The spark
I run Smart Hands, an IT field engineering business. Clients need to share credentials with me — server logins, network access, API keys — and they were sending them over email, Slack DMs, and text messages. I was using a third-party system to communicate with clients, and I didn't fully trust it with the sensitive credentials flowing through it. That nagging feeling — "there has to be a better way" — is where keyhold.io was born.
So I built the thing I wished existed. A zero-knowledge credentials platform where clients could submit passwords, API keys, and config files through an encrypted link. Everything was encrypted in their browser before it ever touched our servers. We split the decryption key between AWS KMS and your device — not even we could read what was stored. AES-256-GCM encryption, full audit trails, role-based access, Slack and Teams notifications, bulk onboarding. The whole lot, for a flat £50/month. No per-seat pricing. I thought it would be an easy sell.
What actually happened
I built keyhold.io for Smart Hands. I marketed it to businesses in the same world — MSPs, IT teams, agencies, anyone handling client credentials. People who should have had exactly the same problem I did. And the response was… technically positive.
"Looks cool, I might try it!"
That phrase, and variations of it, became the soundtrack of those three months. Polite enthusiasm with zero follow-through. Nobody actually tried it. Nobody showed any buyer intent. No trials converted to paid. No support tickets. No feature requests. No complaints. Just… silence.
Well, not complete silence. The inbox was busy, just not with the right things.
A new SEO agency would contact me, offering to advertise keyhold.io. Like clockwork. The only people showing consistent interest in my product were trying to sell me something.
A new "penetration tester" would surface with "major vulnerabilities" in my site. When probed, it was always minor things — "I don't like your password policy" isn't exactly a CVE. But they were happy to offer their remediation services for a fee.
£100 in AWS bills. KMS charges, S3 storage, compute. A minimal setup that could still scale quickly if needed. The "if needed" part turned out to be tragically optimistic.
There was something else, too. When people did engage beyond the polite nods, they had integration requirements that were fundamentally incompatible with zero-knowledge architecture. They wanted APIs that could read secrets programmatically, automated workflows that needed plaintext access, integrations that required us to be in the middle. The very thing that made keyhold.io secure — that nobody, not even us, could read the data — was the thing that made it impractical for their actual workflows.
The nail in the coffin
Here's the part that's genuinely humbling to admit. Remember the original problem? The trust issue I had with the system I used to communicate with clients at Smart Hands?
I solved it. But not with keyhold.io.
I launched the Smart Hands Portal — a replacement for that pre-existing system — and in doing so, I removed the very trust issue that had originally sparked me to build keyhold.io in the first place. The itch that started the whole project was scratched by something else entirely. I ended up not needing my own product.
When the founder doesn't need the product, and nobody else is showing up to use it either, that's not a signal to pivot. That's a signal to stop.
The lesson
In SaaS, there's a deceptive comfort in building. Writing code feels like progress. Shipping features feels like momentum. But building without feedback is just expensive guessing — and polite encouragement from people who never log in isn't feedback.
keyhold.io had no shortage of engineering ambition. Zero-knowledge architecture, split-key encryption, a cryptographic design that would satisfy a paranoid CISO. But ambition isn't demand. I built for a market that, as it turned out, was largely content to keep sending passwords over Slack — and the people who did want something better needed it to work in ways that zero-knowledge fundamentally couldn't accommodate.
The hardest part of building a product isn't the building. It's finding out early whether anyone cares — and having the discipline to stop when they don't.
Three months. £100/month in infrastructure. Zero meaningful user feedback. Zero buyer intent. A founder who solved his own problem with a different product. Those aren't the ingredients for a pivot. Those are the ingredients for a decision.
So I made the call. keyhold.io is shut down. All user data has been securely deleted — which, given the zero-knowledge architecture, was as straightforward as destroying the server-side key material. If I couldn't read your data while running, I certainly can't read it now.
What's next
I'll find something else to build in the evenings. Something where I talk to fifty potential customers before writing the first line of backend code. Something where I test whether anyone will change their workflow before I build the encryption layer. Something where I charge from day one, because a credit card is the only honest signal of intent.
It was a fun ride, keyhold.io. I learned more from your failure than I would have from a modest success. And to anyone else building something right now: go talk to your users today. Not tomorrow. Today. One honest conversation where someone says "no, I wouldn't pay for that" is worth more than a hundred people saying "looks cool, I might try it!"