A lightweight, secure API key vault built for solo developers and small teams who juggle multiple accounts and want to manage their API keys effortlessly.
- 🔐 Zero-Knowledge Encryption: All encryption/decryption happens client-side
- 🔑 Master Password Protection: Additional security layer for viewing keys
- 🔗 One-Time Sharing: Secure, encrypted links that expire after use
- ⚡ Quick Setup: Google/GitHub OAuth authentication
- 💰 Developer-Friendly Pricing: Free tier with 10 API keys
- Framework: Next.js 15 (App Router)
- UI: Shadcn UI + Radix UI + Tailwind CSS
- Authentication: Firebase Auth
- Database: Firestore
- Payments: Stripe
- Security: Web Crypto API (AES-GCM + PBKDF2)
- Node.js 18+
- npm or yarn
- Firebase project
- Stripe account (for payments)
- Clone the repository:
git clone <repository-url>
cd zkkeynest- Install dependencies:
npm install- Set up environment variables:
cp .env.example .env.local- Configure your environment variables in
.env.local:
# Firebase Configuration
NEXT_PUBLIC_FIREBASE_API_KEY=your_firebase_api_key
NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN=your_project.firebaseapp.com
NEXT_PUBLIC_FIREBASE_PROJECT_ID=your_project_id
NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET=your_project.appspot.com
NEXT_PUBLIC_FIREBASE_MESSAGING_SENDER_ID=your_sender_id
NEXT_PUBLIC_FIREBASE_APP_ID=your_app_id
# Firebase Admin (Server-side)
FIREBASE_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\nYour Private Key Here\n-----END PRIVATE KEY-----\n"
FIREBASE_CLIENT_EMAIL=firebase-adminsdk-xxxxx@your_project.iam.gserviceaccount.com
# Stripe Configuration
STRIPE_SECRET_KEY=sk_test_your_stripe_secret_key
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_test_your_stripe_publishable_key
STRIPE_WEBHOOK_SECRET=whsec_your_webhook_secret
# App Configuration
NEXT_PUBLIC_APP_URL=http://localhost:3000
NEXT_PUBLIC_APP_NAME=zKkeynest- Run the development server:
npm run dev- Open http://localhost:3000 to see the application.
src/
├── app/ # Next.js App Router pages
├── components/ # React components
│ ├── ui/ # Shadcn UI components
│ └── ... # Custom components
├── contexts/ # React contexts
│ ├── AuthContext.tsx # Authentication state
│ └── VaultContext.tsx # Vault encryption state
├── lib/ # Utility functions
│ ├── firebase.ts # Firebase configuration
│ ├── encryption.ts # Encryption utilities
│ └── utils.ts # General utilities
└── types/ # TypeScript type definitions
└── index.ts # Application types
- Client-Side Encryption: All API keys are encrypted in the browser before reaching our servers
- Master Password: Never stored, only verification hash is saved
- Key Derivation: PBKDF2 with 100,000 iterations
- Encryption: AES-GCM with random IV for each key
- User logs in with Google/GitHub
- Creates master password (derived key + verification hash)
- API keys encrypted client-side before storage
- Decryption only possible with master password
- One-time shares use separate encryption keys
npm run dev- Start development servernpm run build- Build for productionnpm run start- Start production servernpm run lint- Run ESLintnpm run type-check- Run TypeScript type checking
To add new Shadcn UI components:
npx shadcn@latest add <component-name>- TypeScript for type safety
- ESLint for code quality
- Prettier for code formatting
- Tailwind CSS for styling
- Push your code to GitHub
- Connect your repository to Vercel
- Add environment variables in Vercel dashboard
- Deploy automatically on push
- Build the application:
npm run build- Start the production server:
npm start- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
This project is licensed under the MIT License.
For support, email [email protected] or join our Discord community.