Skip to content
NAILS logo NAILS Docs

Hidden storage

NAILS is storage agnostic, not storage indifferent

Section titled “NAILS is storage agnostic, not storage indifferent”

The project does not require a single backend. That flexibility is useful, but it also means the security properties of your chosen backend feed directly into the final posture.

Backend questions to answer early

Section titled “Backend questions to answer early”
  • who can access the storage when it is not mounted
  • what logs or side effects the mount process creates
  • whether the backend stays available for the full activation window
  • whether the filesystem supports the expected Linux behavior

Common options

Section titled “Common options”

VeraCrypt hidden volume

Section titled “VeraCrypt hidden volume”

Useful when deniable encrypted storage is the primary goal.

Remote filesystem

Section titled “Remote filesystem”

Useful when you want less local evidence of hidden data at rest.

Removable encrypted media

Section titled “Removable encrypted media”

Useful when physical separation is part of the plan.

Operational warning

Section titled “Operational warning”

The backend should already be mounted and stable before nails activate begins. NAILS does not try to solve backend mounting for you.