keyCocoon

About

keyCocoon: Zero-Knowledge Credential Bridge for webSlinger Automation
keyCocoon enables secure, automated login workflows for webSlinger without ever exposing your passwords. It serves as a secure communication bridge between webSlinger automation and keyBunker credential storage, maintaining absolute separation between automation logic and sensitive credential data.

How It Works

When webSlinger executes an automation script that encounters a login form:

webSlinger sends a credential request to keyCocoon specifying the domain, username, and target form field
keyCocoon retrieves encrypted credentials from keyBunker (your local credential vault)
keyCocoon injects the password into the login form and submits it
Credentials exist in memory for less than 1 second, then are immediately cleared
keyCocoon responds to webSlinger with success/failure status only—never the actual credential

Critical Security Principle: webSlinger never receives or handles your passwords. keyCocoon acts purely as a secure bridge, performing credential injection while keeping passwords completely isolated from automation logic.

Multi-Factor Authentication Support

keyCocoon enables automation of TOTP-based multi-factor authentication:

keyBunker stores TOTP shared secrets alongside passwords in your encrypted vault
When webSlinger requests a TOTP code, keyCocoon retrieves the current 6-digit code from keyBunker
Only the generated code (valid for 30 seconds) is transmitted—the shared secret never leaves keyBunker
keyCocoon injects the code into the MFA form, enabling complete authentication automation

This allows webSlinger to automate login workflows for banking, healthcare, and corporate systems that require multi-factor authentication.

Master Password Authentication

keyCocoon cannot access credentials without your authorization:

Enter your keyBunker master password when prompted
Select an authentication duration (from 5 minutes up to 24 hours)
keyCocoon can fulfill credential requests from webSlinger during the authorized time window
After expiration, keyCocoon prompts for the master password again

Your authentication duration preference is the only data keyCocoon stores locally.

Zero-Knowledge Architecture:

keyCocoon never stores credentials—only handles them transiently during injection
Credentials exist in memory for less than 1 second during form filling
No caching, buffering, or persistence of sensitive information

Local-Only Operation:

All credential storage happens in keyBunker's encrypted vault on your device
No network transmission of credentials
No cloud synchronization or remote storage
All communication happens locally through browser extension APIs

Encryption:

Credentials are encrypted both at rest in keyBunker and during transmission to keyCocoon
Encryption keys are generated fresh for each credential request and discarded immediately after use

No Tracking:

No logging of credentials, TOTP codes, or domain/username combinations
No analytics, telemetry, or usage tracking

webSlinger Integration:

The status of keyCocoon is displayed on the webSlinger overlay via the color of the keyCocoon icon
Green: keyCocoon installed and authenticated
Yellow: keyCocoon installed but authentication expired
Red: keyCocoon not installed

Setup Requirements

Chrome or Chromium-based browser
webSlinger browser extension
keyBunker credential management suite

Setup instructions and downloads available at: https://webslinger.ai