Shadow Layers (Plausible Deniability)
What it is: A Vault can contain more than one Shadow Layer — independent encrypted layers inside the same vault. Each layer has its own password, its own encryption keys, and its own set of files. You open a layer by typing its password when you unlock the vault.
Why it matters: Ordinary encryption can't help when you're forced to unlock. Shadow Layers can. You can keep harmless, believable content in a decoy layer and your sensitive files in another layer. Under coercion you open the decoy — and from the outside there is no way to tell how many layers exist, or to prove that any other layer does.
Good to know:
Symmetric by design. There's no "real vs fake" label. You decide what lives in each layer.
Independently encrypted. Knowing one layer's password cannot decrypt, derive, or even detect another.
One prompt, many destinations. The vault always asks for a password the same way; which layer opens depends only on which password you type.
Drives don't have layers — Shadow Layers are a Vault feature.
Coercion resistance is only as strong as your habits. See What Shadow Layers do not protect against before you rely on it.
Last updated