Skip to content

Vault Messaging

Overview

Vault Messaging turns your Safe into a sovereign communications hub. It is a fortress of address-based communication for high-trust coordination and anonymous intake, built to minimize metadata and maximize compartmentalization. It lets you communicate in compartments, not identities. It supports two address types:

  • Safe-to-Safe (legacy / EyesOnly): uses the legacy Safe Message ID.
  • Receive Address (VaultX): a shareable address with its own keypair and policy controls.

Receive Addresses are recommended for new conversations because they keep raw addresses off the server and give you precise, per-address controls for usage, throttling, and attachments.

How It Works

  • Address-based sending: users send to an address, not a global identity.
  • Client-side hashing: Receive Addresses are hashed on the client and sent as vaultxAddressHash.
  • Per-address keys: each Receive Address has its own keypair, limiting blast radius.
  • Address policies: set usage limits, throttling, and attachment permissions per Receive Address.
  • Policy enforcement: limits are enforced server-side and reflected in the client before send.
  • Reply-only addresses: replies are bound to a specific sender to prevent reuse.
  • Anonymous intake: external senders can use the VaultX Drop Client to message a Receive Address without creating a Safe.

Security Implications

  • Zero-knowledge routing: the server routes encrypted payloads and sees only hashed Receive Addresses.
  • Post-quantum ready: messages use ML-KEM-1024 for key encapsulation and AES-256-GCM for payload encryption.
  • Compartmentalization: per-address keys prevent one leaked key from exposing other conversations.
  • Metadata hardening: outbox recipient addresses are encrypted at rest; receive-side linkage is hashed.

Use Cases

  • Secure coordination: exchange sensitive files and messages between Safes without exposing a global identity.
  • Anonymous intake: publish a Receive Address for tips or disclosures via the VaultX Drop Client.
  • One-off communications: create short-lived addresses with strict limits for high-risk interactions.

Why It Matters

Most messaging tools protect content but expose relationships. Vault Messaging is built to reduce those relationship graphs by default. By making addresses disposable, policy-driven, and compartmentalized, you can communicate with the few people who matter without building a map of everyone you know.

Tiering Summary

  • Sovereign / HighRisk: create and manage Receive Addresses with policies.
  • Free / Inheritance: receive messages and reply using bound reply-only addresses.

FAQs

Can I still use Safe-to-Safe messaging?

Yes. Safe-to-Safe (EyesOnly) is supported for legacy workflows and internal automation, but Receive Addresses are recommended for new messaging.

Do senders need a Safe account?

No. The VaultX Drop Client lets anyone send to a Receive Address without creating a Safe.

Can I revoke a Receive Address?

Yes. You can disable or delete a Receive Address at any time to stop new messages.

Compliance & Privacy Regulations

  • GDPR Alignment: Vault Messaging avoids storing raw recipient addresses and keeps message contents client-side encrypted.

Integration with Other Features

  • Post-Quantum Encryption: ML-KEM-1024 + AES-256-GCM protect messages against future cryptographic threats.
  • Threat Detection: Runtime monitoring helps detect tampering during sensitive messaging flows.

Back to Features Overview