chela explained

chela splits a BIP-39 wallet seed (or any short secret, up to 255 bytes) into N shares using Shamir's Secret Sharing, then recovers the original from any M of them. Each share is just a short list of BIP-39 words - the same kind a wallet seed uses - that you can print, lock in a safe, hand to a trusted person, or store in another country. The scheme is information-theoretically secure: any M−1 shares reveal nothing about the secret, which makes it practical for inheritance planning and disaster recovery with no single point of loss or compromise.

The secret can be anything short you must not lose and must not leak: a BIP-39 wallet seed, a master password, a safe or lock combination, two-factor recovery codes, the location of an important document, even a plain message - any text up to 255 bytes.

It runs three ways, all producing and reading the same shares: a website that works entirely in your browser with nothing installed, an interactive terminal wizard, and a scriptable command line.

New here? Try the live website now - it runs in your browser for demonstration; for a real secret, run it offline.

Who chela is for

Inheritance planning. Split a hardware-wallet seed so heirs can recover access without a single point of failure, and without any one executor holding the whole secret before it is needed.
Disaster recovery. Store shares in physically separate locations (home safe, bank box, trusted relative). Losing one location does not lose the secret; a house fire or flood cannot wipe out recovery.
Eliminating the single-point-of-compromise. No single safe, hard drive, or person holds a copy of the whole secret. An adversary who obtains one share learns nothing.

Who chela is not for

It does not replace a hardware wallet. chela protects the backup seed; your hardware wallet protects day-to-day signing. Use both.
It cannot recover what you can no longer gather. chela removes single points of failure, but you still have to bring M shares back together. Give them to people and places you can reach again; scatter every share beyond recall and you have locked yourself out.
It does not defend against a coalition of M shareholders. If M people you gave shares to conspire, they can recover the secret. Choose your shareholders with the same care you would choose co-signers.

Diagram: a secret is split into five shares; any three combine back into the secret. — A 3-of-5 split: the secret becomes five independent shares. Any three shares reconstruct the original; two shares or fewer reveal nothing.

Use it →

Step through splitting a secret and recovering it - with screenshots - in whichever interface you prefer: the website, the terminal wizard, or the command line.

Start the splitting walkthrough

Understand it →

Why a handful of word lists can rebuild a secret while any one of them reveals nothing - and exactly what the words encode.

Start with the theory

Evaluate it →

Skip to the grep commands, the opt-in unsafe files, the threat model, and the reproducible-build checks. Decide whether to trust it.

Audit chela yourself