Shadow Layers (Plausible Deniability)

What it is: A Vault can contain more than one Shadow Layer — independent encrypted layers inside the same vault. Each layer has its own password, its own encryption keys, and its own set of files. You open a layer by typing its password when you unlock the vault.

Why it matters: Ordinary encryption can't help when you're forced to unlock. Shadow Layers can. You can keep harmless, believable content in a decoy layer and your sensitive files in another layer. Under coercion you open the decoy — and from the outside there is no way to tell how many layers exist, or to prove that any other layer does.

Good to know:

  • Symmetric by design. There's no "real vs fake" label. You decide what lives in each layer.

  • Independently encrypted. Knowing one layer's password cannot decrypt, derive, or even detect another.

  • One prompt, many destinations. The vault always asks for a password the same way; which layer opens depends only on which password you type.

  • Drives don't have layers — Shadow Layers are a Vault feature.

Coercion resistance is only as strong as your habits. See What Shadow Layers do not protect against before you rely on it.

Last updated