Secure Sharing: Share Vaults With Full Control

What Is Secure Sharing?

Most file-sharing tools ask you to make a trade. You want to send someone a sensitive document, so you upload it to a server, generate a link, and hope nobody intercepts it. The file sits on someone else’s computer, decrypted, waiting to be accessed. You trust the service provider. You trust the network. You trust that nobody at the company will peek. That is a lot of trust for something genuinely private.

Vaultaire’s secure sharing works differently. Instead of sending files through a third party, you share an entire vault — a self-contained encrypted container — using a sharing phrase. This phrase is a short sequence of words, generated by the app, that acts as the cryptographic key to unlock the shared vault on the recipient’s device. The files never exist in an unencrypted state on any server. The sharing phrase is the only way in.

Think of it this way: you are not sending someone a copy of your files. You are giving them a key to a vault that already exists, encrypted, in the cloud. Without the phrase, the vault is just noise. With the phrase, it decrypts seamlessly on their device. The server never knows what is inside.

How Sharing Works, Step by Step

The sharing mechanism is designed to be simple on the surface and rigorous underneath. Here is exactly what happens when you share a vault.

Step 1: You Generate a Sharing Phrase

Inside any vault, you tap “Share.” Vaultaire generates a unique sharing phrase — a sequence of plain-language words that encodes the cryptographic material needed to decrypt the vault. This phrase is separate from your recovery phrase. Your recovery phrase protects your personal access. The sharing phrase grants controlled access to someone else.

Step 2: You Communicate the Phrase

You send the sharing phrase to your recipient through whatever channel you trust — in person, via encrypted message, written on paper. Vaultaire does not transmit the phrase for you, because doing so would mean a server somewhere has seen it. The phrase stays between you and the person you are sharing with.

Step 3: The Recipient Enters the Phrase

The recipient opens Vaultaire on their device, selects “Open Shared Vault,” and enters the sharing phrase. The app uses the phrase to derive the decryption key, locates the encrypted vault data, and decrypts it locally on their device. The files appear as if they were always there.

Step 4: Access Is Governed by Your Rules

Before generating the sharing phrase, you set the rules. How long should access last? How many times can the vault be opened? Can the recipient export or save files outside the vault? These constraints are cryptographically enforced, not just UI restrictions. When the rules expire, the vault simply stops decrypting.

The Controls You Keep

Sharing does not mean surrendering. Every shared vault in Vaultaire comes with a set of controls that let you define exactly what access looks like.

Expiration Dates

Set a date and time after which the sharing phrase stops working. The recipient can access the vault freely until that moment, and then it locks. This is not a server-side toggle — the cryptographic access mechanism itself has a built-in expiration. Once the clock runs out, the phrase cannot derive a valid key.

Open Limits

Specify how many times the shared vault can be opened. If you set a limit of three, the vault decrypts three times. On the fourth attempt, the phrase no longer works. This is useful for one-time transfers: share a document, let the recipient view it once, and know that the access is consumed.

Export Prevention

When you disable export on a shared vault, the recipient can view the files inside the app but cannot save, copy, or share them outside of Vaultaire. Screenshots are blocked. AirDrop is disabled. The files exist only within the encrypted container. This does not make exfiltration impossible — someone could always photograph their screen — but it eliminates every convenient digital path.

Revoking Access

Changed your mind? Go to your vault settings, tap “Revoke Share,” and the sharing phrase is immediately invalidated. The next time the recipient tries to open the vault, the decryption fails. You do not need the recipient’s cooperation, their device, or even to know their identity. Revocation is unilateral and instant.

Automatic Synchronization

Sharing in Vaultaire is not a one-time file transfer. It is a live connection. When you add new files to a shared vault, the recipient sees the updates automatically the next time they open it. When you remove files, they disappear from the recipient’s view. The vault stays in sync.

This works because the shared vault is not a copy. Both you and the recipient are accessing the same encrypted container. Your device encrypts the files and pushes the encrypted data to the cloud. The recipient’s device pulls the encrypted data and decrypts it locally. The server in between sees only encrypted blobs and has no idea whether the contents changed or what they contain.

The synchronization is incremental. When you add a single photo to a vault containing hundreds of files, only the new file is encrypted and uploaded. The recipient’s device downloads and decrypts only the new file. This keeps bandwidth low and sync fast, even for large vaults.

The Security Behind Sharing

Sharing encrypted data without leaking the keys is one of the harder problems in applied cryptography. Here is how Vaultaire solves it.

End-to-End Encryption

The sharing phrase encodes the cryptographic material needed to derive the vault’s decryption key. This material never passes through Vaultaire’s servers. The encrypted vault data does pass through the cloud for synchronization, but without the sharing phrase, it is indistinguishable from random noise. Vaultaire operates on a zero-knowledge model: the servers facilitate delivery but cannot read the contents.

Separate Key Hierarchy

The sharing phrase generates a different key than your personal pattern or recovery phrase. This means revoking a share does not affect your own access. It also means the recipient cannot derive your personal credentials from the sharing phrase. The cryptographic paths are entirely separate.

Forward Secrecy of Revocation

When you revoke a share, the vault is re-encrypted with a new key derived from your personal credentials. The old sharing phrase now points to a key that no longer matches the vault’s encryption. Even if the recipient saved the sharing phrase, it is useless after revocation. The vault has moved on; the old key opens nothing.

No Metadata Leakage

Vaultaire does not store who you shared with, when you shared, or what the sharing phrase was. The sharing event is not logged on any server. The only record of the share is the phrase itself, which exists only in the memories (or messages) of you and your recipient. If you revoke the share, even that link is severed cryptographically.

Real-World Use Cases

Secure sharing is built for moments when privacy is not optional. Here are scenarios where it matters most.

Sharing Documents With a Lawyer

You need to send financial records, contracts, or personal documents to your attorney. Email attachments sit on servers. Cloud links can be forwarded. With Vaultaire, you create a vault, add the documents, generate a sharing phrase, and read it to your lawyer over the phone. They open the vault on their device. When the case is over, you revoke access. The documents never existed on an unencrypted server, and your lawyer’s access is permanently severed.

Sharing Private Photos With a Partner

Intimate photos shared through messaging apps are one screenshot away from becoming permanent. Vaultaire’s export prevention means the photos exist only inside the encrypted vault. Your partner can view them but cannot save, share, or screenshot them. If the relationship ends, you revoke access with a single tap. The vault re-encrypts, and the sharing phrase stops working.

Collaborative Secure Storage

A small team working on a confidential project needs a shared space for sensitive files. Vaultaire’s read-write sharing lets every team member contribute to the same encrypted vault. Files sync automatically. When the project wraps, the vault owner revokes all sharing phrases. The data stays encrypted and accessible only to the owner.

Sharing Medical Records

You need a specialist to review your medical history but do not want it sitting in an email inbox. Create a vault with the relevant records, generate a time-limited sharing phrase that expires after the appointment, and share it with the doctor’s office. After the expiration, the phrase stops working. No follow-up needed.

Estate and Emergency Planning

Store important documents — wills, insurance policies, account information — in a vault and generate a sharing phrase for a trusted family member. They can access the vault if something happens to you. If circumstances change, you revoke the old phrase and generate a new one for someone else. The transition is immediate and does not require any third party.