Create a Shadow Layer
What you'll do: Add an additional, independently encrypted layer to a vault, with its own password.
Why it matters: A second layer is what makes plausible deniability real — a place for sensitive files that stays hidden while a decoy layer is the one you'd open under pressure.
Before you start: You need an existing vault. If you don't have one yet, see Create a Vault. After creating a vault, the app also suggests creating a shadow layer.
Steps
Open the vault you want to add a layer to, or select Create a Shadow Layer from the vault's actions.
Set a new password for the layer. It must be different from the vault's other layer passwords, and strong — this password is part of the encryption.
Save the layer's Vault Recovery Key somewhere durable. Each layer/vault has its own; without it, a forgotten layer password can't be recovered.
Confirm. The new layer is created quietly — there's no visible "layers: 2" state anywhere.
Open the layer by entering its password, then add the files that belong there.
Common mistakes
Reusing a password across layers. Each layer needs its own distinct password; overlap defeats the separation.
Not recording which password opens which layer. Since nothing is labelled, keep your own secure note of your convention — ideally memorized, not stored on the device.
Skipping the recovery key. A forgotten layer password with no recovery key means that layer is gone permanently.
The app shows a short, one-time onboarding for Shadow Layers the first time you use them in a vault. On a password reset, each layer can show a few sample file/folder names to help you identify which one to reset — see Limits & recovery.
Last updated