The Vault That Doesn't ExistWeb · Cloudflare-hosted

Zero-Backend Secrets for Solo Vibe Coders.

Name: KeyVault Sidekick
Brand: VibeProSoft

An encrypted, browser-only vault for organizing project keys, generating secure values, and pre-filling .env files. Your master key never leaves your device — built specifically for the Cloudflare stack.

Open Your Vault Verify Integrity

KeyVault Sidekick

Problem & Solution

Built for what actually goes wrong

Pain point

Security risks of storing project secrets in plaintext or pasting them into cloud-based chat sessions.

Value pillar

AES-256-GCM encryption with 310k PBKDF2 iterations; all crypto operations happen in-browser via the Web Crypto API.

Pain point

The "breach surface" of traditional password managers that store your encrypted data on their servers.

Value pillar

Zero-backend architecture; the server only serves a static HTML file. Your vault lives exclusively in your browser's local storage.

Deep technical features

What ships in the box

AES-256-GCM Vault

Military-grade encryption for project-organized secrets. Includes a configurable 15-minute auto-lock and encrypted .vault backup/restore capabilities.

AI-Agent Prefill Hook

Native integration with AI coding agents (Claude Code) allows for automated vault pre-filling via secure URL fragments that are never logged server-side.

Multi-Format Export

One-click generation of .env, .envrc (direnv), and VS Code settings.json blocks, eliminating the friction of manual key management during deployment.

Security & Compliance

Built on enterprise-grade infrastructure

There is no server-side breach surface — the entire vault is an AES-256-GCM blob in the user's browser localStorage, derived from a 310,000-iteration PBKDF2 master key. The Cloudflare Pages origin serves a single static HTML file with content-security-policy `connect-src 'none'` so the page literally cannot exfiltrate data.

AES-256-GCM + PBKDF2 310kCSP connect-src 'none'Cloudflare Pages static originOpen-source + SHA-256 verifiable

Network

Cloudflare global edge — innate DDoS protection, zero cold-starts.

Identity

Clerk (SOC 2 Type II, GDPR) for multi-tenant fleets; PBKDF2 for single-tenant apps.

Subprocessors

Cloudflare & Resend (SOC 2 Type II) · Stripe (PCI-DSS Level 1).

Product roadmap

From foundation to fleet scale

Phase 1Shipped
Foundation — Zero-Trust Core
- Vanilla JS encryption engine (AES-256-GCM + PBKDF2).
- LocalStorage persistence with session-zeroing on lock.
- Project-based CRUD and search logic.
Phase 2Shipped
Productivity & AI — Integration
- Seven built-in generators (JWT, UUID, Bcrypt, API Keys).
- Claude Code prefill hook and URL fragment ingestion.
- Multi-format .env and settings.json export engine.
Phase 3In progress
Hardening & Trust — Audit
- Runtime SHA-256 integrity verification against GitHub releases.
- Offline-first PWA support for zero-CDN-trust environments.
- Automated security audit remediation and Vibe-code hardening.

Ready to bring KeyVault Sidekick into your stack?

Talk to our team about deployment, custom SLAs, and integration with your existing identity and observability stack.

Request a consultation Open KeyVault Sidekick