[taberiand]

I think the problem with that would be the copy would go stale fairly quickly right? I suppose the process could make it so the data set is encrypted with all associated keys everytime it's uploaded from the client

[selykg]

Shared key.

You have a key, which encrypts a shared key.

Your spouse has a key, which encrypts the same shared key.

Vault is encrypted with the shared key.

Access is controlled separately. But upon successful share, their existing key can decrypt the shared key which decrypts the vault.