Seed Phrase Storage: The Right Way to Prepare for Heirs
Storing a seed phrase securely for yourself is solved. Storing it so your heirs can access it after you die — without exposing it while you're alive — is a different problem entirely.
Your seed phrase is the master key to your on-chain wealth. Lose it and your funds are gone. Expose it and your funds are gone faster. Storing it safely for yourself while making it accessible to heirs after you die requires a different approach entirely.
The core tension
Security and accessibility are in direct conflict. A seed phrase locked in a bank safe-deposit box is secure — but what happens when your next of kin needs to access it after you die? They need a death certificate, legal authority, and a bank employee willing to open the box. In some jurisdictions this takes months.
A seed phrase emailed to your heir is immediately accessible — but it's also immediately exposed to every attacker with access to either inbox.
Methods that don't work
- →Memorization: dies with you.
- →Paper in a fireproof safe: survives fire, not floods, not forgotten combinations.
- →Password manager: the password manager itself becomes a single point of failure.
- →Custodial services: you are trusting a company with the keys to your wealth.
- →Telling your heir verbally: they must remember it correctly, forever, under stress.
The cryptographic solution
Encrypt your seed phrase locally using AES-256-GCM with a key derived from your master password (PBKDF2, 310,000 iterations). Store the ciphertext anywhere — a server, cloud storage, even a public GitHub gist. Without the password, the ciphertext is meaningless.
Then split the decryption key into shards using Shamir's Secret Sharing. Give your heir one shard. Keep one yourself. Place a third with a neutral automated system that releases it only after your dead man's switch triggers.
Why open-source decryption matters
If the company running your inheritance service shuts down, your heir must still be able to decrypt the vault. This is only possible if the decryption code is open-source, archived, and runnable offline. Closed-source systems create a permanent dependency on a company that may not exist when it's needed.
The practical checklist
- →Encrypt your seed phrase client-side before it ever leaves your device.
- →Use a split-key scheme so no single party can decrypt the vault alone.
- →Verify your heir can actually run the decryption — test it before you need it.
- →Set up a dead man's switch so delivery is automatic, not dependent on someone finding a piece of paper.
- →Ensure the decryption code is open-source and archived permanently.
Protect your crypto legacy
VaultPass is a zero-knowledge inheritance protocol. Your seed phrases are encrypted in your browser — we never see them.