coinhost / docs / creating a vault

Creating a vault

A vault is a 2-of-3 P2WSH multisig wallet controlled by three specific keys. This page walks through the wizard and explains what the app is doing at each step.

02 of 4 ~5 min read last updated Apr 18, 2026

The wizard

From the home tab, tap New vault. The wizard has six steps; the first three are all you do, the rest happen in the background.

Name & network. Give the vault a name ("Primary Savings", "Treasury") and pick testnet or mainnet.
Mobile key ready. Your key from getting-started is already available — shown with its fingerprint.
Hardware wallet. Choose Trezor, Ledger, or skip for now. Skipping leaves the vault in PENDING_HARDWARE state.
Recovery key. Coinhost's HSM generates this automatically. The xpub is returned; the private material never leaves the HSM.
Review. Confirm the three fingerprints and the derivation path.
Create. The vault is written to the server. If all three keys are present, status becomes ACTIVE.

Vault states

Your vault lives in one of three states. Each is a specific capability set:

PENDING_HARDWARE  →  created, no hardware key yet
                      no receive, no send, no sync
LOCKED            →  hardware key missing or compromised
                      view-only, no new addresses
ACTIVE            →  all three keys present
                      full send / receive / co-sign available

A brand-new vault is PENDING_HARDWARE until you finish the hardware pairing flow. This is why we recommend having your Trezor or Ledger nearby before starting — skipping keeps you in PENDING and you'll have to come back.

The descriptor

Under the hood, your vault is a Bitcoin output descriptor. It looks like this:

wsh(sortedmulti(2,
  [a1f04c92/48h/0h/0h/2h]xpub6D.../<0;1>/*,
  [8c9e3122/48h/0h/0h/2h]xpub6C.../<0;1>/*,
  [hsm00001/48h/0h/0h/2h]xpub6E.../<0;1>/*
))

Three parts to notice:

wsh(...) — P2WSH native SegWit. Addresses start with bc1q.
sortedmulti(2, ...) — BIP67 sort, 2-of-3 threshold. Pubkeys are sorted by derived binary value at each address, not by xpub string.
[fingerprint/path]xpub — each signer's BIP32 origin. The fingerprints let hardware wallets identify their own key when signing.

Sovereign note

You can copy this descriptor into Sparrow, Electrum, or Specter at any time. The vault will reconstruct identically. This is your escape hatch and it's always available.

Receive addresses

Once the vault is ACTIVE, tap Receive to generate an address. Each tap derives the next index — 0/0, 0/1, 0/2, and so on up to the BIP44 gap limit of 20.

Do not reuse addresses. The app will warn you if you try.

Your first send

A normal send needs two signatures. By default that's:

Mobile key signs locally, automatically, after you confirm amount and fee on your phone.
Hardware wallet signs after you verify address and amount on its screen.

Coinhost's recovery key does not sign normal sends. It only activates during recovery, after a 7-day cooling period.

Verify on device

Always verify the destination address on your hardware wallet's physical screen before approving. Your phone can be compromised. A hardware wallet screen is the last honest surface in the signing path.

← previousInstall & set up nextHardware setup →