Show HN: I made a zero-knowledge tool to request clients' secrets

1•logicalsam•3w ago

I found that many people like myself who run tech companies, agencies, or other types of businesses will often need to ask their clients for various secrets (env files, passwords, access codes, fried chicken recipes...), and there was no tool out there that felt like it was made for that job.

I explored password managers, "one-time link"-type sites, self-hosted, SaaS... none of them had the simplicity I was looking for, for myself and for my clients.

So, I spent my Christmas annual leave building this. keyhold.io is a zero-knowledge custody of secrets platform with a fixed monthly rate, designed not to compete with password managers, but to have alongside a traditional password manager exclusively for client-owned secrets.

Clients can submit secrets into your team's Hold, fully end-to-end encrypted, and they can auto-expire or be deleted on-demand by your client.

This is my first proper go at being a business man/founder/techbro, so I'd love any and all feedback (even if it rips me to shreds). I'm sure I've got a lot of lessons to learn!

Comments

Privavault•3w ago

This is a smart approach to a real problem. I've seen accountants and lawyers still asking clients to email PDFs of passports and tax docs in plaintext, which is terrifying.

One thing I'd be curious about: how do you handle the key management UX for non-technical clients? The zero-knowledge property is great, but I've found that "you're the only one with the key, so don't lose it" tends to create support headaches when people inevitably lose access. Have you considered any middle-ground approaches like social recovery or time-delayed access fallbacks that maintain privacy?

logicalsam•2w ago

Hey, very late to replying but hopefully better late than never!

The approach taken is pretty similar to 1Password. Other "Privileged Users" can help you recover, and you're actively encouraged to add another Privileged User to prevent any issues should there be a loss of password or secret key.

Privileged Users can help recover other members with the current set-up. Time-delayed access fallback I've considered however I think it would require that the system sacrifices the zero-knowledge element whereby it has the keys to recover your account (not good).

Show HN: Source code graphRAG for Java/Kotlin development based on jQAssistant

Python Only Has One Real Competitor

Tmux to Zellij (and Back)

Ask HN: How are you using specialized agents to accelerate your work?

Passing user_id through 6 services? OTel Baggage fixes this

DavMail Pop/IMAP/SMTP/Caldav/Carddav/LDAP Exchange Gateway

Visual data modelling in the browser (open source)

Show HN: Tharos – CLI to find and autofix security bugs using local LLMs

Oddly Simple GUI Programs

The New Playbook for Leaders [pdf]

Interactive Unboxing of J Dilla's Donuts

OneCourt helps blind and low-vision fans to track Super Bowl live

Rudolf Vrba

Autism Incidence in Girls and Boys May Be Nearly Equal, Study Suggests

Wellness Hotels Discovery Application

NASA delays moon rocket launch by a month after fuel leaks during test

Sebastian Galiani on the Marginal Revolution

Ask HN: Are we at the point where software can improve itself?

Binance Gives Trump Family's Crypto Firm a Leg Up

Reverse engineering Chinese 'shit-program' for absolute glory: R/ClaudeCode

Indian Culture

Show HN: Maravel-Framework 10.61 prevents circular dependency

The age of a treacherous, falling dollar

Ask HN: AI Generated Diagrams

Microsoft Account bugs locked me out of Notepad – are Thin Clients ruining PCs?

Show HN: A delightful Mac app to vibe code beautiful iOS apps

Show HN: Gemini Station – A local Chrome extension to organize AI chats

Welfare states build financial markets through social policy design

Market orientation and national homicide rates

California urges people avoid wild mushrooms after 4 deaths, 3 liver transplants