diff --git a/browser-extensions/chrome/src/App.tsx b/browser-extensions/chrome/src/App.tsx
index 8ce812892..0540b1f03 100644
--- a/browser-extensions/chrome/src/App.tsx
+++ b/browser-extensions/chrome/src/App.tsx
@@ -8,6 +8,10 @@ import CredentialsList from './pages/CredentialsList';
 import { useMinDurationLoading } from './hooks/useMinDurationLoading';
 import LoadingSpinner from './components/LoadingSpinner';
 import './styles/app.css';
+import EncryptionUtility from './utils/EncryptionUtility';
+import { VaultResponse } from './types/webapi/VaultResponse';
+import { useWebApi } from './context/WebApiContext';
+import SrpUtility from './utils/SrpUtility';
 
 /**
  * Main application component
@@ -15,6 +19,7 @@ import './styles/app.css';
 const App: React.FC = () => {
   const authContext = useAuth();
   const dbContext = useDb();
+  const webApi = useWebApi();
   const [needsUnlock, setNeedsUnlock] = useState(false);
   const [showSettings, setShowSettings] = useState(false);
   const [isUserMenuOpen, setIsUserMenuOpen] = useState(false);
@@ -79,6 +84,33 @@ const App: React.FC = () => {
     }
   };
 
+  /**
+   * Refresh the vault.
+   */
+  const handleRefresh = async (): Promise<void> => {
+    setIsLoading(true);
+    try {
+      // Make API call to get latest vault
+      const vaultResponseJson = await webApi.get('Vault') as VaultResponse;
+
+      // Get derived key from background worker
+      const passwordHashBase64 = await chrome.runtime.sendMessage({ type: 'GET_DERIVED_KEY' });
+
+      // Attempt to decrypt the blob
+      const decryptedBlob = await EncryptionUtility.symmetricDecrypt(
+        vaultResponseJson.vault.blob,
+        passwordHashBase64
+      );
+
+      // Initialize the SQLite context again with the newly retrieved decrypted blob
+      await dbContext.initializeDatabase(passwordHashBase64, decryptedBlob);
+    } catch (err) {
+      console.error('Refresh error:', err);
+    } finally {
+      setIsLoading(false);
+    }
+  };
+
   /**
    * Toggle settings.
    */
@@ -95,9 +127,27 @@ const App: React.FC = () => {
 
   /**
    * User menu.
+   *
+   * Only shown if the user is logged in and the vault is not locked.
    */
-  const userMenu = authContext.isLoggedIn ? (
-    <div className="relative">
+  const userMenu = authContext.isLoggedIn && !needsUnlock ? (
+    <div className="relative flex items-center">
+      <div role="status" className="px-2 flex items-center">
+      <div className="relative inline-flex items-center justify-center">
+        <button onClick={handleRefresh} className="absolute p-2 hover:bg-gray-200 rounded-2xl">
+          <svg xmlns="http://www.w3.org/2000/svg" className="h-4 w-4 text-gray-400" viewBox="0 0 20 20" fill="currentColor">
+            <path fillRule="evenodd" d="M4 2a1 1 0 011 1v2.101a7.002 7.002 0 0111.601 2.566 1 1 0 11-1.885.666A5.002 5.002 0 005.999 7H9a1 1 0 010 2H4a1 1 0 01-1-1V3a1 1 0 011-1zm.008 9.057a1 1 0 011.276.61A5.002 5.002 0 0014.001 13H11a1 1 0 110-2h5a1 1 0 011 1v5a1 1 0 11-2 0v-2.101a7.002 7.002 0 01-11.601-2.566 1 1 0 01.61-1.276z" clipRule="evenodd"></path>
+          </svg>
+        </button>
+        <svg aria-hidden="true" className="inline w-8 h-8 text-gray-200  dark:text-gray-600" viewBox="0 0 100 101" fill="none" xmlns="http://www.w3.org/2000/svg">
+          <path d="M100 50.5908C100 78.2051 77.6142 100.591 50 100.591C22.3858 100.591 0 78.2051 0 50.5908C0 22.9766 22.3858 0.59082 50 0.59082C77.6142 0.59082 100 22.9766 100 50.5908ZM9.08144 50.5908C9.08144 73.1895 27.4013 91.5094 50 91.5094C72.5987 91.5094 90.9186 73.1895 90.9186 50.5908C90.9186 27.9921 72.5987 9.67226 50 9.67226C27.4013 9.67226 9.08144 27.9921 9.08144 50.5908Z" fill="currentColor"></path>
+          <path d="M93.9676 39.0409C96.393 38.4038 97.8624 35.9116 97.0079 33.5539C95.2932 28.8227 92.871 24.3692 89.8167 20.348C85.8452 15.1192 80.8826 10.7238 75.2124 7.41289C69.5422 4.10194 63.2754 1.94025 56.7698 1.05124C51.7666 0.367541 46.6976 0.446843 41.7345 1.27873C39.2613 1.69328 37.813 4.19778 38.4501 6.62326C39.0873 9.04874 41.5694 10.4717 44.0505 10.1071C47.8511 9.54855 51.7191 9.52689 55.5402 10.0491C60.8642 10.7766 65.9928 12.5457 70.6331 15.2552C75.2735 17.9648 79.3347 21.5619 82.5849 25.841C84.9175 28.9121 86.7997 32.2913 88.1811 35.8758C89.083 38.2158 91.5421 39.6781 93.9676 39.0409Z" fill="currentFill"></path>
+        </svg>
+      </div>
+
+      <span className="sr-only">Loading...</span></div>
+
+      <div className="relative">
       <button
         ref={buttonRef}
         onClick={toggleUserMenu}
@@ -125,6 +175,7 @@ const App: React.FC = () => {
           </button>
         </div>
       )}
+      </div>
     </div>
   ) : null;
 
@@ -176,6 +227,7 @@ const App: React.FC = () => {
             <h1 className="text-gray-900 dark:text-white text-xl font-bold">AliasVault</h1>
           </div>
           {!authContext.isLoggedIn ? (
+            <>
             <button
               id="settings"
               onClick={toggleSettings}
@@ -186,6 +238,7 @@ const App: React.FC = () => {
                 <path fillRule="evenodd" d="M11.49 3.17c-.38-1.56-2.6-1.56-2.98 0a1.532 1.532 0 01-2.286.948c-1.372-.836-2.942.734-2.106 2.106.54.886.061 2.042-.947 2.287-1.561.379-1.561 2.6 0 2.978a1.532 1.532 0 01.947 2.287c-.836 1.372.734 2.942 2.106 2.106a1.532 1.532 0 012.287.947c.379 1.561 2.6 1.561 2.978 0a1.533 1.533 0 012.287-.947c1.372.836 2.942-.734 2.106-2.106a1.533 1.533 0 01.947-2.287c1.561-.379 1.561-2.6 0-2.978a1.532 1.532 0 01-.947-2.287c.836-1.372-.734-2.942-2.106-2.106a1.532 1.532 0 01-2.287-.947zM10 13a3 3 0 100-6 3 3 0 000 6z" clipRule="evenodd" />
               </svg>
             </button>
+            </>
           ) : (
             userMenu
           )}
diff --git a/browser-extensions/chrome/src/background.ts b/browser-extensions/chrome/src/background.ts
index fbea2e126..e99268941 100644
--- a/browser-extensions/chrome/src/background.ts
+++ b/browser-extensions/chrome/src/background.ts
@@ -1,27 +1,25 @@
-import { Buffer } from 'buffer';
 import EncryptionUtility from './utils/EncryptionUtility';
 import SqliteClient from './utils/SqliteClient';
 
 let vaultState: {
-  sessionKey: string | null;
+  derivedKey: string | null;
 } = {
-  sessionKey: null
+  derivedKey: null
 };
 
 // Listen for messages from popup
 chrome.runtime.onMessage.addListener((message, sender, sendResponse) => {
   switch (message.type) {
     case 'STORE_VAULT': {
-      // Generate random session key
-      const sessionKey = crypto.getRandomValues(new Uint8Array(32));
-      vaultState.sessionKey = Buffer.from(sessionKey).toString('base64');
+      // Store derived key in memory for future vault syncs
+      vaultState.derivedKey = message.derivedKey;
 
       // Re-encrypt vault with session key
       (async () : Promise<void> => {
         try {
           const encryptedVault = await EncryptionUtility.symmetricEncrypt(
             message.vault,
-            vaultState.sessionKey!
+            vaultState.derivedKey!
           );
 
           // Store in chrome.storage.session and wait for completion
@@ -41,8 +39,7 @@ chrome.runtime.onMessage.addListener((message, sender, sendResponse) => {
       break;
     }
     case 'GET_VAULT': {
-      if (!vaultState.sessionKey) {
-        console.error('No session key available');
+      if (!vaultState.derivedKey) {
         sendResponse({ vault: null });
         return;
       }
@@ -55,10 +52,10 @@ chrome.runtime.onMessage.addListener((message, sender, sendResponse) => {
             return;
           }
 
-          // Decrypt vault with session key
+          // Decrypt vault with derived key
           const decryptedVault = await EncryptionUtility.symmetricDecrypt(
             result.encryptedVault,
-            vaultState.sessionKey!
+            vaultState.derivedKey!
           );
 
           // Parse the decrypted vault and send response
@@ -76,14 +73,14 @@ chrome.runtime.onMessage.addListener((message, sender, sendResponse) => {
       break;
     }
     case 'CLEAR_VAULT': {
-      vaultState.sessionKey = null;
+      vaultState.derivedKey = null;
       chrome.storage.session.remove(['encryptedVault']);
       sendResponse({ success: true });
       break;
     }
 
     case 'GET_CREDENTIALS_FOR_URL': {
-      if (!vaultState.sessionKey) {
+      if (!vaultState.derivedKey) {
         sendResponse({ credentials: [] });
         return;
       }
@@ -97,7 +94,7 @@ chrome.runtime.onMessage.addListener((message, sender, sendResponse) => {
 
           const decryptedVault = await EncryptionUtility.symmetricDecrypt(
             result.encryptedVault,
-            vaultState.sessionKey!
+            vaultState.derivedKey!
           );
 
           // Initialize SQLite client
@@ -131,6 +128,11 @@ chrome.runtime.onMessage.addListener((message, sender, sendResponse) => {
       });
       break;
     }
+
+    case 'GET_DERIVED_KEY': {
+      sendResponse(vaultState.derivedKey ? vaultState.derivedKey : null);
+      break;
+    }
   }
   return true;
 });
diff --git a/browser-extensions/chrome/src/context/DbContext.tsx b/browser-extensions/chrome/src/context/DbContext.tsx
index 87da5f06c..57eefaf81 100644
--- a/browser-extensions/chrome/src/context/DbContext.tsx
+++ b/browser-extensions/chrome/src/context/DbContext.tsx
@@ -5,7 +5,7 @@ type DbContextType = {
   sqliteClient: SqliteClient | null;
   dbInitialized: boolean;
   dbAvailable: boolean;
-  initializeDatabase: (blob: string) => Promise<void>;
+  initializeDatabase: (derivedKey: string, vault: string) => Promise<void>;
   clearDatabase: () => void;
 }
 
@@ -30,9 +30,9 @@ export const DbProvider: React.FC<{ children: React.ReactNode }> = ({ children }
    */
   const [dbAvailable, setDbAvailable] = useState(false);
 
-  const initializeDatabase = useCallback(async (blob: string) => {
+  const initializeDatabase = useCallback(async (derivedKey: string, vault: string) => {
     const client = new SqliteClient();
-    await client.initializeFromBase64(blob);
+    await client.initializeFromBase64(vault);
     setSqliteClient(client);
     setDbInitialized(true);
     setDbAvailable(true);
@@ -40,7 +40,8 @@ export const DbProvider: React.FC<{ children: React.ReactNode }> = ({ children }
     // Store in background worker
     chrome.runtime.sendMessage({
       type: 'STORE_VAULT',
-      vault: blob
+      derivedKey: derivedKey,
+      vault: vault,
     });
   }, []);
 
@@ -53,12 +54,6 @@ export const DbProvider: React.FC<{ children: React.ReactNode }> = ({ children }
         setSqliteClient(client);
         setDbInitialized(true);
         setDbAvailable(true);
-
-        // Store in background worker
-        chrome.runtime.sendMessage({
-          type: 'STORE_VAULT',
-          vault: response.vault
-        });
       }
       else {
         setDbInitialized(true);
diff --git a/browser-extensions/chrome/src/pages/Login.tsx b/browser-extensions/chrome/src/pages/Login.tsx
index 7730fbcba..f0ee25a3d 100644
--- a/browser-extensions/chrome/src/pages/Login.tsx
+++ b/browser-extensions/chrome/src/pages/Login.tsx
@@ -72,7 +72,7 @@ const Login: React.FC = () => {
         const decryptedBlob = await EncryptionUtility.symmetricDecrypt(vaultResponseJson.vault.blob, passwordHashBase64);
 
         // Initialize the SQLite context with decrypted data
-        await dbContext.initializeDatabase(decryptedBlob);
+        await dbContext.initializeDatabase(passwordHashBase64, decryptedBlob);
 
       // 3. Handle 2FA if required
       /*
diff --git a/browser-extensions/chrome/src/pages/Unlock.tsx b/browser-extensions/chrome/src/pages/Unlock.tsx
index 0d77d35f0..653b29679 100644
--- a/browser-extensions/chrome/src/pages/Unlock.tsx
+++ b/browser-extensions/chrome/src/pages/Unlock.tsx
@@ -52,7 +52,7 @@ const Unlock: React.FC = () => {
       );
 
       // Initialize the SQLite context with decrypted data
-      await dbContext.initializeDatabase(decryptedBlob);
+      await dbContext.initializeDatabase(passwordHashBase64, decryptedBlob);
     } catch (err) {
       setError('Failed to unlock vault. Please check your password and try again.');
       console.error('Unlock error:', err);