Cirklu extension

Zero-exposure API key manager. Local AES-256 encryption, autofill, and secure sharing. Keys never leave your device.

Cirklu - Zero-Exposure API Key Manager THE PROBLEM: Every developer has accidentally committed an API key, pasted it into the wrong field, or sent one via Slack. Just one leak can cost thousands in unauthorized usage. THE SOLUTION: Cirklu gives you secure, instant access to your API keys without ever exposing them. Smart detection + local encryption + zero-trust architecture = keys that work everywhere but leak nowhere. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ WHAT MAKES CIRKLU DIFFERENT • Intent-Driven Security - Only saves keys when YOU confirm (no silent scanning) • True Zero-Exposure - Keys never touch clipboard, never sent to servers • Developer Velocity - Cmd/Ctrl+K command palette + auto-detect on 50+ platforms • Encrypted Sharing - Share keys securely with expiration & view limits ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ KEY FEATURES Intelligent Detection & Autofill → Smart field detection on OpenAI, Stripe, AWS, GitHub, Supabase, and 40+ services → One-click paste buttons appear next to detected fields → Command palette (Ctrl+K / ⌘K) for instant fuzzy search → Context-aware suggestions based on the website you're on Military-Grade Security → AES-256-GCM encryption (government & banking standard) → Master password protection with PBKDF2 and auto-lock → Zero-knowledge architecture - we cannot access your keys → Secure injection bypasses clipboard to prevent interception → Automatic buffer zeroing after use Encrypted Sharing (Unique to Cirklu) → Create time-limited, view-limited encrypted share links → Perfect for team onboarding without exposing permanent keys → Self-destructing links expire after N views or hours → Zero server storage - only encrypted fragments stored locally Smart Organization → Auto-grouping by provider (Stripe, OpenAI, etc.) → Environment tagging (test/live/staging) → Duplicate detection → Masked display (••••abc123) → Favorites system ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ PRIVACY & SECURITY GUARANTEES What we NEVER do: ✗ Store your keys on our servers ✗ Send plaintext keys over the network ✗ Scan pages without your explicit action ✗ Collect sensitive telemetry ✗ Require account creation What we DO: ✓ Encrypt everything locally with AES-256-GCM ✓ Store only in browser's secure storage ✓ Use Web Crypto API for all encryption ✓ Auto-lock after inactivity ✓ Validate extension context to prevent attacks ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ PERFECT FOR → Solo Developers - Stop switching between password managers → Startup Teams - Securely share temporary access → Security-Conscious Orgs - Zero-trust architecture → API Power Users - Manage 50+ keys across environments ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ GETTING STARTED (30 seconds) 1. Install Cirklu 2. Paste an API key anywhere → Cirklu detects it → Click "Save" 3. Press Ctrl+K (or ⌘K) → Search → Enter No account. No configuration. Just works. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ SUPPORTED SERVICES Payments: Stripe Cloud: AWS, Google Cloud Platform Development: GitHub (50+ providers) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ PERMISSIONS EXPLAINED • storage - Save encrypted keys locally • tabs - Detect website context for relevant suggestions • alarms - Auto-lock after inactivity (security) • identity - Optional encrypted cloud backup (Google Drive or Dropbox) → Zero-knowledge: all data encrypted before upload → Your master key never leaves your device • all_urls - Enable Ctrl+K and paste detection on any website → We do NOT track browsing or read page content No network permissions. We cannot transmit your keys. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ SUPPORT General: connect@cirklu.com Security Reports: connect@cirklu.com Your keys. Your control. Zero compromise.