Key Vault Autor: pyb0

Cross-browser extension (Chrome + Firefox) that detects, securely stores, and manages API keys copied to your clipboard.
How It Works

Copy an API key from any website — Ctrl+C or click a "Copy" button
Badge appears on the extension icon showing pending keys
Click the icon, enter your master password, and save the key with a label
Keys are encrypted locally with AES-256-GCM — nothing leaves your device


Features
Clipboard Detection

Detects keys from both select+Ctrl+C (selection capture) and "Copy" buttons (API interception)
Recognizes 14 providers and formats out of the box
Records the source domain of the page where the key was copied
Records the date and time the key was first detected
Real-time badge counter on the toolbar icon


Security

Master password with PBKDF2 key derivation (100,000 iterations, SHA-256)
AES-256-GCM encryption: each key encrypted with its own random IV
Vault stored in browser.storage.local — never transmitted
Password obfuscated in session storage with configurable expiry
Zero data collection — entirely offline


Key Management

Search and filter stored keys by label or service
Click-to-reveal with masked preview (sk-ant-****3AAA)
Expanded detail shows decrypted value, source domain, and capture timestamp
Inline label editing and key deletion
Manual key entry with service selector dropdown
Prompt for custom label before saving detected keys
Copy confirmation toast on every copy action


Export

Copy individual keys as raw value, shell env var (KEY_NAME=value), or HTTP header (Authorization: Bearer ...)
Batch export all keys as JSON (includes label, service, value, source domain, timestamps) or shell env vars or HTTP headers


Auto-Lock

Configurable timeout (default 10 minutes, see AUTO_LOCK_MINUTES in app.ts)
Manual lock button for immediate lock
Vault auto-decrypts on re-open within the timeout window
Reset vault option (wipes all stored keys)


Cross-Browser

Chrome and Firefox with identical functionality
Firefox: drag-and-drop .xpi into Firefox Developer Edition
Chrome: load unpacked from dist/


Supported Key Formats
Provider Format
Anthropic sk-ant-api03-...
OpenAI sk-proj-... / sk-...
OpenRouter sk-or-v1-...
GitHub ghp_... / gho_...
HuggingFace hf_...
Groq gsk_...
Gemini AIza...
Together tgp_...
Perplexity pplx-...
Cohere 40-char alphanumeric
Tailscale tskey-<type>-<segment>-<segment>
UUID xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Gmail App Pwd xxxx xxxx xxxx xxxx (16 lowercase letters)