Skip to main content

Family vault

The family vault lets household members share a common set of credentials (streaming services, utility accounts, etc.) while keeping individual vaults separate and private.

How it works

1

Create a family

One member creates the family and generates a Family Vault Key (FVK) — a random AES-256 key.
2

Invite members

Invite members by email. Each invitation includes the FVK wrapped with an invite token. The invited member unwraps the FVK and re-wraps it with their own vault key.
3

Share credentials

Family credentials are encrypted with the FVK. Any member who holds the FVK can encrypt and decrypt family entries.
4

Independent vaults

Each member’s personal vault remains completely separate. The FVK only grants access to family-shared items.

Key wrapping

Member A's vault key --[AES-KW]--> wraps FVK
Member B's vault key --[AES-KW]--> wraps FVK (separate copy)
Member C's vault key --[AES-KW]--> wraps FVK (separate copy)

FVK --[AES-256-GCM]--> encrypts family passwords
Each member holds their own wrapped copy of the FVK. Revoking a member’s access means re-keying the FVK and distributing new wrapped copies.

Member roles

RoleCreateReadUpdateDeleteManage members
AdminYesYesYesYesYes
MemberYesYesYesNoNo

Shamir recovery

Shamir’s secret sharing provides threshold-based vault recovery when a member loses their master password.

How it works

The recovery system uses a Family Recovery Secret (FRS) split into N shares with a threshold of K:
1

Generate FRS

A 32-byte random Family Recovery Secret is generated.
2

Split into shares

The FRS is split into N Shamir shares using polynomial evaluation over GF(256). Any K shares can reconstruct the secret; K-1 shares reveal zero information.
3

Distribute to guardians

Each share is encrypted with the guardian’s vault key and stored server-side. Guardians are family members or trusted contacts.
4

Encrypt FVK

The FVK is encrypted with the FRS and stored as encrypted_fvk.

Recovery flow

When a member needs to recover:
  1. K guardians decrypt their shares using their vault keys
  2. Shares are submitted to the recovery endpoint
  3. Lagrange interpolation over GF(256) reconstructs the FRS at x=0
  4. The FRS decrypts the stored encrypted_fvk
  5. The member re-derives their vault key with a new master password
  6. The recovered FVK is re-wrapped with the new vault key

Shamir parameters

ParameterValue
FieldGF(256) — Galois Field with byte-level arithmetic
Secret length32 bytes (256-bit)
Polynomial degreeK-1 (threshold minus one)
Share indices1-255 (never 0, which is the secret point)
SecurityInformation-theoretic: K-1 shares reveal zero information

Configuration options

SettingDescription
Threshold (K)Minimum shares needed (e.g., 3)
Total shares (N)Number of guardian shares (e.g., 5)
Easy mode1-of-N: any single guardian can recover
Standard modeK-of-N: requires K guardians to collaborate

API reference

MethodEndpointDescription
GET/api/familyGet user’s family membership
POST/api/familyCreate a new family (step-up auth required)
PATCH/api/familyUpdate family name (admin only)
DELETE/api/familyDelete family and cascade all data (admin only)
POST/api/vault/shamir-recoverySplit or recover FRS