Skip to content

Owner guide

A user with the manage own pdv vault permission manages their vault at /user/{user}/vault (the Vault tab on their user page). Everything here is doable in the browser.

Adding items

  • Add a document uploads a file, encrypts it, and stores it under a chosen kind. For a unique kind that you already have, tick Replace existing document to erase and replace the old one.
  • Add a record (one button per record kind) opens a form generated from that kind's fields. Records appear under My structured data with View / Edit / Delete; editing re-encrypts in place and keeps any grants you have already given.

Sharing

There are three ways a consumer ends up with access:

  • Grant access - you pick one of your documents or records and a consumer, and grant it directly.
  • Incoming requests - a consumer asked for a kind; you Approve (binding the request to one of your items) or Decline it. The Access column shows whether a request is for read or write.
  • Trust a consumer - a standing pre-authorization for a kind, so the consumer does not have to ask each time. See below.

Active grants are listed under Active grants and can be Revoked at any time.

Trusting a consumer

Add trusted consumer pre-authorizes a consumer for a chosen document or record kind, in one or both directions:

  • Read - the consumer may read any of your items of that kind, now and in the future, without a per-request consent. This is a broad, standing authorization; revoke it when no longer needed.
  • Write - the consumer may save items of that kind into your vault without the per-upload consent page. Write does not also grant read: tick both if the consumer needs to read your items as well as write them.

Each scope is a separate entry in Trusted consumers and is revoked independently.

By default a trust lasts until you revoke it. When you add one you can instead set an expiry (for example 30 days, 6 months or a year): once it lapses the consumer is asked for consent again. The same expiry choice appears wherever you grant ongoing access, such as the consent page for an incoming request.

Deleting (cryptographic erase)

Delete on any document or record destroys its key material, so the ciphertext becomes permanently unrecoverable, and removes any grants on it. There is no undo. See Concepts.

Keeping your vault

A site may delete a vault that goes unused for a long time (data minimization). You are warned by email well before, and simply using your vault - logging in or opening it - resets the clock, so an active vault is never deleted. If you are stepping away, you can download a copy of your data first with the Download my data button on your vault page.