Create a Shadow Layer

What you'll do: Add an additional, independently encrypted layer to a vault, with its own password.

Why it matters: A second layer is what makes plausible deniability real — a place for sensitive files that stays hidden while a decoy layer is the one you'd open under pressure.

Before you start: You need an existing vault. If you don't have one yet, see Create a Vault. After creating a vault, the app also suggests creating a shadow layer.

Steps

  1. Open the vault you want to add a layer to, or select Create a Shadow Layer from the vault's actions.

  2. Set a new password for the layer. It must be different from the vault's other layer passwords, and strong — this password is part of the encryption.

  3. Save the layer's Vault Recovery Key somewhere durable. Each layer/vault has its own; without it, a forgotten layer password can't be recovered.

  4. Confirm. The new layer is created quietly — there's no visible "layers: 2" state anywhere.

  5. Open the layer by entering its password, then add the files that belong there.

Common mistakes

  • Reusing a password across layers. Each layer needs its own distinct password; overlap defeats the separation.

  • Not recording which password opens which layer. Since nothing is labelled, keep your own secure note of your convention — ideally memorized, not stored on the device.

  • Skipping the recovery key. A forgotten layer password with no recovery key means that layer is gone permanently.

The app shows a short, one-time onboarding for Shadow Layers the first time you use them in a vault. On a password reset, each layer can show a few sample file/folder names to help you identify which one to reset — see Limits & recovery.

Last updated