Our Mission

We make stolen API keys irrelevant.

KeyVault Edge was born out of a real breach. We built the tool we wish existed — one that makes the leak of a secret a non-event, not a crisis.

The problem no one was solving

API keys are the most stolen credential type in the world. 29+ million secrets leaked on GitHub in 2025 alone — AI-assisted commits made it worse.

Every existing solution — secret managers, API gateways, CDN shields — either stores secrets without proxying, manages keys you issue (not consume), or requires a centralised backend that becomes its own single point of failure.

We mapped the entire landscape and found a gap no one had filled: an edge-native system that encrypts a third-party API key into a host-bound token, decrypts it at the edge, injects the real key, and forwards the request — all transparently, in under 40ms.

Secrets leaked annually (GitHub)29M+

Avg. exploit time after leak8 min

Share of breaches from credential theft80%

Global cost of API key abuse$4.8B

How we got here

2024

The Problem Crystallised

GitGuardian reported 12.8M secrets leaked on GitHub. Our founding team, working on a high-traffic AI app, found their own OpenAI key in a public commit. The exploit happened within 11 minutes.

2025 Q1

Architecture Designed

We mapped every existing solution — AWS API Gateway, Kong, Zuplo, HashiCorp Vault, Azure Key Vault. None solved the problem. We designed the first host-binding encryption schema for API keys.

2025 Q3

Edge Worker Prototype

First Cloudflare Worker that could decrypt a host-bound token, inject the real key, and forward to OpenAI in under 40ms. The latency was 28ms on average. We knew this was viable.

2026

KeyVault Edge Launched

Public launch with support for all major API providers, a full dashboard, breach detection, and a free tier. The world's first edge API key sanitization platform.

What we believe

Security by Default

Security is not a feature you toggle on. Every decision we make defaults to the most secure option. We assume breach.

Developer-First

Security tooling should feel effortless. We obsess over DX so that protecting your secrets takes minutes, not days.

Edge-Native

Centralized systems are single points of failure. We built on Cloudflare's global edge from day one — no exceptions.

Zero Vendor Lock-in

Works with OpenAI, Stripe, GitHub, AWS, Twilio — any HTTP API. We proxy transparently. You keep your provider relationships.

Built by security engineers

We are a team of engineers who have built and broken production systems at scale. We understand what it means to have a secret exposed — and we built the tool we needed.