SHEET 07 Founder & succession key Rev. 2026.06 SCALE 1:1
Founder & succession key

Don't let one person quietly hold the company.

The credentials only the founder knows. The signing key only the CTO has. The domain account in someone's personal email. Split them across the people who should hold them, with the threshold you choose.

See plans Try it free
founder KEY split i CEO ii CTO iii BOARD threshold 2 OF 3 FIG. 01
§ 01 · Concentrations of risk

What one person quietly holds.

Sheet 01-AHigh risk

The credential no one wrote down.

The root password from day one. The signing key that ships every release. The wallet address. Held in one head, on one laptop, with no fallback the rest of the team can name.

a.Single point of personnel
b.Untransferable in a crisis
Sheet 01-BHigh risk

The account in a personal inbox.

The domain registrar. The Stripe owner. The Apple developer account. Created from one founder's personal email, never transitioned, never documented, never noticed until they leave or are unreachable.

a.Owner-locked recovery
b.Months to untangle, if at all
Sheet 01-CHigh risk

The succession plan that does not exist.

The board has policies. The cap table is tracked. The credentials are not. If the CEO is unreachable for two weeks, what does the business actually have to keep operating? Most teams do not know.

a.No documented chain of access
b.Discovered only when needed
§ 02 · Succession schematic

One key. Three independent holders.

A typical 2-of-3 across the small group of people who, together, ought to be able to reach the credential. None of them alone can.

SOURCE Founder's key Root credential bundle AES-256-GCM ENCRYPTION layer i SHAMIR 2-OF-3 SPLIT layer ii i CEO SHARE 01 / 03 ii CTO SHARE 02 / 03 iii Board chair SHARE 03 / 03 DWG S-01 | REV 2026.06
Holder node
Distribution path
Cryptographic layer
The credential one person holds is the credential the company holds.
Threshold Vault · Operating principle
§ 03 · Procedure

Four nodes. One ceremony.

The whole arrangement runs in a single sitting, in your browser, with no server involvement. Bundle, encrypt, split, distribute. Reviewed annually thereafter.
01
BUNDLE

Assemble the credential bundle

Root passwords, signing keys, registrar logins, the recovery codes that prove identity. Whatever the company genuinely cannot afford to lose, bundled as plain text in one place, briefly.

02
ENCRYPT

Encrypt with AES-256

The bundle is encrypted in your browser. Authenticated encryption, tamper detection on recovery. The ciphertext alone is meaningless. The key is what matters next.

03
SPLIT

Split the key across roles

Choose N holders and threshold K. Typical for a small leadership team is 2-of-3. The encryption key becomes N shares, each meaningless below the threshold.

04
DISTRIBUTE

Hand out the shard cards

Each holder receives a shard card and a one-page protocol. They are not asked to understand cryptography. They are told what to do, in plain language, when and only when the day comes.

§ 04 · Detail callout

Two layers, both auditable.

i
Layer I · Cipher

AES-256-GCM encrypts the bundle

Authenticated symmetric encryption. GCM mode detects tampering on recovery. Without the encryption key, the ciphertext is meaningless and indistinguishable from random output.

CipherAES-256
ModeGCM (authenticated)
Tamper-evidentYes
ii
Layer II · Scheme

Shamir splits the key

From Adi Shamir's 1979 paper. Each share is a point on a polynomial over GF(256). K points reconstruct it. Fewer than K reveal zero information about the key. Provable, not promised.

SchemeShamir K-of-N
FieldGF(256)
Test vectors51 verified
Source on GitHub Security model
§ 05 · Engineering note

We hold zero.

Your security team can audit this and your auditor can attest to it. There is no server-side state to seize, freeze, or hand over. The arrangement is engineered to give us nothing meaningful to give up.

a.
The bundle never leaves your device.
Not stored
b.
The encryption key is generated locally.
Not seen
c.
The shares are produced in your browser.
Not held
d.
Recovery runs offline, from your archive.
Vendor-free
§ 06 · Engineering log

Questions from technical leaders.

Q.01RECORDED
A shared password manager hands access right now and asks every holder to be trustworthy every day. Threshold Vault holds nothing while the founder is here, and only resolves to the credential when K holders convene. Two different threat models, both legitimate.
Q.02RECORDED
Run a new ceremony with the replacement holder. The old shares become obsolete the moment the new scheme is issued. The Lost-Holder Replacement Plan documents the process. Plan for this annually rather than ad hoc.
Q.03RECORDED
Yes. The cryptographic core is open source with 51 published test vectors. The recovery tool ships inside every archive and runs offline. Your team can verify the exact code that produces and consumes shares.
Q.04RECORDED
For human-held, high-stakes secrets, yes. Compliance attestations are downstream of your specific environment, your auditor, and how the scheme integrates into existing controls. For institutional setups beyond the standard tiers, get in touch and we will size the engagement.
Q.05RECORDED
The shard cards still work. The recovery tool ships inside your archive, runs offline, and the cryptography is open source. The scheme is engineered to outlive the company that produced it.
Sheet 09 · closing

Build the succession plan you should already have.

Try the cryptography on a throwaway value. No signup. When you are ready, the plans are one step away.

Try it free See plans