Credential infrastructure for client work

Take on client credentials.
Not client risk.

Your client's Stripe key, Supabase service_role, AWS credentials — usable by Claude, Cursor, and Codex while you build. Never visible to them. Fully accounted for when you hand off.

Start free See a sample Custody Record

Free for your first two client projects. No credit card. No waitlist.

Browser-encrypted vault. AI never sees plaintext secrets.

Pre-handoff diagnostic

Run it on a client's .env.
Get a Go-Live Check in 30 seconds.

The same engine that drives the Custody Record. Runs entirely in your browser — nothing uploaded, no signup, no PII captured.

Try it risk-free. Paste a redacted .env (replace the secret bits with REDACTED), use our sample below, or paste your real .env — your choice. Nothing leaves your browser either way.
Your values stay in your browser. The analysis runs entirely client-side — we couldn't see your keys even if we wanted to.

Go-Live Check results

9 credentials · 5 services
89
/ 100
Go-Live Readiness
Almost ready

A couple of things to look at first.

How this was scored
  • 1 medium issue8
  • 1 low issue3
What this score does — and doesn't — cover
click to expand
What we checked
  • Credential identification (12+ services)
  • Intrinsic risk of each detected key type
  • Configuration misuse rules (NEXT_PUBLIC_ leaks, live keys in dev, classic GitHub PATs, mode-mismatched Stripe keys, stale rotation)
  • Cross-credential correlation (siblings in the same project)
What we did NOT check
  • Webhook endpoint reachability (Stripe, Resend)
  • DNS records (SPF / DKIM / DMARC for sending domains)
  • Env-var sync between your local .env and Vercel/Railway production
  • OAuth callback URLs registered with each provider
  • Spend caps on AI provider keys (OpenAI, Anthropic, Replicate)
  • Row Level Security policies on your Supabase tables
  • Whether detected keys are actually active at the provider

New checks migrate from this column to the left as we ship them. Subscribe to the changelog to follow along.

9
credentials found
5
services
3
high-power keys
1 critical2 high3 medium3 public
2 configuration issues worth a look — see the rows marked “Misconfig” below.
KeyServiceRiskWhy
NEXT_PUBLIC_SUPABASE_URL
S
Supabase
Public
Not a secret — safe to ship in your frontend.
NEXT_PUBLIC_SUPABASE_ANON_KEY
S
Supabase
Public
Public by design — safe in your frontend if Row Level Security is enforced.
SUPABASE_SERVICE_ROLE_KEY
S
Supabase
Critical
Bypasses Row Level Security — full read/write access to every row in your database.
STRIPE_SECRET_KEY
S
Stripe
High
Live payment access — can charge, refund, and transfer real money on your account.
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY
S
Stripe
Public
Public by design — meant to ship in your frontend code.
STRIPE_WEBHOOK_SECRET
S
Stripe
Medium
Verifies webhook authenticity. If leaked, attackers can forge fake Stripe events to your server.
GITHUB_TOKEN
G
GitHub
High Misconfig
All-or-nothing repo access — could expose your code and deployments.
Misconfigured: Classic GitHub PAT (ghp_) — scopes apply to ALL your repositories. Consider migrating to a fine-grained PAT.
OPENAI_API_KEY
O
OpenAI
Medium Misconfig
Cost exposure — leaked keys get drained fast by automated scanners.
Misconfigured: Account-wide OpenAI key (sk-…). Modern best practice is a project-scoped key (sk-proj-…) so spend is bounded per project. Also: set a hard spend cap if you haven't.
RESEND_API_KEY
R
Resend
Medium
Can send email from your verified domains — phishing/spam abuse risk if leaked.
Like what you see? Join the launch waitlist.

SherpaKeys is in pre-launch — we're finalizing our LLC and Terms of Service before we'll accept real production keys. Join the waitlist and we'll email you when signups open.

The wedge · Pillar 1
Build safely — your AI gets the answer, never the key
Your team ships with Claude, Cursor, and Codex through the SherpaKeys firewall. The AI sees the API response. It never sees the secret.
2
Hand off cleanly
Branded Go-Live Custody Record. The client signs off knowing exactly what happened.
3
Prove it
Open-source firewall on GitHub. Audit log of every access, every actor, every minute.

Client-work headaches

You've lived at least one of these.

Most agency owners we talk to laugh and then go quiet at three of the four. Normal agency chaos. The kind a process fixes once, and then never again.

The client emailed us their live Stripe key.

It’s in their sent folder, your inbox, and your contractor’s forwarded thread. Forever. There is no professional way to un-send a secret.

Did your AI tools see our keys?

The client read an article about AI agents leaking credentials. You ship with Claude every day. You need a better answer than “we’re careful.”

Handoff day. No receipts.

The project’s done. The client asks what was accessed, what was rotated, and what you still have. Right now the honest answer is a shrug and a Notion page.

Three clients. Thirty keys. One folder of .env files.

Client A’s keys one tab away from Client B’s. One wrong paste in one wrong chat, and you’re writing the worst email of your year.

The workflow

Client keeps control.
You keep moving.
Everyone keeps receipts.

Three stages, designed so the credential graph stays clean from kickoff to launch — without slowing your team down on the inside.

  1. 1

    Intake

    The client adds their credentials to a dedicated client workspace — encrypted in their browser before anything leaves it — or you run intake together on a call. Either way: no keys in email, Slack, or a shared doc, ever.

  2. 2

    Build

    Your team ships with Claude, Cursor, or Codex through the SherpaKeys firewall. The AI asks for the API call; SherpaKeys makes it server-side and returns the response. Reads flow silently. Anything that moves money or data pauses for your approval. Every call lands in the audit log with a timestamp and an actor.

  3. 3

    Handoff

    On go-live day you deliver a branded Go-Live Custody Record: every credential inventoried, risk-scored, accounted for. Rotation done, your access revoked, the audit log exported. The client signs off knowing exactly what happened — because it's all written down.

NSNorthshore Studio
Go-Live Credential Custody Record
Brushfire Coffee
DTC Launch
89/100
Green · Launch-ready
7 services. 2 documented exceptions. 3 personnel revocations.
Includes
  • Stripe · Supabase · GitHub
  • Vercel · OpenAI · Resend · Cloudflare
  • Audit log (19 events, timestamped)
  • Signed methodology + agency principal
11 pages · Generated with SherpaKeys

The Go-Live Custody Record

The handoff document that makes you look like
the bigger agency.

Every project ends with a signed, dated, branded document the client can file, forward to their accountant, or show their next developer. It's the difference between “trust us, we cleaned up” and an artifact.

  • Your branding, not ours — white-label reports on the Agency tier
  • Per-credential inventory with risk scoring — the same engine as the analyzer in the hero
  • Rotation + revocation checklist, completed and timestamped
  • Full audit log export — every access, every approval, every actor
See a sample report

Straight answers

We'll tell you exactly what we can
and can't see.

The firewall, the cryptography, and the approval flow are MIT-licensed on GitHub — your client's security person can read every line. Credentials are encrypted in the browser; at rest, the vault is zero-knowledge. During an active agent call, the server decrypts that one credential just long enough to make the request, then zeros it. The model never sees plaintext. That's the honest tradeoff, and it's documented in full in our threat model.

Encryption
AES-256-GCM
Key derivation
Argon2id
Recovery
BIP-39 (12 words)
Vault at rest
Zero-knowledge
Read the full threat model
What this is — and isn't
  • It is a controlled handoff workflow. Your client keeps ownership of their credentials; you keep a logged, revocable working window — and proof of both.
  • It is not a compliance certification. The Custody Record documents what happened in SherpaKeys — it doesn't audit your client's whole stack, and it isn't a SOC 2.
  • It is not for what you ship. SherpaKeys sits between your AI tools and the client's APIs while you build — it's not a runtime secrets manager for the app you deliver.
Open source

The firewall is open source.
So your client's security person can audit it.

The MCP firewall, the cryptography, the approval flow — all MIT-licensed on GitHub. When a client asks how the AI gets the answer without seeing the key, you can send them the code instead of a marketing page.

Read the code on GitHubSecurity architecture

Pricing

Free for agencies. Pay only when you scale.

No subscription factory. No bundle the agency owner has to justify on a slow month. You pay per active project and per report — and you keep whatever margin you bill your client.

Free forever · for agencies

Free

No card
$0/ forever

Two active client projects included. Everything you need to run them properly, free, forever.

  • 2 client projects included
  • AI firewall + write-action approvals
  • Browser-encrypted vault · zero-knowledge at rest
  • Audit log of every access
  • Standard Custody Record template
  • BIP-39 recovery, MIT-licensed firewall
Start free

No credit card. No waitlist.

When you grow

Two add-ons. That's the whole pricing book.

$19/ month / project
Each additional client project
Beyond the 2 included. Add and remove projects as you take on new clients and offboard old ones — only pay for active ones.
$99/ Custody Record
Each Go-Live Custody Record
Bill your client whatever you want for the launch closeout — typically $750 to $2,500. You keep the markup. SherpaKeys takes one fixed price.

That's it. No seat licenses. No platform fees. No negotiation.

Founding cohort

First 10 agencies who sign up lock founder rates for life.

$14 / month / project · $79 / Custody Record · direct line to the founder during build. We're selecting the first 10 from the free signups based on engagement — no separate application, no apply form. Just start your first project.