SafeKeeper.life - Secure by design

Your data is always 100% yours We never store your data

Back to Documentation

Getting Started Guide

User Guide

Getting Started with SafekeeperLife

Welcome to SafekeeperLife! This guide will walk you through creating your first Safe and understanding the core workflow.

Table of Contents

What is SafekeeperLife?

SafekeeperLife is a credential storage system designed to securely lock away sensitive information (passwords, recovery codes, account details) and make them accessible to trusted people after specific trigger events.

What SafekeeperLife Does:

  • Stores ypur credentials (usernames, passwords, recovery codes, etc.)
  • Encrypts everything with your master password
  • Splits the encryption Key into multiple shares using proprietary secure secret sharing
  • Distributes secure Keys to trusted Keyholders
  • Enables Keyholders to reconstruct and reveal your credentials when needed

What SafekeeperLife Does NOT Do:

  • Store files (documents, photos, videos) - SafekeeperLife is for credentials only
  • Provide password recovery if you forget or lose your master password
  • Allow editing credentials after locking the Safe (you must unlock the Safe first)

Use Cases:

  • Password manager master passwords (1Password, LastPass, Bitwarden etc.)
  • Email account credentials (Google Account, Outlook, etc.)
  • Cloud storage accounts (Dropbox, Box, Tresorit, Google Drive, MS Drive, etc.)
  • Financial accounts (bank logins, crypto wallets, etc.)
  • Social media accounts
  • Any OTHER credentials you want trusted people to access in an emergency

Core Concepts

Before creating your Safe, please understand these Key concepts:

The Safe

A Safe is a container for your encrypted credentials. Each Safe has:

  • A unique master password (you create this)
  • Multiple credentials stored inside
  • A Key threshold requirement (how many Keyholders are needed to reveal the contents of your Safe, i.e. the number of Keys to the Safe)
  • A list of designated Keyholders
  • A state (unlocked, locked, sealed, revealed, or removed)

Keyholders

Keyholders are trusted individuals who receive shared Keys. When your Safe is sealed, each Keyholder gets one Key. To reveal the Safe’s contents, a minimum number (threshold) of Keyholders must upload their Keys.

Example: If you set threshold = 2 and designate 4 Keyholders, any 2 of those 4 people can work together to reveal your credentials.

Threshold vs. Spare Keys

  • Threshold (k): Minimum number of Keys required to reveal the Safe (typically between 2 and 5)
  • Spare Keys: Additional backup Keys beyond the threshold (this is an optional purchase)
  • Total Keys (n): Therefore is threshold + spare Keys

Why Spare Keys? Spare Keys provide redundancy. If one Keyholder loses their Key or becomes unavailable, the other Keyholders can still reveal the contents of the Safe.

Example:

  • Threshold = 2 (need 2 Keys to reveal)
  • Spare Keys = 1 (purchased)
  • Total Keys = 3 (distributed to 3 Keyholders)
  • Result: Any 2 of 3 Keyholders can reveal the contents of the Safe

The Safe States

Your Safe moves through different states:

stateDiagram-v2
    [*] --> Unlocked: Purchase Safe
    Unlocked --> Locked: Add credentials + lock
    Locked --> Unlocked: Unlock (enter password)
    Locked --> Sealed: Seal (distribute Keys)
    Sealed --> Revealed: Keyholders upload Keys (when threshold met)
    Revealed --> Removed: Remove Safe (cleanup)
    Removed --> [*]
  • Unlocked: Edit credentials, add/remove items (master password required to unlock)
  • Locked: Credentials encrypted, can’t edit, can seal (master password required to lock)
  • Sealed: Keys distributed to Keyholders, waiting for reveal
  • Revealed: Keyholders have unlocked the Safe, the credentials are visible
  • Removed: Safe deleted after reveal

See Also: Understanding Safe States for a more detailed explanation.

Your First Safe: Step-by-Step

Step 1: Create Your Safe

  1. Sign in to SafekeeperLife

  2. Click “Purchase New Safe”

  3. Choose your threshold:

    • Start with threshold = 2 (recommended for beginners)
    • Consider who you’ll designate as Keyholders
    • Remember: threshold people must coordinate to reveal

  4. Set your master password:

    • Choose a strong, unique password
    • Write it down and store it securely (you’ll need it to unlock/lock your Safe)
    • WARNING: If you lose this password, your credentials are permanently unrecoverable

  5. Click “Purchase Safe”

Your Safe is now created in the unlocked state.

Step 2: Add Your Credentials

Now add the credentials you want to store in this Safe.

Using Credential Templates

SafekeeperLife provides templates for common services to make data entry easier:

Available Templates:

  • Generic: Custom credentials (any username/password)
  • 1Password: Password manager master password
  • Google Account: Google account credentials
  • KeePassXC: KeePass database credentials
  • Dropbox Shared Folder: Dropbox account with shared folder access

Example: Adding a Google Account

  1. Click “Add Credential”
  2. Select template: “Google Account”
  3. Fill in the fields:
    • Email: yourname@gmail.com
    • Password: your-google-account-password
    • Recovery email: recovery@example.com (optional)
    • 2FA backup codes: 123456, 234567, 345678 (optional)
  4. Add notes (optional): “Personal Google Account account, use 2FA app for login”
  5. Click “Save Credential”

Tip: Use the Generic template for any credentials not covered by specialized templates.

See Also: Credential Templates Guide for detailed template documentation.

Step 3: Add More Credentials (Optional)

You can add as many credentials as you need to this Safe. Common strategy:

Option A: One Safe for Everything

  • Add all important credentials to a single Safe
  • Simpler to manage
  • All Keyholders get access to everything

Option B: Multiple Safes by Category

  • Create separate safes for different types of credentials
  • Example: “Password Managers” Safe, “Email Accounts” Safe, “Financial” Safe
  • Different Keyholders for different safes
  • More control over who sees what

Most users start with Option A (a single Safe) for simplicity.

Step 4: Designate Your Keyholders

Keyholders are the people who will receive Keys and can reveal your Safe.

Choosing Keyholders:

  • Pick trusted individuals (family, close friends, colleagues)
  • Choose people who are likely to be available when needed to reveal
  • Consider geographic distribution (don’t pick people in same household)
  • Ensure they understand their responsibility

Adding Keyholders:

  1. Click “Manage Keyholders”
  2. Enter Keyholder information:
    • Name: Jane Doe
    • Email: jane@example.com (they’ll receive their secure Key here)
    • Note (optional): “Sister, lives in Seattle”
  3. Click “Add Keyholder”
  4. Repeat until you have enough Keyholders

How Many Keyholders?

  • Minimum: Equal to your threshold (e.g., threshold=2 requires 2 Keyholders)
  • Recommended: Add spare Keyholders by buying spare Keys (e.g., threshold=2, designate 3-4 Keyholders)
  • Maximum: No hard limit, but 3-6 Keyholders is typical

Example Setup:

  • Threshold: 2
  • Keyholders: 4 (spouse, sibling, best friend, trusted colleague)
  • Result: Any 2 of 4 can reveal the Safe

See Also: Keyholder Best Practices for detailed guidance on selecting Keyholders.

Step 5: Lock Your Safe

Once you’ve added all credentials and designated Keyholders, lock your Safe to encrypt the contents.

Why Lock?

  • Encrypts all credentials using your master password
  • Prepares the Safe for sealing (Key distribution)
  • Prevents accidental edits

How to Lock:

  1. Review your credentials (make sure everything is correct)
  2. Click “Lock Safe”
  3. Enter your master password (confirmation)
  4. Click “Confirm Lock”

Your Safe is now in the locked state. Credentials are encrypted and cannot be edited.

Can I Edit After Locking? Yes! You can unlock the Safe (using your master password), edit credentials, and lock again. However:

  • If you enable emergency triggers (inactivity, attestation or scheduled), you cannot change the number of Keyholders or the threshold after locking
  • The shared Keys are pre-encrypted for trigger sealing, so structural changes are restricted

Step 6: Sealing — Automatic via Triggers

Once your Safe is locked with triggers configured, sealing happens automatically when a trigger condition is met. You do not seal manually.

When Sealing Occurs:

  • Inactivity trigger: After the configured inactivity period and grace period elapse without you logging in
  • Attestation trigger: When enough designated Voters attest that you are deceased
  • Scheduled trigger: When the configured future date arrives

What Happens When a Trigger Seals Your Safe:

  • Your encryption Key is split into shares (using our proprietary approach)
  • Each Keyholder receives an email with:
    • A notification that they’ve been designated
    • A downloadable Key file (.Key extension)
    • Instructions on what to do with the Key
  • Your Safe moves to the sealed state

Keyholder Email Example:

Subject: You've been designated as a Keyholder for [Safekeeper's Name]

Hi Jane,

You've been designated as a Keyholder for [Safekeeper's Name]'s Safe.

Your Key file is attached to this email. Please:
1. Download the Key file and store it securely
2. Do NOT share this Key with anyone
3. When you and the other Keyholders require it, you'll upload this Key to reveal the Safe

For more information, see: Keyholder Guide

See Also: Keyholder Guide: Reveal Process for what Keyholders do next.

Step 7: What Happens Next?

After sealing, your Safe is in the sealed state and waiting for reveal.

Reveal Happens When:

  • Inactivity trigger: You don’t log in for a specified period (e.g., 180 days)
  • Attestation trigger: A minimum number of Voters attest you have passed away
  • Scheduled trigger: A specific date is reached

Reveal Process:

  1. A trigger condition is met (inactivity, attestation, or scheduled)
  2. Keyholders coordinate and upload their Keys
  3. When threshold Keys are uploaded, the Safe is revealed
  4. Keyholders can view the credentials
  5. Keyholders can remove the Safe after accessing credentials

See Also: Emergency Triggers User Guide for setting up automatic triggers.

Workflow Overview

Here’s the complete workflow from start to finish:

flowchart TD
    A[Create Safe] --> B[Set Threshold & Password]
    B --> C[Add Credentials]
    C --> D{More credentials?}
    D -->|Yes| C
    D -->|No| E[Designate Keyholders]
    E --> F{Enough Keyholders?}
    F -->|No| E
    F -->|Yes| G[Lock Safe]
    G --> H{Enable Emergency Triggers?}
    H -->|Yes| I[Configure Triggers]
    H -->|No| J[Seal Safe]
    I --> J
    J --> K[Keys Distributed to Keyholders]
    K --> L{Trigger Condition Met?}
    L -->|Wait| L
    L -->|Yes| M[Keyholders Coordinate]
    M --> N[Upload Keys]
    N --> O{Threshold Met?}
    O -->|Not yet| N
    O -->|Yes| P[Safe Revealed]
    P --> Q[View Credentials]
    Q --> R[Remove Safe]
    R --> S[End]

Next Steps

For Safekeepers (You)

Now that you’ve created your first Safe:

  1. Test the workflow:

    • Create a test Safe with dummy credentials
    • Seal it and have Keyholders practice uploading Keys
    • Verify the reveal process works

  2. Set up emergency triggers (optional but recommended):

    • See Emergency Triggers User Guide
    • Configure inactivity monitoring (e.g., seal after 180 days inactive)
    • Set up attestation voting (if using multiple Voters)

  3. Communicate with Keyholders:

    • Explain their role and responsibility
    • Share the Keyholder Guide
    • Answer their questions
    • Ensure they understand how to store Keys securely

  4. Maintain your Safe:

    • Update credentials when passwords change (unlock → edit → lock → seal again)
    • Review Keyholder list periodically (remove/add as needed)
    • Keep your master password secure and backed up

For Keyholders

If you’ve received a Keyholder designation:

  1. Read the Keyholder Guide: Keyholder Guide: Reveal Process
  2. Download and secure your Key file (from the email notification)
  3. Understand your responsibility (coordinate with other Keyholders when needed)
  4. Register for SafekeeperLife (if you haven’t already) so you can upload Keys when needed

Common Questions

Can I change my master password?

Not directly. If you need to change your master password:

  1. Unlock the Safe (using old password)
  2. Export credentials (copy them)
  3. Remove the old Safe
  4. Create a new Safe with new password
  5. Re-add credentials

What if I forget my master password?

Your credentials are permanently unrecoverable. SafekeeperLife uses end-to-end encryption with no password recovery mechanism. This is by design for maximum security.

Prevention:

  • Write down your master password and store it securely (Safety deposit box, secure note system)
  • Use a memorable passphrase (e.g., “CorrectHorseBatteryStaple”)
  • Don’t reuse passwords from other services

Can I edit credentials after locking?

Yes! You can:

  1. Unlock the Safe (enter master password)
  2. Edit credentials
  3. Lock again

Note: If you’ve enabled emergency triggers with pre-encrypted shares, you cannot change the number of Keyholders or threshold after the initial lock. You can still edit credential content.

How do I add more Keyholders later?

Before sealing: Just add them to the Keyholder list.

After sealing: You cannot add Keyholders without unlocking, editing the list, locking, and sealing again. This regenerates and redistributes all Keys.

What if a Keyholder loses their Key?

If you have spare Keys (more Keyholders than threshold), the other Keyholders can still reveal the Safe.

Example:

  • Threshold: 2
  • Keyholders: 4
  • Lost Keys: 1
  • Remaining Keyholders: 3
  • Can still reveal? Yes (any 2 of the remaining 3)

Do Keyholders need to register for SafekeeperLife?

During designation: No, you can designate anyone by email.

During reveal: Yes, Keyholders must register/sign-in to upload their Key files.

Can Keyholders see my credentials before sealing?

No. Keyholders can only see credentials after:

  1. The Safe is sealed
  2. A trigger condition is met (inactivity, attestation, or scheduled)
  3. Threshold number of Keyholders upload their Keys

Before reveal, credentials are encrypted and inaccessible.

How do I test that my setup works?

Create a test Safe with dummy credentials, seal it, and have Keyholders practice the reveal process. This ensures:

  • Keyholders received their Keys
  • They know how to upload Keys
  • The threshold reveal works correctly

Need Help? See the FAQ or check the troubleshooting guide.

Need Help?

Can't find what you're looking for? Check out our other guides or return to the documentation index.

← All Documentation Getting Started Guide →
Back to Documentation Getting Started Guide