✓ Open source
✓ Free forever
✓ Disaster resilient

Foundational Password Vault

Store secrets and passwords on encrypted paper with distributed keys. Designed to last generations.

Encrypted paper secured with m-of-n keys
Open source - run it yourself offline
Social recovery & digital inheritance
Create a VaultUnlock a Vault
Get the source code
PaperVault.xyz Paper Key 2PaperVault.xyz Paper Key 1PaperVault.xyz Paper Vault

Run it yourself

PaperVault is open source. Clone the repository and run it locally offline — no account required.

View source on GitHub
Terminal
$git clone https://github.com/boazeb/papervault.git
Cloning into 'papervault'...
$cd papervault
$npm install
Installing dependencies...
# Run offline: disconnect, then
$npm start
✓ PaperVault.xyz at http://localhost:3000

How it works

Your vault is encrypted in your browser using AES-256. The decryption key is split into shares using m-of-n threshold (e.g. 3 of 5). Recover the vault contents by combining the encrypted vault with enough key shares.

1

Configure Vault

Add data and configure your unlock threshold (e.g. 3-of-5).

2

Distribute Keys

Distribute on paper or USB, in different locations or with trusted people.

3

Recover

Combine vault + threshold of keys to unlock.

Use cases

Password manager backup
Seed phrase storage
2FA backup
Recovery codes
Critical records
Disk encryption keys
Secure inheritance
Family emergency access
Foundational secrets
Air-gapped operations

Discover your vault page

Your vault is designed for clarity and reliable scanning. Here’s what each part does.

Encrypted QR
Single encrypted QR code with level-M error correction (~15% damage recovery). Positioned and sized for reliable scanning from paper. Usability tests showed that larger centered QR codes were harder to scan.
Integrity warning
This warning reminds anyone handling the vault to keep it flat and not crease the QR code.
Tactical white space
Space for handwritten notes or stamps.
Random color codes
Randomly generated colors at the top of the vault and keys help you quickly identify which vault and keys belong together in a series. Useful if you have multiple vaults and keys.
Unlock instructions
Clear steps plus a link to the open-source code on GitHub so you can run it yourself offline.
Vault metadata
Vault name, key aliases, creation date, and unlock threshold.
PaperVault vault page example showing QR code, color codes, vault details, DO NOT FOLD notice, and unlock instructions
PaperVault.xyz Logo

About

PaperVault.xyz is a free open-source tool for creating distributed paper vaults secured by threshold encryption. Store secrets securely with multiple keys, distribute to trusted people or locations, and recover with any subset (e.g., 3-of-5). Perfect for cold storage of crypto seeds, passwords, 2FA codes, and critical records.

Request an AI summary of PaperVault.xyz

Follow @papervault_xyz
Open an issue on GitHub

Frequently Asked Questions

It sounds low-tech, but paper is how the world's largest institutions back up their most critical cryptographic material. Banks, certificate authorities, and cloud providers all print their most sensitive keys on paper. Paper is immune to network-based attacks and does not rely on the availability of cloud services or providers. The primary threat of physical damage — fire, water, and similar risks — is solved by keeping copies in multiple places. A home safe, a safety deposit box, a trusted person. No single disaster reaches all of them.

For maximum durability, we recommend archive-grade paper stored in a tamper-evident envelope and fireproof container.

Your hardware wallet is only as secure as your seed phrase backup:

  • Paper backup risks: Someone finds your seed phrase → all funds stolen
  • Single point of failure: Fire/flood destroys your backup → funds gone forever
  • Multiple copies problem: Each copy multiplies your theft risk
  • Split the seed phrase into multiple parts? If you lose any one part, you lose all your funds

PaperVault.xyz encrypts your seed phrase in distributed vaults, so you can safely make multiple copies for backup and inheritance, greatly reducing your security risks.

Password managers are great but where do you store the master password itself? This is a foundational problem that PaperVault.xyz solves:

  • Can't store master password in the password manager (obviously)
  • Can't write it on paper safely (single point of failure, easily lost or destroyed)
  • Can't use another password manager (where do you store THAT master password?)
  • Family inheritance becomes impossible without compromising current security

PaperVault.xyz provides the foundational layer to store master passwords, 2FA backup codes, and recovery keys without circular dependencies.

PaperVault is designed for long term storage and resilience against all kinds of disasters including natural disasters and geopolitical disorder:

  • Multiple copies are safe: Unlike passwords written down on unencrypted paper, PaperVault.xyz vaults are encrypted enabling you to safely store copies in different locations
  • Flexible: Store copies in safety deposit boxes, with trusted family/friends/lawyers, or in geographically distant secure locations
  • Digital backup: You can also store vault copies on USB drives or other digital media

Planned correctly, PaperVault.xyz vaults can survive the most severe disasters.

Social recovery is a security approach that allows you to regain access to something important by getting cooperation from a group of trusted people, instead of relying solely on yourself or a single backup.

Example: Give keys to 5 people, require any 3 to unlock:

  • ✓ No single key can access the vault
  • ✓ Lose 2 keys and still recover

It's like requiring multiple signatures on a bank account, but for your digital life.

Splitting seed phrases into parts has challenges:

  • Lose any piece and your assets are gone forever
  • How do you safely store each unencrypted piece?

PaperVault uses threshold cryptography to encrypt your data. Both the vault and a sufficient threshold of keys are required to decrypt (e.g. vault + 3-of-5 keys). You can safely make multiple copies of the encrypted vault, and keep keys in different locations for redundancy.

PaperVault vaults use AES-256 encryption - the same standard used by banks and governments worldwide. Your data is encrypted offline in your browser.

Yes, PaperVault is open source and should be run from an offline computer.

Visit PaperVault.xyz on GitHub to grab the code.

PaperVault's codebase is available for inspection at https://github.com/boazeb/papervault. PaperVault uses cryptography from independently audited libraries.

  • Shamir Secret Sharingshamir-secret-sharing (independently audited by Cure53 and Zellic)
  • AES-256-GCM — Web Crypto API (browser-native, no third-party crypto library)
  • Random number generationcrypto.getRandomValues() (Web Crypto API)
  • Client-side only — All encryption happens in your browser, never on servers

See the project SECURITY.md for full details and vulnerability reporting.

Security researchers are encouraged to review the code and responsibly submit disclosures of any issues.

PaperVault is made by boazb

Get Started

Use PaperVault.xyz directly in your browser or download the source code to run locally.

Create a VaultUnlock a Vault
View Source Code