Show HN: I made a zero-knowledge tool to request clients' secrets

1•logicalsam•3w ago

I found that many people like myself who run tech companies, agencies, or other types of businesses will often need to ask their clients for various secrets (env files, passwords, access codes, fried chicken recipes...), and there was no tool out there that felt like it was made for that job.

I explored password managers, "one-time link"-type sites, self-hosted, SaaS... none of them had the simplicity I was looking for, for myself and for my clients.

So, I spent my Christmas annual leave building this. keyhold.io is a zero-knowledge custody of secrets platform with a fixed monthly rate, designed not to compete with password managers, but to have alongside a traditional password manager exclusively for client-owned secrets.

Clients can submit secrets into your team's Hold, fully end-to-end encrypted, and they can auto-expire or be deleted on-demand by your client.

This is my first proper go at being a business man/founder/techbro, so I'd love any and all feedback (even if it rips me to shreds). I'm sure I've got a lot of lessons to learn!

Comments

Privavault•3w ago

This is a smart approach to a real problem. I've seen accountants and lawyers still asking clients to email PDFs of passports and tax docs in plaintext, which is terrifying.

One thing I'd be curious about: how do you handle the key management UX for non-technical clients? The zero-knowledge property is great, but I've found that "you're the only one with the key, so don't lose it" tends to create support headaches when people inevitably lose access. Have you considered any middle-ground approaches like social recovery or time-delayed access fallbacks that maintain privacy?

logicalsam•1w ago

Hey, very late to replying but hopefully better late than never!

The approach taken is pretty similar to 1Password. Other "Privileged Users" can help you recover, and you're actively encouraged to add another Privileged User to prevent any issues should there be a loss of password or secret key.

Privileged Users can help recover other members with the current set-up. Time-delayed access fallback I've considered however I think it would require that the system sacrifices the zero-knowledge element whereby it has the keys to recover your account (not good).

AI Agent Automates Google Stock Analysis from Financial Reports

Voxtral Realtime 4B Pure C Implementation

I Was Trapped in Chinese Mafia Crypto Slavery [video]

U.S. CBP Reported Employee Arrests (FY2020 – FYTD)

Show HN: I built a free UCP checker – see if AI agents can find your store

Show HN: SVGV – A Real-Time Vector Video Format for Budget Hardware

Study of 150 developers shows AI generated code no harder to maintain long term

Spotify now requires premium accounts for developer mode API access

When Albert Einstein Moved to Princeton

Agents.md as a Dark Signal

System time, clocks, and their syncing in macOS

McCLIM and 7GUIs – Part 1: The Counter

So whats the next word, then? Almost-no-math intro to transformer models

Ed Zitron: The Hater's Guide to Microsoft

UK infants ill after drinking contaminated baby formula of Nestle and Danone

Show HN: Android-based audio player for seniors – Homer Audio Player

Starter Template for Ory Kratos

LLMs are powerful, but enterprises are deterministic by nature

Make your iPad 3 a touchscreen for your computer

Internationalization and Localization in the Age of Agents

Building a Custom Clawdbot Workflow to Automate Website Creation

Why the "Taiwan Dome" won't survive a Chinese attack

Xkcd: Game AIs

Windows 11 is finally killing off legacy printer drivers in 2026

From Offloading to Engagement (Study on Generative AI)

AI for People

Rome is studded with cannon balls (2022)

8-piece tablebase development on Lichess (op1 partial)

US to bankroll far-right think tanks in Europe against digital laws

Ask HN: Have AI companies replaced their own SaaS usage with agents?