Secrets Management Field Guide

02 overview

Updated 5 May 2026

This section gives and end-to-end overview of the entire proposal so you can get a feel for it. After that we deep dive into each component

The core challenge

We need a way to store passwords in such a way that

  1. We can easily use them on a day-to-day basis conveniently. This means that it is easy to access them and also “cockpit proof” meaning that the system as a whole is robust against lapses in concentration (or at least damage is limited to a small subset)
  2. Impossible for other people to get access to them. (Note that impossible includes “not worth the trouble”)
  3. Possible for trusted people only to get access to them after you die in a secure way
  4. Robust against forgotten or lost element.

The solution to this challenge is the design of what we’ll call “the vault”.

The vault consist of tiered and partitioned components designed to allow you to make the choice of convenience VS security on a per-item basis as well as to limit the blast radius of mistakes.

The vault is split into tiers. Offline, Online, Hardware, Memory and Paper.

The Offline Tier serves as the root of the system and it is the least frequently accessed. This is a KeePass vault that lives on USB drives. It is offline in the sense that the vault itself is never in contact with the internet (or “air-gapped”) and only opened on a trusted machine with an operating system that has no access to any network (TailsOS). The Offline Vault contains the passwords to unlock the Online vaults.

The Online Tier consists of multiple online password managers. This guide assumes Bitwarden. These will be for day-to-day use. The are partitioned by “accounts”. So you have a vault for every email account that you have (say “personal” and “work”).

The Hardware tier is for passwords bound to a specific hardware device such as a Yubikey or the secure element in your phone or laptop.

The memory tier are those passwords that you carry around in your head. Importantly, these passwords are also on one of the other physical media. But they are in memory for convenience.

The paper tier are for passwords or “partial passwords” as we’ll see that is written on a durable physical medium such as paper or metal.

The sections detail exactly how to configure these and which kinds of passwords to store where. For now it is enough to understand that there is a vault design that if well organised will give you the benefits mentioned above.

A well-organised vault is also an inventory: a complete record of what accounts and credentials exist and where they live. This turns out to be as important as the credentials themselves — family members left to manage an estate often know that accounts exist, but not which ones matter, or where to find them.

The trust network

The vault is not worth anything if (1) you lose access to it due to error or forgetfulness or (2) those you want access to it after you die lose access to it because well.. you’re not there to help.

So the second component to the system is the social structure — what the introduction calls the circle of trust. This guide assumes that there are people in your life that you trust. If your circle is small right now, that is also something this guide can help you think through — the system scales down. Even one person is meaningfully better than none.

Here we will distinguish between two types of trusted people using the names “kith” and “kin”. (These are used as technical terms — not the common phrase “kith and kin” meaning all one’s friends and family together.) Importantly this is not different levels of trust. It is merely a case of logistics as the guide will show in detail. The basic distinction is that “kin” are those people that you actively work with to organise and review your vault and your risk profile. Kith are merely people that can help recover your vault in the event of loss or death. A two key element that this guide solves is

  1. to eliminate the risk the kin and kith carry. All the information any one individual has is not able to compromise the vault This means they cannot be held under duress to do so.
  2. After your death it is very difficult for a patient bad actor to access your vault

Protocols

These are a set of processes and rituals that you and your trust network adhere to ensure the security and recoverability of your vault.

They include things like a yearly review with a kin member. And of course the protocol for your kith to recover your vault if they wish after your death.

Checklists

Finally the guide gives a set of quick reference checklists that you can follow for given scenarios to give you peace of mind that you are not making mistakes. They included everything form deciding where a password must live, what to do if you suspect a password has been breached, what to take with on and overseas trip and so on.