# Vaults

Vaults are the heart of the custodial wallet system provided by Elements. A Vault securely stores multiple [wallets](https://manual.namazustudios.com/v3/web-3/wallets) and consists of a public/private key pair.&#x20;

The contents of the vault's private key can be optionally secured using [AES-256](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard). If enabled on a vault, the user must supply their secret passphrase on each request to unlock the contents of the vault.&#x20;

{% hint style="warning" %}
When designing an application, we strongly recommend that all vaults are encrypted with a passphrase.
{% endhint %}

Because the Vault uses private key encryption, it is possible to generate or insert new custodial wallets without needing to unlock the vault first. In this case, Elements simply uses the public key to insert the wallet into the Vault.

### Vault Properties <a href="#vault-properties" id="vault-properties"></a>

* [id](https://manual.namazustudios.com/v3/general/general-concepts#id-property)
* [displayName](https://manual.namazustudios.com/v3/general/general-concepts#display-name-property)
* **user** - The user which owns the vault
* **key** - The key pair which Elements uses to store the wallets in the Vault

### Vault Key Properties <a href="#vault-key-properties" id="vault-key-properties"></a>

* **algorithm** - this is the encryption algorithm Elements uses to store the wallets in the vault. The available algorithms are as follows:
  * [Elliptic Curve 256](https://en.wikipedia.org/wiki/Elliptic-curve_cryptography)
  * [Elliptic Curve 384](https://en.wikipedia.org/wiki/Elliptic-curve_cryptography)
  * [Elliptic Curve 512](https://en.wikipedia.org/wiki/Elliptic-curve_cryptography)
  * [RSA 256](https://en.wikipedia.org/wiki/RSA_\(cryptosystem\))
  * [RSA 384](https://en.wikipedia.org/wiki/RSA_\(cryptosystem\))
  * [RSA 512](https://en.wikipedia.org/wiki/RSA_\(cryptosystem\))
* **publicKey** - This is the public key portion of the vault. This is always stored unencrypted.
* **privateKey** - This is the private key portion of the vault. This is either encrypted or stored as plain text.
* **encrypted** - A boolean value indicating whether the vault private key is encrypted
* **encryption** - An arbitrary key-value object which contains encryption metadata. Elements uses this internally to perform various operations against the private key itself.