Documentation
Decoy Vault
The Decoy Vault is an optional safety feature that allows VeilVault to present a non-sensitive vault when unlocked with a secondary password.
VeilVault is a security-first, offline-only password vault developed by CodeVeil.
The Decoy Vault is designed to reduce harm in coercive or high-pressure situations, not to provide absolute concealment.
Purpose
The Decoy Vault exists for scenarios where a user may be:
- Forced to unlock the app
- Pressured to reveal access credentials
- Unable to safely refuse access
In such cases, the Decoy Vault allows access to a plausible but non-sensitive dataset, while keeping the real vault protected.
How the Decoy Vault Behaves (High-Level)
- A separate password unlocks a decoy session
- The decoy session displays realistic-looking entries
- Real vault data is not loaded during a decoy session
- Real vault encryption keys are not derived during a decoy session
The decoy session is isolated from the real vault.
What the Decoy Vault Is
- A defensive safety mechanism
- A way to reduce immediate risk
- A separation between real and non-sensitive data
The Decoy Vault is intentionally limited in scope.
What the Decoy Vault Is Not
The Decoy Vault does not:
- Hide the existence of VeilVault
- Provide cryptographic deniability
- Protect against forensic analysis
- Prevent discovery by a determined or technical attacker
It is not a guarantee of anonymity or invisibility.
Decoy Data Variability
Decoy vault contents are generated to appear realistic and non-identical across different installations, reducing obvious repetition or templated patterns.
The exact generation process is intentionally not documented.
Interaction with Biometrics
For safety reasons:
- Biometric unlock is suppressed after a decoy unlock
- A real master password unlock is required before biometrics can be used again
This prevents accidental access to the real vault following a decoy interaction.
Limitations
The Decoy Vault cannot protect against:
- Attackers who already know the real master password
- Malware or system-level compromise
- Detailed analysis of application behavior
- Coercion combined with extended access or technical inspection
Its effectiveness depends on context.
User Responsibility
Users choosing to enable the Decoy Vault should understand:
- It is a risk-reduction feature, not a shield
- It works best when configured in advance
- It should not be relied on as sole protection in high-risk environments
VeilVault does not recommend decoy features as a substitute for personal safety.
Summary
The Decoy Vault provides a controlled, isolated alternative unlock path designed to reduce exposure in specific situations.
It favors honesty and predictability over exaggerated claims, and it clearly documents its limitations.