How we keep your secrets safe
The short version: we've built keyhold.io so that we can't read your data. Not "we promise not to" — we literally can't. Here's how.
The two-key system
Every secret is locked with two separate keys. Think of it like a safe deposit box at a bank — you need both keys to open it.
Stored on our servers
We keep one half, locked down with AWS KMS (Amazon's key management service). We can only use it when you ask us to.
Lives on your device
The other half stays with you. It's encrypted so only your browser can use it. We never see it.
Neither key works on its own
To decrypt anything, both keys have to come together. Since we only have one, we can't read your data without you.
How it works in practice
Someone submits a secret
Their browser encrypts it before sending anything to us. It generates a random key, splits it in two, and sends us the encrypted secret plus one half of the key. The other half goes to authorised users.
We store encrypted blobs
All we see is gibberish. We keep our half of the key locked in AWS KMS, and the encrypted user keys. Even if someone broke into our database, they'd find nothing useful without your half.
You reveal when you need to
When you want to see a secret, we check you're allowed to. If you are, we send our half of the key. Your browser combines it with your half, decrypts the secret, and shows it to you. The decryption happens entirely on your machine.
Questions?
If you want to dig deeper into the technical details, we're happy to chat. Otherwise, give it a try.
Sign up