Show HN: I made a zero-knowledge tool to request clients' secrets
keyhold.ioI found that many people like myself who run tech companies, agencies, or other types of businesses will often need to ask their clients for various secrets (env files, passwords, access codes, fried chicken recipes...), and there was no tool out there that felt like it was made for that job.
I explored password managers, "one-time link"-type sites, self-hosted, SaaS... none of them had the simplicity I was looking for, for myself and for my clients.
So, I spent my Christmas annual leave building this. keyhold.io is a zero-knowledge custody of secrets platform with a fixed monthly rate, designed not to compete with password managers, but to have alongside a traditional password manager exclusively for client-owned secrets.
Clients can submit secrets into your team's Hold, fully end-to-end encrypted, and they can auto-expire or be deleted on-demand by your client.
This is my first proper go at being a business man/founder/techbro, so I'd love any and all feedback (even if it rips me to shreds). I'm sure I've got a lot of lessons to learn! This is a smart approach to a real problem. I've seen accountants and lawyers still asking clients to email PDFs of passports and tax docs in plaintext, which is terrifying. One thing I'd be curious about: how do you handle the key management UX for non-technical clients? The zero-knowledge property is great, but I've found that "you're the only one with the key, so don't lose it" tends to create support headaches when people inevitably lose access. Have you considered any middle-ground approaches like social recovery or time-delayed access fallbacks that maintain privacy? Hey, very late to replying but hopefully better late than never! The approach taken is pretty similar to 1Password. Other "Privileged Users" can help you recover, and you're actively encouraged to add another Privileged User to prevent any issues should there be a loss of password or secret key. Privileged Users can help recover other members with the current set-up. Time-delayed access fallback I've considered however I think it would require that the system sacrifices the zero-knowledge element whereby it has the keys to recover your account (not good).