Skip to content
keyforge

Security

Threat model

The threats this site defends against, in order of priority:

  1. Server-side key persistence. A pasted key must not survive the request that tested it. Mitigated by a stateless proxy that never logs or stores headers, and a code-level audit that grep's for any console.log near auth-handling code.
  2. Cross-request key leakage. The shared in-memory rate-limit cache stores only IP timestamps, never request bodies or headers. There is no per-key cache anywhere in the codebase.
  3. Client-side key exfiltration. CSP forbids third-party scripts. No analytics, fonts, or ad networks are loaded. The browser only ever talks to our origin.
  4. Share-link key leakage. Shareable result URLs encode only the last 4 characters of the key, the provider id, the validation status, and the model id list. The full key is never embedded.
  5. Email-based key leakage. The optional reminder feature signs a JWT containing only { email, providerId, expiresAt }. The API key never reaches the email service.

Out of scope

The following are not threats this site protects against:

  • A compromised browser, OS, or password manager. If your machine is compromised, anything you paste is already lost.
  • A man-in-the-middle on your network. KeyForge is HTTPS-only with HSTS, but if your TLS chain is compromised, all bets are off.
  • An upstream provider being breached. KeyForge has no influence on what OpenAI, Anthropic, or any other vendor does with the key once we forward it.

Defenses in place

  • HTTPS + HSTS. All traffic is TLS-only with a 2-year HSTS lifetime + preload.
  • Strict CSP. No third-party scripts. No inline event handlers. frame-ancestors 'none'.
  • X-Frame-Options DENY, X-Content-Type-Options nosniff, Referrer-Policy strict-origin-when-cross-origin, Permissions-Policy locked down.
  • Rate limiting. Per-IP sliding-window limit on /api/proxy/* at 30 RPM by default. Best-effort across regions; not designed as anti-abuse infrastructure at scale.
  • No telemetry. No analytics SDK, no Sentry, no third-party error tracking that might capture headers.
  • Stateless server proxy. No database, no queue, no persistent storage adjacent to the proxy route.
  • Code audit. The trust-security-completion.md file in the agents directory documents the grep-based audit pass: console.log, localStorage, sessionStorage, error-message echo of headers — all checked.

Self-hosting

The codebase is MIT-licensed and designed to be self-hostable on Vercel, Netlify, or any Node.js host. If you don't want to trust any third party with the proxy hop, fork and deploy your own.

Reporting a vulnerability

Please report security issues to security@dimssu.com. PGP key on request. We commit to acknowledging within 48 hours and patching critical issues within 7 days.

See /.well-known/security.txt for the machine-readable contact.