at rest
the two-person rule
Some secrets need
more than one human.
the policy is the rule
No one person can release it.
approval policy
prod/root-ca
requires 2 of 3 approvers
tanya · marcus · priya
deploy@ci-runner
→ release
prod/root-ca
two approvers countersign
threshold
0 of 2
1 of 2
2 of 2 · met
tanya
prod/root-ca
Countersign
Countersigned
✓ on her phone
marcus
prod/root-ca
Countersign
Countersigned
✓ on his phone
threshold met · released for one use · neither key ever left a phone
No single person can
release it. The threshold
is the policy.
stillvault
stillvault.ai