Key Man Out

Getting Started with Key Man Out

Learn how to create your account, set up your first team, and start securing your sensitive information with Key Man Out's zero-knowledge vault.

Getting Started with Key Man Out

Welcome to Key Man Out, a secure Business Continuity Vault designed to help families and businesses protect critical information while maintaining controlled access for designated successors.

What is Key Man Out?

Key Man Out is a zero-knowledge security vault that stores your sensitive assets (passwords, documents, instructions, secrets) with end-to-end encryption. Unlike traditional password managers that give constant access, Key Man Out implements strict controls to ensure successors can only access information when truly needed, reducing the risk of unauthorized access or information breaches.

Key Features

  • Zero-knowledge encryption: Your data is encrypted client-side before reaching our servers
  • Team-based access control: Share assets securely within defined teams
  • Time-limited vault access: Automatic 30-minute auto-seal prevents prolonged exposure
  • Role-based permissions: Custodians, Gatekeepers, and Successors with different access levels
  • Access notifications: Get notified when someone views your secrets
  • Multi-device support: Access your vault from any device with your key phrase

Creating Your Account

Key Man Out offers multiple secure authentication methods to get you started quickly.

Sign Up Options

  1. OAuth Providers (Recommended for fastest setup):
    • Google
    • Apple
    • GitHub
  2. Email and Password:
    • Traditional email/password authentication
    • Requires email verification
  3. Advanced Options:
    • Magic Link: Passwordless login via email
    • Passkey: Biometric authentication (fingerprint, face ID)
    • Phone Number: SMS-based authentication

Registration Steps

  1. Navigate to the registration page
  2. Choose your preferred authentication method
  3. Complete the sign-up process
  4. Verify your email (if using email/password method)
  5. Log in to access your dashboard

Note: If you register with an OAuth provider (Google, Apple, GitHub), your email is automatically verified and you can start using the service immediately.

Creating Your First Team

After logging in, you'll need to create a team before you can store any assets. A team is a group of users who can securely share access to assets.

Team Creation Process

  1. Click "Create New Team" from your dashboard
  2. Fill in the team details:
    • Team Logo (optional): Upload a 1:1 aspect ratio image (recommended: 1 MB max)
    • Team Name (required): Personal or company name
    • Team URL (required): A unique URL slug (e.g., my-awesome-team)
    • Key Phrase (required): Your encryption master key
    • Key Phrase Reminder (optional): A hint to help remember your key
  3. Click "Create team"

Understanding the Key Phrase

CRITICAL INFORMATION - Read this carefully:

The Key Phrase is the most important security component of your team:

  • Used for end-to-end encryption: All your assets are encrypted client-side using this key
  • Never stored on our servers: Only a hash is stored, making it impossible for us to decrypt your data
  • Cannot be recovered if lost: There is NO way to recover your assets if you lose this key phrase
  • Must be shared with team members: Everyone who needs access must know this exact phrase
  • Case sensitive: MyPassword is different from mypassword

Best Practices for Key Phrases

  • Use a long passphrase (minimum 12 characters, but longer is better)
  • Make it memorable but not guessable
  • Consider using a randomly generated sentence that makes enough sense to remember
  • Example: purple-elephants-dance-under-moonlight-47
  • Store it securely outside the system (physical safe, trusted password manager, etc.)

Key Phrase Reminder

The optional Key Phrase Reminder field lets you store a hint to help jog your memory:

  • Be careful: Don't make the reminder so obvious that it helps attackers
  • Good example: "The phrase mom used at her favorite lake in 2019"
  • Bad example: "purple elephants" (too revealing)

Warning: Losing your key phrase means permanent loss of access to all encrypted data. There is absolutely no recovery mechanism.

Unsealing Your Vault

Once your team is created, the vault starts in a sealed state. You must unseal it to view or manage assets.

How to Unseal

  1. Navigate to your team's dashboard
  2. You'll see a hero screen with a key input form
  3. Enter your Key Phrase (exactly as you created it)
  4. If the reminder was set, it will be displayed to help you remember
  5. Click "Unseal Vault"

Unsealed State Features

When successfully unsealed, you'll see:

  • An unlocked padlock icon in the sidebar showing unsealed status
  • A countdown timer showing remaining time (starts at 30:00)
  • A "Seal Vault" button to manually re-seal at any time

Auto-Reseal Timer

For security, your vault automatically reseals after 30 minutes of being unsealed:

  • The countdown timer updates every second
  • You'll receive a notification when time expires
  • The vault immediately returns to sealed state
  • You'll need to re-enter your key phrase to access assets again

Manual Sealing

You can manually seal your vault at any time:

  1. Click the unlocked padlock icon in the sidebar
  2. Click "Seal Vault"
  3. The vault immediately becomes sealed

Security Tip: Always seal your vault when you're done working with sensitive information, especially on shared or public computers.

Creating Your First Asset

With your vault unsealed, you're ready to store your first secure asset.

What is an Asset?

An asset is a secure container for storing sensitive information. Each asset can include:

  • Name: A descriptive title (e.g., "Company Email Account")
  • Website: Optional URL to the service (e.g., https://mail.google.com)
  • Instructions: Rich text notes with formatting (markdown support)
  • Secret: Encrypted text field for passwords, API keys, etc.
  • File Attachments: Encrypted files (PDFs, images, documents, etc.)

Creating an Asset

  1. Make sure your vault is unsealed
  2. Navigate to your team's dashboard
  3. Click "New Asset" or the "+" button
  4. Fill in the asset details:
    • Name (required): Give your asset a clear, descriptive name
    • Website (optional): Add the URL if applicable
    • Instructions (optional): Add any notes, instructions, or context
    • Secret (optional): Store encrypted passwords or sensitive text
    • Attachments (optional): Upload encrypted files
  5. Click "Create Asset"

Asset Features

Automatic Brand Logos

When you enter a website URL, Key Man Out automatically:

  • Extracts the domain name
  • Looks up the brand's logo
  • Displays it next to your asset for easy visual identification
  • Falls back to showing initials if no logo is available

Rich Text Instructions

The instructions field supports rich formatting:

  • Headings: H1, H2, H3, etc.
  • Lists: Bulleted and numbered lists
  • Text formatting: Bold, italic, underline
  • Blockquotes: For important notes
  • Code blocks: For technical information

Encrypted Secrets

The secret field is specially designed for sensitive data:

  • Hidden by default (you must click "Edit Secrets" to view/modify)
  • Encrypted client-side before transmission
  • Decrypted only when explicitly requested
  • Access triggers notification to the asset custodian (owner)

File Attachments

Attach encrypted files to your assets:

  • Upload multiple files at once
  • Files are encrypted client-side before upload
  • Download individually or all at once
  • Automatic decryption on download
  • Team owners can delete individual attachments

Auto-Save Feature

Key Man Out includes an intelligent auto-save system:

  • Automatic draft saving: Your edits are saved to browser storage every few seconds
  • Multi-tab support: Each asset edit session is tracked separately
  • Unsaved changes indicator: Visual warning when you have unsaved changes
  • Browser protection: Prevents accidental navigation away from unsaved work
  • 8-hour expiry: Auto-saved drafts expire after 8 hours
  • Draft restoration: Automatically restored when you return to editing

When you have unsaved changes:

  • A "Discard Changes" button appears at the top of the asset
  • Click "Edit" to resume editing and restore your draft
  • Click "Discard Changes" to permanently delete the auto-saved draft

Note: Auto-saved data is stored only in your browser's local storage and is never transmitted to our servers until you explicitly save the asset.

Next Steps

Now that you've created your first asset, you're ready to:

Common Questions

Why do I need to unseal the vault every time?

The sealed/unsealed system adds an extra layer of security. Even if someone gains access to your account, they cannot view encrypted assets without the key phrase. The 30-minute timer ensures the vault doesn't stay vulnerable for extended periods.

Can I change my key phrase later?

No, the key phrase cannot be changed after team creation. This is because all existing assets are encrypted with the current key. To use a new key phrase, you would need to create a new team and re-create all assets.

What happens if I forget my key phrase?

Unfortunately, there is no recovery mechanism. The zero-knowledge architecture means we cannot decrypt your data without the key phrase. This is why the key phrase reminder and secure external storage are so important.

Can I belong to multiple teams?

Yes! You can create multiple teams or be invited to join teams created by others. Each team has its own independent key phrase and set of assets.

Is my data safe?

Yes. Key Man Out uses industry-standard AES-256 encryption. Your data is encrypted client-side before leaving your device, and we never have access to your encryption keys or decrypted data.

Team Management

Learn how to create, manage, and collaborate with teams in Key Man Out. Understand team roles, member management, and best practices for secure collaboration.