Secure Instructions is a simple, private way to ensure your most important information—like passwords, legal wishes, or “if I’m not here” steps—is only accessible when a specific group of people you trust come together.
Think of it like a digital safety deposit box that requires multiple physical keys to open.
Life is unpredictable. This tool is designed for scenarios where you need to pass on sensitive information safely:
Instead of one master password that could be stolen, you split the “key” into several pieces (called Shares).
You decide the math: For example, you give out 5 passwords, but require any 3 to unlock the file ($k=3, n=5$). This way, if one person is unavailable or loses their password, the vault can still be opened, but no single person can “snoop” on their own.
When you create the vault, you will also get a Master Key. It allows you to re-open the document later to edit the contents. Keep this safe!
If the required number of people combine their passwords, they can create a new document that works with the same keys. This means: This tool is great for access control (keeping secrets safe until needed), but it is not a replacement for a digital signature. A digital signature proves who wrote a document. This tool only protects who can read it.
There are two ways to give your trusted people access. Each has pros and cons:
| Method | How it works | Pros | Cons |
|---|---|---|---|
| The “Distributed” Way | Send the HTML file and one password to everyone. | No single point of failure. Everyone has the vault safely on their own computer. | If you update the instructions, you must send the new file to everyone again. |
| The “Central” Way | Put one file on a shared drive or USB stick. Give everyone their unique password. | Easy updates. You only manage one file. | If the shared drive is deleted or the USB is lost, the instructions are gone forever. |
Yes. Absolutely.
If you want to run this tool offline to create or edit vaults, or if you want to modify an existing file you have downloaded, you must serve the file using a local web server.
Why?
Modern web browsers have strict security rules (CORS and Origin policies) that prevent web pages opened via file:// (double-clicking) from performing certain actions, like robustly saving a new version of itself.
Since this is a self-modifying HTML file, the code that generates the new HTML file (including your encrypted tokens) is contained within the HTML file itself. When you save your vault, the application reads its own source code, injects your new encrypted data, and offers the updated file for download. This cycle ensures that the new file contains everything needed to run the application, including the logic to create the next version.
How to run a local server:
Open your terminal/command prompt in the folder where secure-instructions.html is located and run one of these commands:
python3 -m http.server
npx http-server
php -S localhost:8080
Then open your browser to http://localhost:8000 (or the port shown in your terminal).
The easiest way to create your secure vault is to use our privacy-respecting version:
👉 https://secure-instructions.hexe.monster/secure-instructions.html
(Note: Even when using this link, your data stays in your browser and is never sent to our servers.)
During the polishing phase of this project, a similar tool called Rememory was featured on Hacker News.
In the comments of that discussion, another pioneer in this space was mentioned: Keybearer, which dates back to 2012!
This project “Secure Instructions” is licensed under the MIT License.
This application includes the secrets.js library, which implements Shamir’s Secret Sharing. It is created by amper5and (Alexander Stetsyuk) and others.
secrets.js is also licensed under the MIT License:
Copyright (c) 2014 Alexander Stetsyuk … (full license text preserved) …