Getting Started
The Document Vault is accessible to any user with a supported Web3 wallet. This guide walks you through accessing the vault, authenticating, and understanding the interface for the first time.
Prerequisites
Before using the Document Vault, you need:
- A supported wallet: MetaMask, WalletConnect-compatible wallets, or any wallet supported through Privy's authentication layer.
- A modern web browser: Chrome, Firefox, Edge, or Brave with JavaScript enabled.
Accessing the Vault
- Navigate to the Hadinet application.
- Connect your wallet using the wallet connection prompt.
- Once connected, your wallet address will appear in the header.
First-Time Authentication
The first time you access the vault, you will be prompted to sign a message with your wallet. This signature serves two purposes:
- Identity verification: It proves you control the wallet address without transmitting your private key.
- Key derivation: The signature is used inside the TEE to derive your vault encryption key. This is not a transaction and costs no gas.
The Sign-to-Unlock Flow
- Navigate to the Document Vault section.
- You will see a prompt to sign and unlock your vault.
- Your wallet will display a message to sign.
- Sign the message in your wallet.
- The TEE attestor verifies your signature and derives your encryption context.
- Your vault unlocks, displaying any existing documents or an empty state for new users.
The sign-to-unlock step is required each session. Your vault session expires after a period of inactivity for security. You will need to sign again to re-access your documents.
First-Time Setup
When you access the vault for the first time, there is no explicit setup process. The vault is ready to use immediately after authentication. Your DID (did:key) is derived automatically from your wallet's public key, and your encryption context is established during the sign-to-unlock flow.
What Happens Behind the Scenes
- DID computation: Your
did:keyidentifier is computed from your wallet's public key. This happens deterministically -- there is no registration step. - Encryption context: The TEE derives your wallet secret from your signature and prepares the context for encrypting and decrypting documents.
- On-chain query: The system queries the Cartesi rollup for any existing document metadata associated with your DID.
- Vault display: If you have existing documents, they appear in the vault interface. If this is your first time, you see an empty vault with a prompt to add documents.
Understanding the Vault Interface
Document Groups
The vault organizes documents into two groups:
- Verified Documents: Documents that have been attested by an institutional verifier (e.g., a KYC provider verified your passport). These carry cryptographic proof of attestation.
- Self-Attested Documents: Documents you uploaded yourself without third-party verification. These are encrypted and stored with the same security, but do not carry institutional attestation.
Document Cards
Each document in the vault appears as a card showing:
- Document type (e.g., identity, financial, education)
- Upload date
- Attestation badge (verified or self-attested)
- Actions: Download, View, Delete
Session Management
- Session duration: Vault sessions have a timeout. After a period of inactivity, you will need to sign again to re-unlock.
- Multiple devices: You can access your vault from any device using the same wallet. Documents are not device-specific.
- Wallet switching: If you switch wallets, you will need to sign again with the new wallet. Each wallet has its own independent vault.
Next Steps
- Uploading Documents -- Learn how to add documents to your vault.
- Managing Documents -- View, download, and delete documents.
- Access Control -- Understand who can access your documents and how to grant access.