Cirklu extension

About

Cirklu - Zero-Exposure API Key Manager

THE PROBLEM:
Every developer has accidentally committed an API key, pasted it into the wrong field, or sent one via Slack. Just one leak can cost thousands in unauthorized usage.

THE SOLUTION:
Cirklu gives you secure, instant access to your API keys without ever exposing them. Smart detection + local encryption + zero-trust architecture = keys that work everywhere but leak nowhere.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

WHAT MAKES CIRKLU DIFFERENT

• Intent-Driven Security - Only saves keys when YOU confirm (no silent scanning)
• True Zero-Exposure - Keys never touch clipboard, never sent to servers
• Developer Velocity - Cmd/Ctrl+K command palette + auto-detect on 50+ platforms
• Encrypted Sharing - Share keys securely with expiration & view limits

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

KEY FEATURES

Intelligent Detection & Autofill
→ Smart field detection on OpenAI, Stripe, AWS, GitHub, Supabase, and 40+ services
→ One-click paste buttons appear next to detected fields
→ Command palette (Ctrl+K / ⌘K) for instant fuzzy search
→ Context-aware suggestions based on the website you're on

Military-Grade Security
→ AES-256-GCM encryption (government & banking standard)
→ Master password protection with PBKDF2 and auto-lock
→ Zero-knowledge architecture - we cannot access your keys
→ Secure injection bypasses clipboard to prevent interception
→ Automatic buffer zeroing after use

Encrypted Sharing (Unique to Cirklu)
→ Create time-limited, view-limited encrypted share links
→ Perfect for team onboarding without exposing permanent keys
→ Self-destructing links expire after N views or hours
→ Zero server storage - only encrypted fragments stored locally

Smart Organization
→ Auto-grouping by provider (Stripe, OpenAI, etc.)
→ Environment tagging (test/live/staging)
→ Duplicate detection
→ Masked display (••••abc123)
→ Favorites system

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

PRIVACY & SECURITY GUARANTEES

What we NEVER do:
✗ Store your keys on our servers
✗ Send plaintext keys over the network
✗ Scan pages without your explicit action
✗ Collect sensitive telemetry
✗ Require account creation

What we DO:
✓ Encrypt everything locally with AES-256-GCM
✓ Store only in browser's secure storage
✓ Use Web Crypto API for all encryption
✓ Auto-lock after inactivity
✓ Validate extension context to prevent attacks

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

PERFECT FOR

→ Solo Developers - Stop switching between password managers
→ Startup Teams - Securely share temporary access
→ Security-Conscious Orgs - Zero-trust architecture
→ API Power Users - Manage 50+ keys across environments

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

GETTING STARTED (30 seconds)

1. Install Cirklu
2. Paste an API key anywhere → Cirklu detects it → Click "Save"
3. Press Ctrl+K (or ⌘K) → Search → Enter

No account. No configuration. Just works.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

SUPPORTED SERVICES

Payments: Stripe
Cloud: AWS, Google Cloud Platform
Development: GitHub

(50+ providers)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

PERMISSIONS EXPLAINED

• storage - Save encrypted keys locally
• tabs - Detect website context for relevant suggestions  
• alarms - Auto-lock after inactivity (security)
• identity - Optional encrypted cloud backup (Google Drive or Dropbox)
  → Zero-knowledge: all data encrypted before upload
  → Your master key never leaves your device
• all_urls - Enable Ctrl+K and paste detection on any website
  → We do NOT track browsing or read page content

No network permissions. We cannot transmit your keys.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

SUPPORT

General: [email protected]
Security Reports: [email protected]

Your keys. Your control. Zero compromise.