About Keyvault

What is Keyvault exactly?

Keyvault is a method for secure sharing of your sensitive data such as website logins, bank details or credit card numbers. And Keyvault is not just limited to these examples - it can be used to share any data that you deem sensitive.

Currently, users often send this sensitive information via e-mails or instant messages. This leaves the information vulnerable to be intercepted by various network sniffer techniques or bots. Specifically, they are programmed to look for and extract such details in order to create server compromises, identity thefts, credit card fraud, etc.

In addition, with the increased popularity of server side e-mail storage such as corporate MS Exchange environments, web based e-mail (Gmail, Yahoo Mail, etc) this sensitive data often sits unsecured in users inboxes free for the taking to anyone who may gain access to these email clients.

How secure is your vault?

Keyvault uses the same secure transport that your bank, PayPal or most e-commerce sites use (EV cert coming soon). These common SSL transactions occur safely every day across the Internet. Once the information is on our server we encrypt it and store it in our database. In addition, you can optionally choose a code that only you and your group with whom you are sharing information know. This will further encrypt your information adding an extra layer of security.

That said our protections are all standard encryption protocols that are in compliance with U.S. laws. If you want to share information that you need to hide from the government or other well funded organizations that maybe targeting you - this is not the service for you! If, on the other hand, you want to take reasonable measures to protect your sensitive information from prying eyes - we’re the service to use!

You said "vault"- can I create an account?

Aha, you caught us. Not yet, but that is planned for the next generation of Keyvault. We want you to be able to create accounts and setup a "pyramid" style sharing system for your sensitive information. For example, if you enter in a piece of data, and share it with two people you will be able to allow or disallow those people to share the information with other people. If you disallow it, your pyramid stops there. And at anytime you can end someone’s access to this piece of information, for example say you change your password but no longer want one of your contacts to have access to the login that’s easy -- you can just remove their access.

On the other hand, if you allow your people to further share the information, you can watch the pyramid grow and see exactly who has access to that data at any specific time. And once again, at anytime you can cut off a single person or someone higher up in your security pyramid, thus ending access to the information for all those below that individual.

So, the goal here is to create, in essence, a social network for sharing sensitive data while keeping you in control of that information. As we grow in sophistication you will have more complex control over setting up group permissions and organizing your sensitive information.

Are you going to start charging me?

The existing service that allows you to send and retrieve simple information in a secure fashion will always be free. Always! We want people to stop sending this data via e-mail or through other insecure methods. Therefore, we will always keep the basic method simple, open, usable and free.

There will also be a free version of our next iteration to store your information and share it in a controlled way with others. However, we will introduce paid accounts for those that wish to store more than a certain number of pieces of information and/or people to share it with. The exact details of this are still being worked out, but keep an eye out for our beta program where you will have the opportunity to get access at an extremely agreeable price

Is there anything else on your road map?

We have thought of a lot of ways to extend this core concept - some of which seem promising and others we have to push aside to keep ourselves focused. The primary philosophy of our development methodology is to keep it simple and iterate forward one useful feature at a time. That said another exciting feature we are working towards is the creation of an API allowing other sites to use Keyvault for their ‘forgot my password’ functionality. In this way you can retrieve your password securely with very little effort from the website developers. Plus, if you have an account, you would then be able to store the login information so you didn’t forget it again.

Who are you? How do I contact you?

Keyvault was the invention of Tipit, LLC. Tipit is a web production firm that creates a variety of websites and web applications for a number of clients.

In our daily operations we have found people sending us very sensitive root level login information via e-mail (unprompted) and even at times, complete credit card details (again unprompted)! Occasionally people would take the time and call us with this info, or fax it in. But, most often people would do something "tricky"; like send one piece in one e-mail and the second piece in a second e-mail. Ultimately, these risks simply were not acceptable to us.

In addition, we faced the same internal challenges of making sure developers / designers / project managers / etc. had appropriate access to the logins they need to get their work done, but didn’t have open access to everything. And that in the event that someone left our company we want a way to easily maintain the information for the people that needed it, yet retract it for those no longer on the project. So we created Keyvault.

Jeff Maxwell, President, Tipit LLC My name is J.P. Maxwell and I’m the president of Tipit. I’ve always had a passion for creating new and innovative web applications. In my mind the Internet is still a wide open landscape for building lots of great pieces of software that can improve people’s lives or at least make them a little bit less hectic, better organized or more fun. I hope that over the years in addition to doing our client work Tipit will also have a long line of such useful web applications.

If you need to contact me about Keyvault please use our contact form or feel free to drop an e-mail to jp@keyvault.net. I’m always interested in hearing your ideas, thoughts, feedback, etc.

Security issues

If you find any security issues, please contact us before disclosing it.

Security reports

Thanks to Jerold Camacho for reporting an XSS issue in our copy-to-clipboard feature. The issue was immediately fixed after the report was received.