Getting Started with KeyVawlt
Learn how to securely manage API keys with a zero-knowledge approach. This page covers the core workflow: create clients, add projects, store keys, and monitor health.
Quick Start Guide
A simple path from sign-up to your first encrypted key.
1. Sign Up
Create your account using Google OAuth for fast, secure authentication.
Do this immediately
2. Create Your First Client
Use clients to group keys by company or organization.
3. Add Projects
Create projects inside a client to separate apps, services, and environments.
4. Add Your First API Key
Add a key to a project. The key value is encrypted in your browser before it ever reaches our servers.
Security Overview
How your secrets stay secret.
Client-Side Encryption
API key values are encrypted locally (AES-256-GCM) before being transmitted. KeyVawlt cannot read or decrypt your keys.
What we can see
- Key names and metadata
- Platform information
- Expiry dates
- Health check results
What we cannot see
- API key values
- Decrypted content
- Your encryption keys
- Recovery phrases
Zero-Knowledge Architecture
We cannot recover your keys if you lose your encryption password or recovery phrase. Keep your recovery phrase safe.
Security reminder
Adding API Keys
Add keys once, then use them safely across your workflow.
Step-by-Step
Navigate to your project
Select the client and project where you want to add the API key.
Click “Add API Key”
Open the add key form from the project page.
Fill in the details
Enter the name, key value, platform, and environment.
Save securely
The key is encrypted and stored safely.
Key Management Features
Health Checks
Test keys, catch failures, and ship with confidence.
Testing Your API Keys
Run health checks to confirm keys are valid. This helps you catch expired or misconfigured keys before they break production.
Valid
Key is working
Invalid
Key needs attention
Expiring Soon
Renewal needed
Best Practices
Simple habits that prevent incidents.
Security Best Practices
Store your recovery phrase securely
Use a password manager or secure vault.
Use descriptive key names
Include platform, environment, and purpose.
Run regular health checks
Test keys periodically to ensure they stay valid.
Monitor expiry dates
Set reminders for renewals and rotations.
Organization Tips
Group by client
Separate organizations and workstreams.
Separate environments
Dev/staging/prod should never share the same key.
Clean up regularly
Remove unused or expired keys.
Troubleshooting
Quick fixes for the most common issues.
Health check fails but the key is valid
Confirm the selected platform, auth method, and environment match the provider settings. If the provider requires a specific header name, double-check it.
I cannot decrypt a key I added earlier
Make sure you are using the same encryption password/session that was used to encrypt the key. In a zero-knowledge system, the server cannot fix this for you.
I forgot my recovery phrase
Unfortunately keys cannot be recovered without it. Rotate/re-issue keys at the provider, then store them again.
Frequently Asked Questions
Common questions from teams getting started.
What happens if I lose my recovery phrase?
We cannot recover your API keys without the recovery phrase due to our zero-knowledge architecture. Always store it securely.
Can I export my API keys?
Yes. You can export keys in encrypted format. You will need your encryption password to decrypt them.
How secure is the encryption?
We use AES-256-GCM encryption, which is industry-standard and widely trusted.
What platforms are supported for health checks?
We support major platforms and expand coverage regularly. If you need a provider added, send feedback via the widget.
Is there a limit on the number of API keys?
Free plans have reasonable limits. See the pricing page for details.
Start securing your
API keys today.
Set up your encrypted vault in under a minute. No infrastructure changes. No DevOps required. Just secure, organised API key management.