🔒
Initializing Sanctum...

How to Use Sanctum

Real-World Use Cases

🗞️ Journalist Protecting Sources
Decoy: Published articles and public research notes
Hidden: Confidential source documents and whistleblower communications
Scenario: Device seized at border - reveal decoy, sources stay protected
✊ Activist in Authoritarian Regime
Decoy: Personal photos and innocuous social media content
Hidden: Protest coordination plans and evidence of government abuse
Scenario: Police raid - show decoy layer, cannot prove hidden content exists
💰 Crypto Holder Under Duress
Decoy: Small wallet with $200 ("this is all I have")
Hidden: Main wallet with life savings
Scenario: $5 wrench attack - hand over decoy wallet, real funds stay safe
🔔 Whistleblower Securing Evidence
Decoy: Work documents and meeting notes
Hidden: Evidence of corporate fraud or government corruption
Scenario: Employer demands access - show work files, evidence remains hidden
🏠 Domestic Abuse Survivor
Decoy: Shared family photos and household documents
Hidden: Escape plan, evidence of abuse, emergency contacts
Scenario: Abuser demands access - show family content, safety plan protected
🕵️ Intelligence Operative
Decoy: Tourist photos and travel itinerary
Hidden: Mission briefings, contact networks, classified intelligence
Scenario: Captured by hostile forces - reveal tourist cover, mission data stays secure

Creating a Vault

1 Configure IPFS Provider
Choose between Pinata or Filebase (both free). Enter your API credentials:
  • Pinata: JWT token from pinata.cloud
  • Filebase: Access Key + Secret Key from filebase.com
2 Add Content
  • Hidden Layer (Required): Your real secrets (text or .zip/.rar file up to 25MB)
  • Panic Layer (Required): Shows "vault deleted" when panic password is entered - provides duress protection
  • Decoy Layer (Optional): Innocent content shown with decoy password. If you add decoy content/file, decoy password becomes required.
3 Set Passwords (All Required: 12+ chars, uppercase, lowercase, number, special character)
  • Hidden Password (Required): Unlocks your real secrets
  • Panic Password (Required): Shows "vault deleted" under duress
  • Decoy Password (Required if decoy content exists): Unlocks innocent decoy layer
All passwords must be different from each other. Use 6+ Diceware words or memorable phrases.
4 Create & Save Link
Click "Create Vault" and save the generated link. This link + passphrase = access to hidden layer.
⚠️ Critical: If you lose the vault link, your data is lost forever. Save it in a password manager or print the QR code.

Unlocking a Vault

1 Open Vault Link
Navigate to your saved vault link in a browser.
2 Enter Password
  • Decoy password: Shows decoy layer (innocent content)
  • Hidden password: Shows hidden layer (real secrets)
  • Panic password: Shows "vault deleted" error (duress protection)
  • Wrong password: Error - "Invalid password"
3 Access Content
Download files or copy text. Clipboard auto-clears after 60 seconds for security.

Security Features

Auto-Lock
Vault automatically locks after 5 minutes of inactivity. Re-enter passphrase to unlock.
Panic Key
Double-press Escape to instantly lock the vault. Use in emergency situations. Separate from panic password which shows "vault deleted".
Secure Clipboard
Copied content automatically clears from clipboard after 60 seconds to prevent data leakage.

Best Practices

  • Save vault links securely - Use a password manager (KeePassXC, Bitwarden) or print QR codes
  • Use strong passwords - 12+ chars with uppercase, lowercase, number, special character. Use 6+ Diceware words (e.g., "Correct-Horse-Battery-Staple-Mountain-River!23")
  • Make decoy content believable - Add realistic files/wallet with $50-500 to maintain plausibility
  • Test before trusting - Verify decoy, hidden, and panic passwords all work correctly
  • Use Tor Browser for high-risk scenarios - Hides your IP from IPFS gateways and prevents tracking
  • Never reveal panic password - Only use under extreme duress to fake vault deletion