Vault setup

Step 1 of 3 — make yourself the owner. Your passkey becomes the quiet lock on the door.

1. 1
   Create account (passkey) 01

   New here? Create the account first, then the vault opens for setup. Extra passkeys can be added later from the sidebar. I already have an account

   Display name Email Register with passkey
2. 2
   Sign in 02

   Create a new account instead

   Email (optional if your passkey appears automatically)

   Sign in with passkey
3. 3
   Vault setup 03

   Check the connection, add the people who should receive the note, then seal the message before it leaves this browser.

   Send ping

   Advanced actions

   Check storage Vault status

   Last ping

   none

   Vault

   none

   Vault message

   Readable only in this browser until you seal it. Edit alongside recipients below, then encrypt and save when you are ready.

   The service keeps a single sealed vault per account, not a history. After you save, older sealed copies are removed—copy anything you need before overwriting.

   Message

   Beneficiaries

   Add one recipient at a time. Choose how their copy of the vault key is sealed.

   Email

   Key method

   Password Easiest: share a passphrase out-of-band RSA public key Paste their SPKI PEM PGP public key Paste their armored public key block

   Passphrase hint (optional — reminds you which passphrase to use at save time)

   You will be asked for the actual passphrase when you seal the vault — not now. Share the passphrase with the beneficiary out-of-band (phone call, Signal, etc.).

   Add beneficiary Refresh list

   Seal vault

   One action: encrypt what you typed, upload ciphertext, and refresh the recipient key map on the server.

   Saving replaces your current sealed vault: the previous ciphertext is deleted from storage. There is no inbox of past versions in this UI.

   Encrypt and save vault

   Read vault

   Decrypt the sealed vault in your browser. Nothing is sent to the server.

   Decrypt as — pick a recipient —

   Decrypt