Abokado Labs · Keys

A vault for the keys you actually have.

Keys is a vault for the credentials you collect while shipping software. API keys, SSH keys, OAuth tokens, certificates, connection strings. The ones that end up in .env files, scratch notes, and screenshots because no password manager was really built for them.

Coming to the App Store → How it works

How it works

Four working principles.

Keys isn't a reinvention. It just wants to be the password vault you'd actually trust with the keys to production.

On-device encryption

Your secrets never leave your devices unencrypted. The encryption key derives from your passphrase and never leaves the device either. iCloud only ever sees ciphertext. We run no server, so there is no copy of your data anywhere we could hand over even if asked.

iCloud-native sync

Sync over your iCloud, not ours. Keys uses a private CloudKit container scoped to your Apple ID. New device, same account, same vault. No third party between you and your secrets.

AI that doesn't see secrets

Paste an .env file. Get clean records. The secret values are extracted locally with deterministic regex, no model involved. A small AI classifier (running on your own API key, with your provider of choice) only handles the labels: name, kind, service. It never sees, copies, or generates the secret itself.

Liveness

Know which keys still work. Keys checks stored credentials against their providers and flags the dead ones. The dashboard you'd build yourself if you had a free afternoon.

We don't keep a copy. We can't restore your vault if you lose your passphrase, and there's no version of "ask nicely" that gets us in. That's on purpose.

FAQ

Reasonable questions.

What if I forget my passphrase?

Your passphrase is the only thing that can decrypt your vault. Any "recovery service" we offered would have to break that, so we don't offer one. What we do is generate a one-time recovery code at setup. Print it, put it somewhere you'd find again in a year. That's the safety net.

How is this different from 1Password or iCloud Keychain?

1Password is great for households. Passwords, two-factor codes, family sharing, the works. iCloud Keychain is great for the websites you log into in Safari. Keys is for the rest. The credentials that show up when you actually build things: API keys, SSH keys, OAuth tokens, server creds, the .env files that quietly grow over time. It speaks that vocabulary natively.

How much do you need to trust Abokado Labs?

As little as possible, by design. Keys ships as a standard App Store app, sandboxed, with no analytics or telemetry baked in and no Abokado Labs server in the picture. Your data lives on your devices and in your iCloud, encrypted with a key only you have. The privacy policy walks through every data flow.

What happens if Keys disappears?

You can export an encrypted backup any time. The format is documented, and the secrets stay readable as long as you have the passphrase, whether or not Keys is still in the App Store.

Is there an Android version?

No, and no plans for one. Keys is built on iCloud sync, the Secure Enclave, and the macOS / iOS sandbox. Bringing the same guarantees to Android would mean rebuilding the trust model from scratch on different primitives. That's a different product, and we'd rather build this one well.