VaultProof.dev - Store API keys without anyone seeing them. Even us.

API key leaks are the #1 cause of unexpected cloud bills and compromised AI pipelines. Every key in a .env file is a liability. VaultProof is a zero-knowledge API key proxy built for developers. Your keys are cryptographically split on the way in and the server holds a share, never the whole key. Every outbound request is reconstructed ephemerally at the edge and proxied to the real provider. Nothing is ever logged in plaintext.

Hey Product Hunt! 👋 I built VaultProof because I kept seeing vibe coders lose thousands of dollars from leaked API keys. The tools that are supposed to help us build faster (Cursor, Windsurf, Claude Code) are also the ones putting our keys at risk — they read .env files, put keys in generated code, and we push without checking. VaultProof is different from 1Password or HashiCorp Vault because we mathematically can't see your keys. They're split using cryptographic key splitting each half is encrypted with a different key. To breach you, an attacker needs our database + our encryption key + your developer key. Three things in three places. The best part it's a one line change. Just swap your base URL. Your OpenAI SDK, Anthropic SDK, everything works exactly the same. Give away 200 Pro account for a year for feedback or improvements. https://vaultproof.dev/app/login... I'd love to hear from you!

VaultProof.dev - Store API keys without anyone seeing them. Even us.

Replies