Access Control
The Document Vault uses wallet-based authentication to enforce strict access control over your documents. By default, only the wallet that uploaded a document can access it. This guide explains the access control model and how to manage document sharing.
Default Access Model
Every document in the vault follows a simple default rule:
Only the wallet that uploaded the document can decrypt and access it.
This is enforced cryptographically, not just by policy. The encryption key for each document is derived from the uploading wallet's signature. Without the wallet's private key to produce the correct signature, the encryption key cannot be derived, and the document cannot be decrypted.
What This Means
- No admin access: Hadinet operators cannot read your documents. The TEE attestor handles encryption and decryption, but the keys exist only during the operation and are derived from your wallet.
- No password recovery: If you lose access to your wallet, your documents are permanently inaccessible. There is no backdoor, master key, or recovery mechanism.
- No third-party access by default: No institution, verifier, or other user can access your documents unless you explicitly grant access.
Granting Access
The vault supports granting time-limited, revocable access to specific documents. This allows you to share a document with an institution or individual without giving up control.
How Access Granting Works
- Select a document in your vault and choose to share it.
- Specify the recipient (wallet address or institution).
- Set access parameters:
- Duration: How long the recipient can access the document (time-limited).
- Access type: View-only (the recipient can view/download but not re-share).
- Confirm by signing a message with your wallet.
Access Grant Properties
| Property | Description |
|---|---|
| Time-limited | Access expires after the specified duration |
| Revocable | You can revoke access before expiration |
| Non-transferable | The recipient cannot re-share the document |
| Auditable | All access grants are recorded on-chain |
| Independent | Revoking shared access does not affect your original document |
Revoking Access
To revoke access to a shared document:
- Navigate to the document in your vault.
- View current access grants.
- Revoke the recipient whose access you want to remove.
- Confirm by signing with your wallet.
What Happens After Revocation
- The on-chain access record is updated to reflect the revocation.
- The recipient can no longer decrypt the document.
Institutional Access
Certain workflows involve institutions requesting access to your documents. For example, a financial services provider may need to verify your identity documents for compliance purposes.
How Institutional Access Requests Work
- An institution sends you an access request through the Hadinet platform.
- You receive a notification in your vault interface.
- You can review the request, including which institution is requesting access, which document type they need, the stated purpose, and the requested access duration.
- You can approve or deny the request.
- If approved, time-limited access is granted automatically.
Important: Institutional access requires your explicit consent. There is no administrative override, backdoor, or bulk access mechanism.
Access Audit Log
All access-related events are recorded on-chain and visible in your vault:
| Event | Recorded Data |
|---|---|
| Access granted | Recipient, document type, expiration, timestamp |
| Access revoked | Recipient, revocation timestamp |
| Access expired | Recipient, expiration timestamp |
The audit log is immutable and provides a complete history of who has been granted access to your documents.
Best Practices
- Minimize access duration: Grant the shortest access window necessary for the recipient's purpose.
- Review access regularly: Check active grants periodically.
- Revoke unused access: If an institution no longer needs access, revoke it proactively.
- Protect your wallet: Your wallet is the key to your vault. Use hardware wallets and strong security practices.