diff --git a/Makefile b/Makefile
index 2c6bb540..1dea0b35 100644
--- a/Makefile
+++ b/Makefile
@@ -110,6 +110,9 @@ build-launcher: ${RESOURCE_FILE}
 versioner:
 	go build ${BUILD_FLAGS} -o versioner utils/versioner/main.go
 
+vault-editor:
+	go build -tags debug -o vault-editor utils/vault-editor/main.go
+
 hasher:
 	go build -o hasher utils/hasher/main.go
 
diff --git a/go.mod b/go.mod
index 4ed4b968..4db8af44 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.18
 require (
 	github.com/0xAX/notificator v0.0.0-20220220101646-ee9b8921e557
 	github.com/Masterminds/semver/v3 v3.1.1
-	github.com/ProtonMail/gluon v0.13.1-0.20221025093924-86bbf0261eb8
+	github.com/ProtonMail/gluon v0.13.1-0.20221026080908-3f1806709bdd
 	github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a
 	github.com/ProtonMail/go-rfc5322 v0.11.0
 	github.com/ProtonMail/gopenpgp/v2 v2.4.10
diff --git a/go.sum b/go.sum
index 8bf4ab37..ded30c56 100644
--- a/go.sum
+++ b/go.sum
@@ -30,6 +30,8 @@ github.com/ProtonMail/docker-credential-helpers v1.1.0 h1:+kvUIpwWcbtP3WFv5sSvkF
 github.com/ProtonMail/docker-credential-helpers v1.1.0/go.mod h1:mK0aBveCxhnQ756AmaTfXMZDeULvheYVhF/MWMErN5g=
 github.com/ProtonMail/gluon v0.13.1-0.20221025093924-86bbf0261eb8 h1:LKyiQdEsAxAocSYUWxSfwlxBwmzJYvO/9td/eAX3oFU=
 github.com/ProtonMail/gluon v0.13.1-0.20221025093924-86bbf0261eb8/go.mod h1:XW/gcr4jErc5bX5yMqkUq3U+AucC2QZHJ5L231k3Nw4=
+github.com/ProtonMail/gluon v0.13.1-0.20221026080908-3f1806709bdd h1:2R9kbvUVmGSHK4b0kGLyxruX9Ea0EO23km2xwYheWrY=
+github.com/ProtonMail/gluon v0.13.1-0.20221026080908-3f1806709bdd/go.mod h1:XW/gcr4jErc5bX5yMqkUq3U+AucC2QZHJ5L231k3Nw4=
 github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a h1:D+aZah+k14Gn6kmL7eKxoo/4Dr/lK3ChBcwce2+SQP4=
 github.com/ProtonMail/go-autostart v0.0.0-20210130080809-00ed301c8e9a/go.mod h1:oTGdE7/DlWIr23G0IKW3OXK9wZ5Hw1GGiaJFccTvZi4=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
diff --git a/internal/app/app.go b/internal/app/app.go
index 0df6e3af..63da930e 100644
--- a/internal/app/app.go
+++ b/internal/app/app.go
@@ -163,13 +163,13 @@ func run(c *cli.Context) error { //nolint:funlen
 			// Handle crashes with various actions.
 			return withCrashHandler(restarter, reporter, func(crashHandler *crash.Handler) error {
 				// Load the locations where we store our files.
-				return withLocations(func(locations *locations.Locations) error {
+				return WithLocations(func(locations *locations.Locations) error {
 					// Initialize logging.
 					return withLogging(c, crashHandler, locations, func() error {
 						// Ensure we are the only instance running.
 						return withSingleInstance(locations, version, func() error {
 							// Unlock the encrypted vault.
-							return withVault(locations, func(vault *vault.Vault, insecure, corrupt bool) error {
+							return WithVault(locations, func(vault *vault.Vault, insecure, corrupt bool) error {
 								// Load the cookies from the vault.
 								return withCookieJar(vault, func(cookieJar http.CookieJar) error {
 									// Create a new bridge instance.
@@ -245,8 +245,8 @@ func withLogging(c *cli.Context, crashHandler *crash.Handler, locations *locatio
 	return fn()
 }
 
-// Provide access to locations where we store our files.
-func withLocations(fn func(*locations.Locations) error) error {
+// WithLocations provides access to locations where we store our files.
+func WithLocations(fn func(*locations.Locations) error) error {
 	// Create a locations provider to determine where to store our files.
 	provider, err := locations.NewDefaultProvider(filepath.Join(constants.VendorName, constants.ConfigName))
 	if err != nil {
diff --git a/internal/app/vault.go b/internal/app/vault.go
index 5f1a96c2..b320559d 100644
--- a/internal/app/vault.go
+++ b/internal/app/vault.go
@@ -30,7 +30,7 @@ import (
 	"golang.org/x/exp/slices"
 )
 
-func withVault(locations *locations.Locations, fn func(*vault.Vault, bool, bool) error) error {
+func WithVault(locations *locations.Locations, fn func(*vault.Vault, bool, bool) error) error {
 	// Create the encVault.
 	encVault, insecure, corrupt, err := newVault(locations)
 	if err != nil {
diff --git a/internal/vault/vault_debug.go b/internal/vault/vault_debug.go
new file mode 100644
index 00000000..9354b2ad
--- /dev/null
+++ b/internal/vault/vault_debug.go
@@ -0,0 +1,41 @@
+// Copyright (c) 2022 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge.  If not, see <https://www.gnu.org/licenses/>.
+
+//go:build debug
+
+package vault
+
+import (
+	"encoding/json"
+)
+
+func (vault *Vault) ImportJSON(dec []byte) {
+	vault.mod(func(data *Data) {
+		if err := json.Unmarshal(dec, data); err != nil {
+			panic(err)
+		}
+	})
+}
+
+func (vault *Vault) ExportJSON() []byte {
+	enc, err := json.MarshalIndent(vault.get(), "", "  ")
+	if err != nil {
+		panic(err)
+	}
+
+	return enc
+}
diff --git a/utils/vault-editor/main.go b/utils/vault-editor/main.go
new file mode 100644
index 00000000..caadbcfe
--- /dev/null
+++ b/utils/vault-editor/main.go
@@ -0,0 +1,75 @@
+//go:build debug
+
+// Copyright (c) 2022 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+package main
+
+import (
+	"fmt"
+	"io"
+	"os"
+
+	"github.com/ProtonMail/proton-bridge/v2/internal/app"
+	"github.com/ProtonMail/proton-bridge/v2/internal/locations"
+	"github.com/ProtonMail/proton-bridge/v2/internal/vault"
+	"github.com/urfave/cli/v2"
+)
+
+func main() {
+	app := cli.NewApp()
+
+	app.Commands = []*cli.Command{
+		{
+			Name:   "read",
+			Action: readAction,
+		},
+		{
+			Name:   "write",
+			Action: writeAction,
+		},
+	}
+
+	app.RunAndExitOnError()
+}
+
+func readAction(c *cli.Context) error {
+	return app.WithLocations(func(locations *locations.Locations) error {
+		return app.WithVault(locations, func(vault *vault.Vault, insecure, corrupt bool) error {
+			if _, err := os.Stdout.Write(vault.ExportJSON()); err != nil {
+				return fmt.Errorf("failed to write vault: %w", err)
+			}
+
+			return nil
+		})
+	})
+}
+
+func writeAction(c *cli.Context) error {
+	return app.WithLocations(func(locations *locations.Locations) error {
+		return app.WithVault(locations, func(vault *vault.Vault, insecure, corrupt bool) error {
+			b, err := io.ReadAll(os.Stdin)
+			if err != nil {
+				return fmt.Errorf("failed to read vault: %w", err)
+			}
+
+			vault.ImportJSON(b)
+
+			return nil
+		})
+	})
+}