kontrol Et
 preferences.updates.updateAvailable=%s sürümüne güncelleme mevcut.
-## Donation Key
-preferences.donationKey=Bağış
-preferences.donationKey.registeredFor=%s için kaydedildi
-preferences.donationKey.noDonationKey=Geçerli bir bağış anahtarı bulunamadı. Bu anahtar, lisans anahtarı gibidir ama ücretsiz uygulama kullanan muhteşem insanlar içindir ;-)
-preferences.donationKey.getDonationKey=Bir bağış anahtarı al
+## Contribution
+preferences.contribute=Bizi Destekle
+preferences.contribute.registeredFor=%s için destekçi sertifikası kaydedildi
+preferences.contribute.noCertificate=Cryptomator'u destekle ve bir destekçi sertifikası al. Bu bir lisans anahtarı gibidir ama ücretsiz program kullanan müthiş insanlar için. ;-)
+preferences.contribute.getCertificate=Herhangi bir tane yok mu? Nasıl elde edebileceğinizi öğrenin.
+preferences.contribute.promptText=Destekçi sertifika kodunu buraya yapıştırın
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=Hakkında
 
@@ -223,7 +230,12 @@ main.dropZone.dropVault=Bu kasayı ekle
 main.dropZone.unknownDragboardContent=Bir kasa eklemek istiyorsanız, onu bu pencereye sürükleyin
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=Kasa eklemek için buraya tıklayın
-main.vaultlist.contextMenu.remove=Kasayı Sil…
+main.vaultlist.contextMenu.remove=Kaldır…
+main.vaultlist.contextMenu.lock=Kilitle
+main.vaultlist.contextMenu.unlock=Kilit aç…
+main.vaultlist.contextMenu.unlockNow=Kilidi Şimdi Aç
+main.vaultlist.contextMenu.vaultoptions=Kasa Ayarları'nı Göster
+main.vaultlist.contextMenu.reveal=Sürücüyü Göster
 main.vaultlist.addVaultBtn=Kasa Ekle
 ## Vault Detail
 ### Welcome
@@ -246,7 +258,7 @@ main.vaultDetail.throughput.kbps=%.1f kiB/s
 main.vaultDetail.throughput.mbps=%.1f MiB/s
 main.vaultDetail.stats=Kasa İstatistikleri
 ### Missing
-main.vaultDetail.missing.info=Şifreleyici bu dosya yolunda bir kasa bulamadı.
+main.vaultDetail.missing.info=Cryptomator bu yolda bir kasa bulamadı.
 main.vaultDetail.missing.recheck=Yeniden denetle
 main.vaultDetail.missing.remove=Kasa Listesinden Sil…
 main.vaultDetail.missing.changeLocation=Kasa Yerini Değiştir…
diff --git a/main/ui/src/main/resources/i18n/strings_zh.properties b/main/ui/src/main/resources/i18n/strings_zh.properties
index e8181d946..80c8932ab 100644
--- a/main/ui/src/main/resources/i18n/strings_zh.properties
+++ b/main/ui/src/main/resources/i18n/strings_zh.properties
@@ -44,8 +44,10 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=自定义位置
 addvaultwizard.new.directoryPickerButton=选择...
 addvaultwizard.new.directoryPickerTitle=选择目录
-addvaultwizard.new.fileAlreadyExists=无法在此路径上创建保险库，因为某些对象已经存在。
-addvaultwizard.new.locationDoesNotExist=无法在此路径上创建保险库，因为至少有一个路径组件不存在
+addvaultwizard.new.fileAlreadyExists=已存在同名文件或文件夹
+addvaultwizard.new.locationDoesNotExist=指定路径中的目录不存在或无法访问
+addvaultwizard.new.locationIsNotWritable=没有对指定路径的写入权限
+addvaultwizard.new.locationIsOk=合适的保险库路径
 addvaultwizard.new.invalidName=无效的保险库名称，请考虑一个常规的目录名称
 ### Password
 addvaultwizard.new.createVaultBtn=创建保险库
@@ -97,10 +99,12 @@ unlock.title=解锁保险库
 unlock.passwordPrompt=输入 "%s" 的密码
 unlock.savePassword=记住密码
 unlock.unlockBtn=解锁
+##
+unlock.chooseMasterkey.filePickerTitle=选择 Masterkey 文件
 ## Success
-unlock.success.message=已成功解锁 "%s"! 您现在可以访问该保险库
+unlock.success.message=已成功解锁 "%s"! 您现在可以通过其虚拟驱动器访问它
 unlock.success.rememberChoice=记住选项且不再显示
-unlock.success.revealBtn=显示保险库
+unlock.success.revealBtn=显示驱动器
 ## Failure
 unlock.error.heading=无法解锁保险库
 ### Invalid Mount Point
@@ -174,11 +178,14 @@ preferences.updates.currentVersion=当前版本：%s
 preferences.updates.autoUpdateCheck=自动检查更新
 preferences.updates.checkNowBtn=立即检查
 preferences.updates.updateAvailable=可更新到版本 %s
-## Donation Key
-preferences.donationKey=捐赠
-preferences.donationKey.registeredFor=已注册给 %s
-preferences.donationKey.noDonationKey=找不到有效的捐赠密钥，它相当于一个专门给使用免费软件的帅哥美女的许可证密钥 ;-)
-preferences.donationKey.getDonationKey=获取一个捐赠密钥
+## Contribution
+preferences.contribute=支持我们
+preferences.contribute.registeredFor=已为 %s 注册支持者证书
+preferences.contribute.noCertificate=支持 Cryptomator 并获得一份支持者证书。它类似于许可证密钥，特别之处是提供给使用免费软件的牛人的 ;-)
+preferences.contribute.getCertificate=还没有该证书吗？了解您如何获取
+preferences.contribute.promptText=请在此粘贴支持者证书代码
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=关于
 
@@ -223,7 +230,12 @@ main.dropZone.dropVault=添加此保险库
 main.dropZone.unknownDragboardContent=如果您想要添加一个保险库，将其拖动到此窗口
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=点击此处添加一个保险库
-main.vaultlist.contextMenu.remove=删除保险库…
+main.vaultlist.contextMenu.remove=删除…
+main.vaultlist.contextMenu.lock=锁定
+main.vaultlist.contextMenu.unlock=解锁…
+main.vaultlist.contextMenu.unlockNow=立即解锁
+main.vaultlist.contextMenu.vaultoptions=显示保险库选项
+main.vaultlist.contextMenu.reveal=显示驱动器
 main.vaultlist.addVaultBtn=添加保险库
 ## Vault Detail
 ### Welcome
diff --git a/main/ui/src/main/resources/i18n/strings_zh_TW.properties b/main/ui/src/main/resources/i18n/strings_zh_TW.properties
index e484651bd..2fbaea486 100644
--- a/main/ui/src/main/resources/i18n/strings_zh_TW.properties
+++ b/main/ui/src/main/resources/i18n/strings_zh_TW.properties
@@ -44,8 +44,10 @@ addvaultwizard.new.locationPrompt=…
 addvaultwizard.new.directoryPickerLabel=自訂位置
 addvaultwizard.new.directoryPickerButton=選取
 addvaultwizard.new.directoryPickerTitle=選取資料夾
-addvaultwizard.new.fileAlreadyExists=無法在這個路徑建立加密檔案庫，因為其中已有其他檔案。
-addvaultwizard.new.locationDoesNotExist=無法在這個路徑建立加密檔案庫，因為部份路徑不存在。
+addvaultwizard.new.fileAlreadyExists=存在與加密檔案庫同名的檔案或資料夾
+addvaultwizard.new.locationDoesNotExist=指定的目錄不存在或無法存取
+addvaultwizard.new.locationIsNotWritable=指定路徑沒有寫入權限
+addvaultwizard.new.locationIsOk=可放置您的加密檔案庫
 addvaultwizard.new.invalidName=無效的加密檔案庫名稱。請考慮一般資料夾會使用的名稱。
 ### Password
 addvaultwizard.new.createVaultBtn=新建加密檔案庫
@@ -95,11 +97,14 @@ forgetPassword.confirmBtn=忘記密碼
 # Unlock
 unlock.title=解鎖加密檔案庫
 unlock.passwordPrompt=輸入 "%s" 的密碼：
+unlock.savePassword=記住密碼
 unlock.unlockBtn=解鎖
+##
+unlock.chooseMasterkey.filePickerTitle=選擇主金鑰檔案
 ## Success
-unlock.success.message=成功解鎖 "%s"！您現在可以存取您的加密檔案庫。
+unlock.success.message=成功解鎖 "%s"！您現在可以存存取您的加密檔案庫。
 unlock.success.rememberChoice=記得這個決定，不要再顯示
-unlock.success.revealBtn=顯示加密檔案庫
+unlock.success.revealBtn=顯示磁碟
 ## Failure
 unlock.error.heading=無法解鎖加密檔案庫
 ### Invalid Mount Point
@@ -173,11 +178,14 @@ preferences.updates.currentVersion=目前版本：%s
 preferences.updates.autoUpdateCheck=勾選以啟用自動更新
 preferences.updates.checkNowBtn=立即檢查
 preferences.updates.updateAvailable=有版本 %s 可更新。
-## Donation Key
-preferences.donationKey=贊助
-preferences.donationKey.registeredFor=註冊給 %s
-preferences.donationKey.noDonationKey=未發現贊助金鑰。贊助金鑰就像授權金鑰，不過是給使用自由軟體的善心人士的。
-preferences.donationKey.getDonationKey=取得贊助金鑰
+## Contribution
+preferences.contribute=贊助我們
+preferences.contribute.registeredFor=贊助憑證註冊給 %s
+preferences.contribute.noCertificate=支持 Cryptomator 並取得一個贊助憑證。它就像一個授權金鑰，但是給使用自由軟體的大好人的。;-)
+preferences.contribute.getCertificate=還沒有嗎？看看您該如何取得它。
+preferences.contribute.promptText=在這裡貼上贊助憑證
+#<-- Add entries for donations and code/translation/documentation contribution -->
+
 ## About
 preferences.about=關於
 
@@ -222,7 +230,12 @@ main.dropZone.dropVault=加入這個加密檔案庫
 main.dropZone.unknownDragboardContent=如果您想加入一個加密檔案庫，請將他拖到這個視窗裡
 ## Vault List
 main.vaultlist.emptyList.onboardingInstruction=點擊此處以加入加密檔案庫
-main.vaultlist.contextMenu.remove=移除加密檔案庫…
+main.vaultlist.contextMenu.remove=移除…
+main.vaultlist.contextMenu.lock=鎖定
+main.vaultlist.contextMenu.unlock=解鎖…
+main.vaultlist.contextMenu.unlockNow=立即解鎖
+main.vaultlist.contextMenu.vaultoptions=顯示加密檔案庫選項
+main.vaultlist.contextMenu.reveal=顯示磁碟
 main.vaultlist.addVaultBtn=新增加密檔案庫
 ## Vault Detail
 ### Welcome
diff --git a/main/ui/src/main/resources/license/THIRD-PARTY.txt b/main/ui/src/main/resources/license/THIRD-PARTY.txt
index 109ccb399..d1ec3a280 100644
--- a/main/ui/src/main/resources/license/THIRD-PARTY.txt
+++ b/main/ui/src/main/resources/license/THIRD-PARTY.txt
@@ -11,7 +11,7 @@ GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see http://www.gnu.org/licenses/.
 
-Cryptomator uses 46 third-party dependencies under the following licenses:
+Cryptomator uses 45 third-party dependencies under the following licenses:
         Apache License v2.0:
 			- jffi (com.github.jnr:jffi:1.2.23 - http://github.com/jnr/jffi)
 			- jnr-a64asm (com.github.jnr:jnr-a64asm:1.0.0 - http://nexus.sonatype.org/oss-repository-hosting.html/jnr-a64asm)
@@ -19,10 +19,10 @@ Cryptomator uses 46 third-party dependencies under the following licenses:
 			- jnr-ffi (com.github.jnr:jnr-ffi:2.1.12 - http://github.com/jnr/jnr-ffi)
 			- FindBugs-jsr305 (com.google.code.findbugs:jsr305:3.0.2 - http://findbugs.sourceforge.net/)
 			- Gson (com.google.code.gson:gson:2.8.6 - https://github.com/google/gson/gson)
-			- Dagger (com.google.dagger:dagger:2.32 - https://github.com/google/dagger)
-			- error-prone annotations (com.google.errorprone:error_prone_annotations:2.3.4 - http://nexus.sonatype.org/oss-repository-hosting.html/error_prone_parent/error_prone_annotations)
+			- Dagger (com.google.dagger:dagger:2.35.1 - https://github.com/google/dagger)
+			- error-prone annotations (com.google.errorprone:error_prone_annotations:2.5.1 - http://nexus.sonatype.org/oss-repository-hosting.html/error_prone_parent/error_prone_annotations)
 			- Guava InternalFutureFailureAccess and InternalFutures (com.google.guava:failureaccess:1.0.1 - https://github.com/google/guava/failureaccess)
-			- Guava: Google Core Libraries for Java (com.google.guava:guava:30.0-jre - https://github.com/google/guava/guava)
+			- Guava: Google Core Libraries for Java (com.google.guava:guava:30.1.1-jre - https://github.com/google/guava/guava)
 			- Guava ListenableFuture only (com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava - https://github.com/google/guava/listenablefuture)
 			- J2ObjC Annotations (com.google.j2objc:j2objc-annotations:1.3 - https://github.com/google/j2objc/)
 			- Apache Commons CLI (commons-cli:commons-cli:1.4 - http://commons.apache.org/proper/commons-cli/)
@@ -30,17 +30,17 @@ Cryptomator uses 46 third-party dependencies under the following licenses:
 			- Java Native Access (net.java.dev.jna:jna:5.7.0 - https://github.com/java-native-access/jna)
 			- Java Native Access Platform (net.java.dev.jna:jna-platform:5.7.0 - https://github.com/java-native-access/jna)
 			- Apache Commons Lang (org.apache.commons:commons-lang3:3.11 - https://commons.apache.org/proper/commons-lang/)
-			- Apache HttpCore (org.apache.httpcomponents:httpcore:4.4.13 - http://hc.apache.org/httpcomponents-core-ga)
-			- Jackrabbit WebDAV Library (org.apache.jackrabbit:jackrabbit-webdav:2.21.3 - http://jackrabbit.apache.org/jackrabbit-webdav/)
-			- Jetty :: Http Utility (org.eclipse.jetty:jetty-http:9.4.36.v20210114 - https://eclipse.org/jetty/jetty-http)
-			- Jetty :: IO Utility (org.eclipse.jetty:jetty-io:9.4.36.v20210114 - https://eclipse.org/jetty/jetty-io)
-			- Jetty :: Security (org.eclipse.jetty:jetty-security:9.4.36.v20210114 - https://eclipse.org/jetty/jetty-security)
-			- Jetty :: Server Core (org.eclipse.jetty:jetty-server:9.4.36.v20210114 - https://eclipse.org/jetty/jetty-server)
-			- Jetty :: Servlet Handling (org.eclipse.jetty:jetty-servlet:9.4.36.v20210114 - https://eclipse.org/jetty/jetty-servlet)
-			- Jetty :: Utilities (org.eclipse.jetty:jetty-util:9.4.36.v20210114 - https://eclipse.org/jetty/jetty-util)
-			- Jetty :: Utilities :: Ajax(JSON) (org.eclipse.jetty:jetty-util-ajax:9.4.36.v20210114 - https://eclipse.org/jetty/jetty-util-ajax)
-			- Jetty :: Webapp Application Support (org.eclipse.jetty:jetty-webapp:9.4.36.v20210114 - https://eclipse.org/jetty/jetty-webapp)
-			- Jetty :: XML utilities (org.eclipse.jetty:jetty-xml:9.4.36.v20210114 - https://eclipse.org/jetty/jetty-xml)
+			- Apache HttpCore (org.apache.httpcomponents:httpcore:4.4.14 - http://hc.apache.org/httpcomponents-core-ga)
+			- Jackrabbit WebDAV Library (org.apache.jackrabbit:jackrabbit-webdav:2.21.5 - http://jackrabbit.apache.org/jackrabbit-webdav/)
+			- Jetty :: Http Utility (org.eclipse.jetty:jetty-http:10.0.2 - https://eclipse.org/jetty/jetty-http)
+			- Jetty :: IO Utility (org.eclipse.jetty:jetty-io:10.0.2 - https://eclipse.org/jetty/jetty-io)
+			- Jetty :: Security (org.eclipse.jetty:jetty-security:10.0.2 - https://eclipse.org/jetty/jetty-security)
+			- Jetty :: Server Core (org.eclipse.jetty:jetty-server:10.0.2 - https://eclipse.org/jetty/jetty-server)
+			- Jetty :: Servlet Handling (org.eclipse.jetty:jetty-servlet:10.0.2 - https://eclipse.org/jetty/jetty-servlet)
+			- Jetty :: Utilities (org.eclipse.jetty:jetty-util:10.0.2 - https://eclipse.org/jetty/jetty-util)
+			- Jetty :: Webapp Application Support (org.eclipse.jetty:jetty-webapp:10.0.2 - https://eclipse.org/jetty/jetty-webapp)
+			- Jetty :: XML utilities (org.eclipse.jetty:jetty-xml:10.0.2 - https://eclipse.org/jetty/jetty-xml)
+			- Jetty :: Servlet API and Schemas for JPMS and OSGi (org.eclipse.jetty.toolchain:jetty-servlet-api:4.0.6 - https://eclipse.org/jetty/jetty-servlet-api)
         BSD:
 			- asm (org.ow2.asm:asm:7.1 - http://asm.ow2.org/)
 			- asm-analysis (org.ow2.asm:asm-analysis:7.1 - http://asm.ow2.org/)
@@ -48,35 +48,35 @@ Cryptomator uses 46 third-party dependencies under the following licenses:
 			- asm-tree (org.ow2.asm:asm-tree:7.1 - http://asm.ow2.org/)
 			- asm-util (org.ow2.asm:asm-util:7.1 - http://asm.ow2.org/)
         Eclipse Public License - Version 1.0:
-			- Jetty :: Http Utility (org.eclipse.jetty:jetty-http:9.4.36.v20210114 - https://eclipse.org/jetty/jetty-http)
-			- Jetty :: IO Utility (org.eclipse.jetty:jetty-io:9.4.36.v20210114 - https://eclipse.org/jetty/jetty-io)
-			- Jetty :: Security (org.eclipse.jetty:jetty-security:9.4.36.v20210114 - https://eclipse.org/jetty/jetty-security)
-			- Jetty :: Server Core (org.eclipse.jetty:jetty-server:9.4.36.v20210114 - https://eclipse.org/jetty/jetty-server)
-			- Jetty :: Servlet Handling (org.eclipse.jetty:jetty-servlet:9.4.36.v20210114 - https://eclipse.org/jetty/jetty-servlet)
-			- Jetty :: Utilities (org.eclipse.jetty:jetty-util:9.4.36.v20210114 - https://eclipse.org/jetty/jetty-util)
-			- Jetty :: Utilities :: Ajax(JSON) (org.eclipse.jetty:jetty-util-ajax:9.4.36.v20210114 - https://eclipse.org/jetty/jetty-util-ajax)
-			- Jetty :: Webapp Application Support (org.eclipse.jetty:jetty-webapp:9.4.36.v20210114 - https://eclipse.org/jetty/jetty-webapp)
-			- Jetty :: XML utilities (org.eclipse.jetty:jetty-xml:9.4.36.v20210114 - https://eclipse.org/jetty/jetty-xml)
+			- Jetty :: Servlet API and Schemas for JPMS and OSGi (org.eclipse.jetty.toolchain:jetty-servlet-api:4.0.6 - https://eclipse.org/jetty/jetty-servlet-api)
+        Eclipse Public License - Version 2.0:
+			- Jetty :: Http Utility (org.eclipse.jetty:jetty-http:10.0.2 - https://eclipse.org/jetty/jetty-http)
+			- Jetty :: IO Utility (org.eclipse.jetty:jetty-io:10.0.2 - https://eclipse.org/jetty/jetty-io)
+			- Jetty :: Security (org.eclipse.jetty:jetty-security:10.0.2 - https://eclipse.org/jetty/jetty-security)
+			- Jetty :: Server Core (org.eclipse.jetty:jetty-server:10.0.2 - https://eclipse.org/jetty/jetty-server)
+			- Jetty :: Servlet Handling (org.eclipse.jetty:jetty-servlet:10.0.2 - https://eclipse.org/jetty/jetty-servlet)
+			- Jetty :: Utilities (org.eclipse.jetty:jetty-util:10.0.2 - https://eclipse.org/jetty/jetty-util)
+			- Jetty :: Webapp Application Support (org.eclipse.jetty:jetty-webapp:10.0.2 - https://eclipse.org/jetty/jetty-webapp)
+			- Jetty :: XML utilities (org.eclipse.jetty:jetty-xml:10.0.2 - https://eclipse.org/jetty/jetty-xml)
         Eclipse Public License - v 2.0:
 			- jnr-posix (com.github.jnr:jnr-posix:3.0.54 - http://nexus.sonatype.org/oss-repository-hosting.html/jnr-posix)
         GPLv2:
 			- jnr-posix (com.github.jnr:jnr-posix:3.0.54 - http://nexus.sonatype.org/oss-repository-hosting.html/jnr-posix)
         GPLv2+CE:
-			- Java Servlet API (javax.servlet:javax.servlet-api:3.1.0 - http://servlet-spec.java.net)
-			- javafx-base (org.openjfx:javafx-base:15 - https://openjdk.java.net/projects/openjfx/javafx-base/)
-			- javafx-controls (org.openjfx:javafx-controls:15 - https://openjdk.java.net/projects/openjfx/javafx-controls/)
-			- javafx-fxml (org.openjfx:javafx-fxml:15 - https://openjdk.java.net/projects/openjfx/javafx-fxml/)
-			- javafx-graphics (org.openjfx:javafx-graphics:15 - https://openjdk.java.net/projects/openjfx/javafx-graphics/)
+			- javafx-base (org.openjfx:javafx-base:16 - https://openjdk.java.net/projects/openjfx/javafx-base/)
+			- javafx-controls (org.openjfx:javafx-controls:16 - https://openjdk.java.net/projects/openjfx/javafx-controls/)
+			- javafx-fxml (org.openjfx:javafx-fxml:16 - https://openjdk.java.net/projects/openjfx/javafx-fxml/)
+			- javafx-graphics (org.openjfx:javafx-graphics:16 - https://openjdk.java.net/projects/openjfx/javafx-graphics/)
         LGPL 2.1:
 			- jnr-posix (com.github.jnr:jnr-posix:3.0.54 - http://nexus.sonatype.org/oss-repository-hosting.html/jnr-posix)
 			- Java Native Access (net.java.dev.jna:jna:5.7.0 - https://github.com/java-native-access/jna)
 			- Java Native Access Platform (net.java.dev.jna:jna-platform:5.7.0 - https://github.com/java-native-access/jna)
         MIT License:
-			- java jwt (com.auth0:java-jwt:3.12.0 - https://github.com/auth0/java-jwt)
+			- java jwt (com.auth0:java-jwt:3.15.0 - https://github.com/auth0/java-jwt)
 			- jnr-x86asm (com.github.jnr:jnr-x86asm:1.0.2 - http://github.com/jnr/jnr-x86asm)
 			- jnr-fuse (com.github.serceman:jnr-fuse:0.5.5 - https://github.com/SerCeMan/jnr-fuse)
 			- zxcvbn4j (com.nulab-inc:zxcvbn:1.3.0 - https://github.com/nulab/zxcvbn4j)
-			- Checker Qual (org.checkerframework:checker-qual:3.5.0 - https://checkerframework.org)
+			- Checker Qual (org.checkerframework:checker-qual:3.8.0 - https://checkerframework.org)
 			- SLF4J API Module (org.slf4j:slf4j-api:1.7.30 - http://www.slf4j.org)
         The BSD 2-Clause License:
 			- EasyBind (com.tobiasdiez:easybind:2.1.0 - https://github.com/tobiasdiez/EasyBind)
diff --git a/main/ui/src/test/java/org/cryptomator/ui/recoverykey/RecoveryKeyFactoryTest.java b/main/ui/src/test/java/org/cryptomator/ui/recoverykey/RecoveryKeyFactoryTest.java
index 3ea028bf2..672b7a3b8 100644
--- a/main/ui/src/test/java/org/cryptomator/ui/recoverykey/RecoveryKeyFactoryTest.java
+++ b/main/ui/src/test/java/org/cryptomator/ui/recoverykey/RecoveryKeyFactoryTest.java
@@ -1,24 +1,33 @@
 package org.cryptomator.ui.recoverykey;
 
 import com.google.common.base.Splitter;
-import org.cryptomator.cryptofs.CryptoFileSystemProvider;
+import org.cryptomator.cryptolib.api.CryptoException;
+import org.cryptomator.cryptolib.api.Masterkey;
+import org.cryptomator.cryptolib.common.MasterkeyFileAccess;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.io.TempDir;
+import org.mockito.Mockito;
 
 import java.io.IOException;
 import java.nio.file.Path;
+import java.security.SecureRandom;
 
 class RecoveryKeyFactoryTest {
 
 	private WordEncoder wordEncoder = new WordEncoder();
-	private RecoveryKeyFactory inTest = new RecoveryKeyFactory(wordEncoder);
+	private MasterkeyFileAccess masterkeyFileAccess = Mockito.mock(MasterkeyFileAccess.class);
+	private RecoveryKeyFactory inTest = new RecoveryKeyFactory(wordEncoder, masterkeyFileAccess);
 
 	@Test
 	@DisplayName("createRecoveryKey() creates 44 words")
-	public void testCreateRecoveryKey(@TempDir Path pathToVault) throws IOException {
-		CryptoFileSystemProvider.initialize(pathToVault, "masterkey.cryptomator", "asd");
+	public void testCreateRecoveryKey() throws IOException, CryptoException {
+		Path pathToVault = Path.of("path/to/vault");
+		Masterkey masterkey = Mockito.mock(Masterkey.class);
+		Mockito.when(masterkeyFileAccess.load(pathToVault.resolve("masterkey.cryptomator"), "asd")).thenReturn(masterkey);
+
+		Mockito.when(masterkey.getEncoded()).thenReturn(new byte[64]);
+
 		String recoveryKey = inTest.createRecoveryKey(pathToVault, "asd");
 		Assertions.assertNotNull(recoveryKey);
 		Assertions.assertEquals(44, Splitter.on(' ').splitToList(recoveryKey).size()); // 66 bytes encoded as 44 words
diff --git a/main/ui/src/test/resources/mockito-extensions/org.mockito.plugins.MockMaker b/main/ui/src/test/resources/mockito-extensions/org.mockito.plugins.MockMaker
new file mode 100644
index 000000000..ca6ee9cea
--- /dev/null
+++ b/main/ui/src/test/resources/mockito-extensions/org.mockito.plugins.MockMaker
@@ -0,0 +1 @@
+mock-maker-inline
\ No newline at end of file