Passport prime master key question

Hey

When setting up the passport prime and creating the master key, I see there’s an option to restore a master key too. I also have a passport core. Is it possible to make it so that the prime and core both talk to the same bitcoin wallet/seed phrase? Or am I getting the master key confused with something else? I’m just trying to keep my life simple and not have a bunch of seed phrases and wallets laying around, and I want to consolidate if possible.

What’s your best recommendation? Should I make a new master key with my passport prime and then can I connect to the same wallet with the same seed phrase asmy passport core or should I do it all separate?Looking for feedback from your expertise.

Hey Carson, good question and you’re not confusing things, there’s just a bit of terminology overlap to untangle.

Yes, it’s possible to have both Passport Prime and Passport Core controlling the same Bitcoin wallet from the same seed. Under the hood, Prime’s “master key” is a standard BIP39 seed (12 words), the same format Core uses. What makes Prime’s setup feel different is that it uses a 2-of-3 Shamir backup across NFC KeyCards and the Envoy app. But the underlying seed is BIP39, and you can view the words from Prime’s device settings whenever you need them.

That gives you a few options, and which one is “best” really depends on what you’re trying to optimise for:

Option 1: Same seed on both devices (maximum simplicity). Pick one device to generate the seed, then restore that same seed onto the other. When you set up Prime, instead of tapping “Create New” you’d choose the restore path and enter your existing Core seed words. Or, if you’d rather start fresh on Prime, generate on Prime, view the seed words from settings, and enter them into Core as a restore. Either way you end up with one set of seed words, one wallet, and two devices that can both sign for it. Pair both to Envoy and you’ll see the same balance and addresses from either one.

The tradeoff: if either device is ever physically compromised or one of your backups is exposed, both devices are affected because they share the same underlying key.

Option 2: Keep them separate (better compartmentalisation). Two seeds, two wallets, two backups to manage, but a clean separation. Some people like this for use cases like “Core is my long-term cold storage I rarely touch, Prime is my daily driver with smaller amounts,” so that a threat model affecting one doesn’t automatically affect the other. More complexity, but more isolation.

Option 3: Set Prime up fresh and import your Core seed into the Vault app later (coming soon, not available yet). This one isn’t possible today, but it’s worth mentioning because it’s coming in the next major release of KeyOS. The idea is that you’d set Prime up normally with a brand new master key, get your 2-of-3 backup sorted with the NFC KeyCards and Envoy, and then separately import your existing Core seed into the Vault app on Prime as an additional seed. That way Prime has its own fresh master key (with its own clean backup setup), and the Core seed lives alongside it in Vault so you can still sign Core transactions from Prime without having to carry both devices around.

Important caveat: this is not live yet. The import-seed functionality for Vault is shipping in the next major KeyOS release, so if this option sounds appealing you’d want to hold off on committing to a setup until it lands. I’ll try to remember to update this thread when it ships.

I’d recommend #2.

Hope that helps, shout if anything is unclear.

Thank you for the detailed response. It’s much more clear now. I agree option 2 I think is best at the moment. Once option three is available, can I import my core information into prime even after prime has already been set up from option 2?or does using option 3 require prime to be at a wiped state? I’m trying to determine if it’s worth doing option 2 now or wait for option 3.

And then going back to something you said where if both devices have the same seed and one gets compromised, they’re both affected. this also kind of applies to option three correct? Because prime will have both seeds stored.

Thanks!

You don’t need to wipe Prime for #3. The Vault app is for additional seeds and passwords.

And yes, if Prime is compromised then the info within also will be. Assuming the attacker is able to gain entry without triggering a tamper event which wipes the Master Key, locking them out.

Great thank you!