All CBFS Vault vaults contain a special data stream called RootData which can be used for application-defined purposes. A vault's RootData stream can only be accessed using the OpenRootData method, because the stream itself is not part of the vault's filesystem hierarchy. The standalone nature of the RootData stream means that:
- It does not have a path in the filesystem, which prevents it from being found using FindFirst or FindFirstByQuery.
- It cannot have any file tags, attributes, times, or alternate streams associated with it.
- It cannot be compressed using the SetFileCompression method.
- It cannot be encrypted using the SetFileEncryption method.
The RootData stream is also exempt from whole-vault encryption. This exemption is intentional; it allows applications which utilize whole-vault encryption to store information about said encryption (e.g., encrypted session keys, certificates, access control lists (ACLs), etc.) within the vault itself, thus simplifying application design.