On this page
The Container That Makes It All Work
Every consumable project in SmartSupplySystem — every authenticated ink, media roll, or replacement part — belongs to a Supply Vault. Think of it as a secure container that holds your consumable data: the product definitions you create, the authentication records they generate, and the settlement history they accumulate over time.
The vault is not a filing cabinet. It is an active part of the authentication process. When an operator scans a QR code at the press, the system verifies the consumable against your vault to confirm it is genuine. When ink is consumed during a job, the record of that consumption is written to your vault. When you need to audit what happened in production last month, the answer is in your vault.
This central role is why the vault matters: it is the thing that connects your physical consumables to the data about them.
Why You Need One Before Anything Else
You cannot compile a consumable project without a Supply Vault. This is by design.
Every project in SmartSupplySystem is associated with a specific vault at the time of creation. The vault is the identifier that makes your projects uniquely yours. Two companies can use identical ink formulations and identical label designs — but their projects belong to different vaults, and that difference is what makes authentication possible.
This means vault creation is always step one. Before you define your first product, before you generate your first label, before you run your first authenticated print job — you create your vault.
The good news is that vault creation takes under a minute with AI assistance. You do not need technical expertise, and you do not need to understand the underlying infrastructure. You give it a name, and your AI assistant handles the rest.
Your Immutable Vault Passphrase
When your vault is created, the system generates an Immutable Vault Passphrase — a sequence of twelve ordinary English words. This passphrase is the master key to your vault.
It looks something like this:
marble / river / falcon / gentle / stone / bright / harbor / velvet / north / candle / drift / anchor
The words are randomly selected and combined in a specific order. Together, they form a key that is mathematically unique — the odds of two people generating the same passphrase by chance are astronomically small.
Here is what you need to know about this passphrase:
It is generated once. The passphrase is created when the vault is set up. It cannot be changed, regenerated, or reset.
It is your responsibility. Write it down. Store it somewhere safe — not in a digital document on the same computer, not in an email you might delete. Treat it the way you would treat the combination to a physical safe.
It is the only way to recover your vault. If you lose access to the device or account you used to set up your vault, your passphrase is the only way to restore access. There is no account recovery, no "forgot your passphrase" button, no support ticket that can restore access without it.
Lucid Dream cannot recover it for you. This is deliberate, and it is a feature, not a limitation. We explain why below.
What "Non-Custodial" Means in Plain Language
SmartSupplySystem uses what technologists call a non-custodial model. In plain terms, this means: you are the primary authority over your vault, and your passphrase is never treated as a shared secret.
When you store a file on a cloud service, that service technically has the ability to access your file. They may choose not to — and they may be legally prohibited from doing so — but the capability exists.
Your Supply Vault is designed around a stronger principle. Your Vault Passphrase is encrypted before storage using industry-standard AES-256 encryption. The encryption key is managed separately from the database — an attacker who gains access to the database alone cannot decrypt your passphrase.
Your passphrase is never displayed in logs, AI chat transcripts, or support interactions. It is the one piece of data that exists only in your possession.
What this means in practice: During development and current pilot programs, Lucid Dream retains encrypted recovery capability to support onboarding and troubleshooting. As the platform matures, passphrase custody will transition fully to the customer — with no Lucid Dream involvement required for recovery.
What this means if you lose your passphrase today: Contact support. During the pilot phase, recovery may be possible through our encrypted backup. After full non-custodial deployment, recovery will not be possible without the passphrase itself — which is why we encourage you to store it somewhere physically secure from the moment of setup.
For industrial customers subject to data security requirements or audits, the architecture provides a clear answer: your passphrase is encrypted at rest, never logged, never shown in AI interactions, and your data is inaccessible to unauthorized parties without it.
What Lives in the Vault
Once your vault is set up and your passphrase is secured, here is what accumulates there over time:
Your consumable projects. Every product definition you compile becomes a project in your vault. Each project represents a type of consumable — a specific ink SKU, a media type, a replacement part.
Authentication records. Every time a consumable associated with your vault is scanned and verified at a print facility, a record is created. Over time, this builds into a complete picture of how your products move through the supply chain.
Settlement data. When consumables are used in production, their consumption is recorded to the vault. This is the basis for automated job costing, usage-based revenue models, and DPP lifecycle data.
Your Vault ID. Each vault has a unique Vault ID — a compact identifier derived from the passphrase. This ID appears in reports, on product documentation, and in integration configurations. It is public information; the passphrase, which grants control over the vault, remains private.
One Vault or Many?
Most organizations start with a single Supply Vault. That is appropriate for a pilot program or for initial product rollouts.
As your use of SmartSupplySystem grows, you may want to create additional vaults to separate projects by product line, manufacturing facility, or region. This is supported. Each vault is independent, with its own passphrase and its own set of projects.
There is no technical limit on the number of vaults an organization can maintain. The practical consideration is passphrase management: each vault requires its own passphrase to be securely stored and available when needed.
Getting Started
Creating your Supply Vault is the first step in any SmartSupplySystem pilot program. The process takes less than a minute using AI assistance through the MCP toolset.
For a full overview of the Supply Vault and its role in consumable authentication, visit the Supply Vault page. For a step-by-step guide to creating your first vault, see Setting Up Your First Supply Vault.
For Printer OEMs: Your Supply Vault is the security anchor for your entire consumable authentication program. Every authenticated unit — and every record it generates — is tied to a vault only your organization controls. This is what makes the system non-custodial and audit-ready.
For Compliance Teams: The vault architecture directly supports data sovereignty requirements. Your passphrase is encrypted at rest, never logged, and never visible in support or AI interactions. Authentication and lifecycle records are controlled by the organization that created the vault.
For Brands & Converters: Your provenance proof and production limits live in your vault — accessible only to you, and protected by a passphrase only you hold.