The Vault · Free, no account

Your keys.
Never on disk.

A single leaked key is the #1 way builders get hacked, and it has ended real projects overnight. The Vault is the simple fix: paste a secret once, and it's read only at the moment it's used. No secret sitting in a file. No copy in your repo. Nothing to leak.

Free, real, runnable. No charge, no account.

How it works

One idea, and the danger is gone: paste once, read at use.

01 Paste it once

Give the Vault a secret a single time (an API key, a token, a password). It's stored encrypted, not dropped into a file or committed to your repo.

02 Reference it by name

Your code and config only ever mention the name, say ANTHROPIC_API_KEY. The name is safe to share. The value never appears.

03 Read only at use

The real value is fetched in memory at the exact moment it's needed, then it's gone. It's never written to disk in plain text, never logged, never echoed.

What makes it safe

The rules are the product. They're simple on purpose, so you can't get it wrong.

Names public, values private

The list of secret names can live in the open. The values never can. That one split kills the most common, most painful mistake: a key sitting in a file the whole world can read.

The master key is never on disk

What unlocks the Vault isn't sitting in a file waiting to be stolen. There's no plaintext copy of your secrets anywhere to leak.

Your vault is yours

Per-user, by design. Your keys never mix with anyone else's, and nobody else's vault can ever reach yours.

Built from real scars

It exists because the founder got hacked through a leaked key. Now it quietly guards every app in the APxAI family, and it's free for you to use the same way.

How your key meets the model (and never leaks)

Most beginners get "hacked" the same way I almost did. A key ends up somewhere public, a repo or a deploy log, and a bot finds it within minutes. APxAI is built so that can't happen by accident. Here is exactly how it works, in plain terms.

YOUR MACHINE Your key, in a vault Encrypted (AES-256-GCM) Names public, values private CLAUDEJR (FREE) The interceptor Reads your key only at call-time Routes to the cheapest model. Never logs it. THE MODEL Claude / GPT Your choice, your account THE GUARD Nothing secret-shaped leaves. Nothing ships with a key. Your key never leaves your machine.

1. You paste your key once

It goes into a vault on your own machine, encrypted with AES-256-GCM. The code that uses it never handles the raw key. It asks the vault, and the vault hands back only what's needed, only when it's needed.

2. The key is read at the moment of use, then it's gone

When one of your agents calls a model (Claude, GPT, whichever you pick), your key is pulled for that single call and is never written into a log, a saved request, or anything that leaves your computer.

3. Names are public, values are private

The vault knows you have a key called, say, OPENAI_API_KEY. It will tell you the name. It will never print the value.

4. Nothing ships with a secret inside it

Before any code is committed or deployed, a guard scans it for anything secret-shaped and stops cold if it finds one. This isn't theory: while building this very site, that guard caught and blocked a commit of mine.

5. It's your machine, your key

The tools run locally, on your computer, with your own key. My keys are never in your download, and your key never travels to me. You and I are sealed off from each other by design.

So how does the model actually get used? Your agent reads your key from your vault at call time, talks to the model provider directly, and gets the answer back. ClaudeJr sits in front of that to cut the cost (most of my bill, around 66% measured) and to keep anything secret-shaped from sneaking into something that gets stored or sent.

No system is unhackable, and I won't pretend otherwise. What this removes is the easy way to get burned. There's no key sitting in plaintext on disk to steal, and there's a guard between your secrets and anything public. That's the difference between "I lost a key once" and "I sleep fine now."

The good news: because it's real and it's yours, you can actually use it. Bring your own agents, point them at your own keys in your own vault, and integrate. You get the same protection I built for myself.

Protect your keys like the password to your whole life, because to a hacker, they are. The Vault makes that protection a single rule you follow once, then never think about again.

Part of the free APxAI toolset, alongside ClaudeJr, CloudJr, Deploy Doctor and the VS Code extension. No charge, no account, no card. The optional Founding Supporter membership backs the mission; it gates nothing here.