10× smoother — Chrome extension + dashboard
Detect API-style fields, one-tap 🔑 capture, encrypt before the backend sees data; dashboard rotations propagate everywhere; fewer .env / copy-paste loops.
privacy hack 2026 · live on solana devnet
Match your API calls to
your digital creation — without hesitation.
Match your stack to your flow, or wire the path that best fits how you ship. Keys stay in your vault, calls run through a fast lane, comfy trust all day long.
Why each 10× is grounded in the stack
Three product pillars — extension capture, Path A vault, HeliusClient — map directly to the claims above.
10× vault security — Self-custody, zero-knowledge
Path A in the browser: WebAuthn PRF / wallet → HKDF → AES-256-GCM; plaintext never leaves the device; sync/API only see ciphertext.
10× call speed — HeliusClient in the Rust proxy
Two-tier cache + single-flight dedup; duplicate RPCs share one upstream hop (example: getBalance).
We've all been there
You write great code.
Then this happens.
Copy-paste everywhere.
Every new project, every CI pipeline, every teammate — you're copying sk-proj-... into yet another .env file. By the third project, your key lives in a dozen places you can't track.
One leak. Big bill.
It shows up in logs, in crash dumps, in git history. Someone scrapes it. You wake up to a $4,500 bill from OpenAI. Rotating the key means touching every project again.
Agents make it worse.
Now your AI agent needs keys too. But it can't click "approve." It can't swipe a credit card. And once you hand it a key, there's no spending cap, no scope limit, no kill switch.
“
I just want to build software.
Why is managing API keys still this painful?
— every developer, eventually
10× smoother
iCloud Keychain for your API keys.
You already collect passwords and accounts in iCloud Keychain. What if you could do the same with API keys? Store them once, securely. Whenever you're building software, just plug in our vault. The API calls will be accelerated. That's it.
1
Collect your keys in one vault.
OpenAI, Anthropic, Helius, any provider. Paste them in the dashboard, or use the Chrome extension — it spots API-key fields on the pages you already use and offers one-tap capture. Everything is encrypted on your device before upload; we only store ciphertext.
2
Plug in our vault. Write your code.
Same OpenAI SDK. Same code you already write. Three lines and your app is connected. No .env files. No copy-pasting. Rotate a key from the dashboard — every project picks it up instantly.
3
Calls get accelerated. That's it.
Traffic goes through our Rust proxy's HeliusClient: in-memory cache, disk-backed fallback, and single-flight dedup — duplicate RPCs share one upstream hop. Typical Solana reads land in the 50–80ms band without you changing client code.
Same vault. Two interfaces.
For You
Dashboard · Chrome Extension
- ✓ Add keys in the dashboard or capture from any site via the extension (one-tap 🔑 on detected fields)
- ✓ One-click rotate — every project picks it up
- ✓ See usage, costs, and audit logs
- ✓ Share keys with teammates (scoped, revocable)
# Or use the CLI if you prefer terminal
source keyshield-cli.sh
ks_store openai "sk-proj-..."
ks_store helius "your-key"
For Your Agent
Python SDK · CLI · REST API
- ✓ Session token — agent never sees the raw key
- ✓ Spending cap per agent (SOL micropayments)
- ✓ Scope limits & kill switch from your dashboard
- ✓ Works with Cursor, OpenClaw, Hermes, any bot
from keyshield import KeyShield
ks = KeyShield(token=os.environ["KS_TOKEN"])
client = ks.openai_client() # zero raw keys
Human stores the key. Agent gets a scoped token. No .env anywhere.
Why we're different
Not another secrets manager.
Built for the age of agents.
We can't read your keys. By design.
Your wallet signature derives an AES-256-GCM key. Encryption happens in your browser. Our server only stores ciphertext. Even if we get breached, your keys are safe. Same model as iCloud Keychain — built for API keys.
Give your agent a wallet, not a key.
Mint an on-chain wallet for your agent. Top it up with USDC. Set a spending cap the blockchain enforces. Your agent pays for API calls directly — no credit card, no human in the loop, and it physically can't overspend.
10,000 calls. One transaction.
Paying per API call is too expensive for real agents. Our Metered Payment Protocol batches thousands of calls and settles once every 60 seconds on Solana. One fee. Streaming that actually scales.
Rust proxy. Helius accelerator.
The hot path is compiled Rust with two-tier caching. Solana RPC calls go through our HeliusClient: memory cache + disk fallback + single-flight dedup. 50 identical calls hit the network once. Your reads: 50–80ms.
Side by side
iCloud Keychain security.
Agent superpowers on top.
| Property | iCloud Keychain | KeyShield |
|---|---|---|
| Server sees plaintext | Never | Never |
| Encryption | AES-256-GCM | AES-256-GCM |
| Key derivation | Secure Enclave | Wallet sig → HKDF-SHA256 |
| Cross-device sync | iCloud E2E | Same wallet = same key |
| Auto-fill | Safari only | Chrome extension, any site |
| Agent delegation | Not possible | Scoped access + instant revoke |
| Spending cap | N/A | On-chain enforced per agent |
| Payment rail | N/A | USDC on Solana, batch-settled |
Not a pitch. A proof.
Live on Solana devnet.
Click any transaction.
Program 41P2wHKAr69aSgLgt1QdKH6VVgK6uFYKM7hpKAyBxr9j
✅
Open MPP payment stream
678bqTSq…XTQc ↗
✅
Stream PDA created on-chain
E5sMx86o…DgfR ↗
✅
USDC token account funded
6QtooE6Q…FtBH ↗
✅
Settle round-trip verified — no OwnerMismatch
clean ✓
Shipped
Everything that's live today.
✓Zero-Knowledge Vault — WebAuthn PRF → HKDF → AES-256-GCM
✓Wallet Auth — Phantom, Solflare, Backpack + passkeys
✓Ephemeral Signer — on-chain agent wallet with spending cap
✓x402 Auto-Pay — HTTP 402 + USDC, verified on Solana
✓MPP Streaming — open / record / settle / close, devnet-verified
✓HeliusClient — two-tier cache + single-flight dedup + multi-tenant
✓Chrome Extension — auto-fill, cross-device sync, encrypted backup
✓Agent Delegation — scoped access, CRL revocation, key sharing
✓Python SDK — keyshield_sdk — 3 lines to connect any agent
✓CLI — keyshield-cli.sh — store, login, rotate from terminal
✓Rust Proxy — 6 crates, 78 oracle tests, 50–80ms median
✓Production hosts — Vercel + Railway + Cloudflare Workers
Store your API keys once. Plug in anywhere — extension, CLI, SDK, or dashboard. Smoother collection, keys that never live on our disks in plaintext, and accelerated upstream calls through the Helius stack. Your agents stay on a scoped leash.