Guardians

Your vault key is the single artifact that can decrypt your files. Storing it in one place means a single point of failure. Inheribase splits your key across multiple trusted contacts—your Guardians—using Shamir's Secret Sharing (SSS).

How the Threshold Works

A secret is split into multiple shares with a critical property: Any single share reveals zero information about the original key.

Inheribase offers two security presets:

If one guardian becomes unreachable (lost email, relocated, deceased), the remaining guardians can still reconstruct the key. The threshold ensures resilience without sacrificing security.

The Guardian's Role

Guardians are not technical operators. They need nothing more than a valid email address and a web browser. They serve three functions:

1. Vault Recovery: If you lose access to your passkey, guardians can help reconstruct your vault key so you can regain access.
2. Release Authorization: If configured, guardians initiate the release by confirming the succession event.
3. Passive Protection: During your lifetime, shares remain dormant.

Who to Choose

Ideal guardian choices:

• A trusted attorney, notary, or financial advisor (institutional reliability)
• Family members in different geographic locations (geographic diversity)
• Close friends with stable email access

Diversity principle: Never choose guardians who could all become unreachable simultaneously (e.g., all living in the same city).

Managing Guardians

While your vault is active, you can add, remove, or replace guardians at any time.

1. Navigate to People → Guardians in your dashboard.
2. Click Add Guardian.
3. Enter their name and email address.

The guardian receives an email invitation to accept their role. Changing the guardian set regenerates all key shares, rendering previous shares invalid.