Getting Started with CloudKeep

CloudKeep is a developer-first secrets manager built on zero-knowledge encryption. Your secrets are encrypted on your device before they ever leave it, so nobody — including CloudKeep — can read them. This guide walks you through initial setup in five steps.

Prerequisites

• A modern web browser (Chrome, Firefox, Safari, or Edge)
• An email address for account registration
• A secure location to store your recovery key (a password manager you already trust, a printed sheet in a safe, etc.)

Step 1: Create Your Account

Visit the registration page and sign up with your email address or continue with Google. You will receive a verification email — click the link to confirm your account.

Step 2: Set Your Master Password

After verification you will be prompted to choose a master password. This is the single password that protects all of your encrypted data. CloudKeep uses PBKDF2 with 600,000 iterations to derive an encryption key from your master password. The password itself is never sent to our servers.

A strong master password should:

• Be at least 14 characters long
• Combine uppercase, lowercase, numbers, and symbols
• Not be reused from any other service
• Be memorable enough that you do not need to write it down

For more details, see the Master Password documentation.

Step 3: Save Your Recovery Key

After setting your master password, CloudKeep generates a recovery key — a randomly generated string that can decrypt your data if you ever forget your master password. Store it in a safe, offline location. If you lose both your master password and your recovery key, your data cannot be recovered due to the zero-knowledge design.

Example format of a recovery key. Your actual key will be unique.

Step 4: Create Your First Vault

Vaults are encrypted containers that hold your secrets. You start with a default Personal vault, but you can create as many as you need — for example, one for personal credentials, one for work, and one for a side project.

1. Navigate to the Vaults page from the sidebar.
2. Click New Vault and give it a descriptive name (e.g., "Production Infrastructure").
3. Optionally add a description and choose an icon for quick identification.

Learn more in the Vaults documentation.

Step 5: Add Your First Secret

Inside a vault, click Add Secret to store a credential. CloudKeep supports several secret templates out of the box:

• Password — website logins with username, password, URL
• API Key — key/value pairs for service tokens
• Database — connection strings with host, port, database name, and credentials
• SSH Key — public/private key pairs
• Secure Note — free-form encrypted text

Fill in the fields, add optional tags, and click Save. Your secret is encrypted client-side before being stored. Read more about secrets in the Secrets documentation.

What's Next?

• Master Password — understand how your encryption key is derived
• Sharing — securely share secrets with teammates or external parties
• Teams — set up your organisation and invite members
• Two-Factor Authentication — add a second layer of account protection