All CBFS Vault vaults contain a special data stream called RootData which can be used for application-defined purposes. A vault's RootData stream can only be accessed using the open_root_data method, because the stream itself is not part of the vault's filesystem hierarchy. The standalone nature of the RootData stream means that:
- It does not have a path in the filesystem, which prevents it from being found using find_first or find_first_by_query.
- It cannot have any file tags, attributes, times, or alternate streams associated with it.
- It cannot be compressed using the set_file_compression method.
- It cannot be encrypted using the set_file_encryption method.
The RootData stream is also exempt from whole-vault encryption. This exemption is intentional; it allows applications which utilize whole-vault encryption to store information about said encryption (e.g., encrypted session keys, certificates, access control lists (ACLs), etc.) within the vault itself, thus simplifying application design.