BoltAI

BoltAI / passkey-secret-demo

Public

Browser demo of encrypting API keys locally with scrypt recovery and passkey unlock via WebAuthn PRF.

passkey-demo.boltai.com apikey-authentication chatbot cryptography passkey webauthn
12
2
100% credibility
Found Apr 01, 2026 at 12 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
TypeScript
AI Summary

A browser demo that shows how to store private information securely in your browser using device passkeys and a recovery phrase, all locally without any server.

How It Works

1
🖥️ Visit the demo

You open a simple chat page in your browser that promises to keep your private info safe right there on your device.

2
💬 Start chatting

You type a friendly message and hit send, and it gently asks you to protect some private info first.

3
🔐 Set up protection

You enter your secret info and a backup phrase you can remember, then tap to link it to your device's security like Touch ID.

4
🔄 Refresh the page

You reload the browser to test it out, and your chat resets while the protected info stays hidden and safe.

5
Unlock to chat again
👆
Quick device unlock

Use your fingerprint or face scan for instant access without typing.

🔑
Backup phrase

Type your memorable phrase as a reliable fallback option.

Info unlocked safely

Your private info shows up in the chat only while you need it, and you can see it's scrambled and secure when stored.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 12 to 12 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is passkey-secret-demo?

This TypeScript browser demo lets you encrypt API keys locally in the browser, storing only ciphertext in localStorage while using WebAuthn passkeys for unlock via PRF or a scrypt-derived recovery passphrase as fallback. It solves the plaintext storage problem in BYOK flows for browser apps, where pasting secrets into localStorage exposes them to exfiltration. Users get a simple chat interface: input a fake API key during setup, refresh to trigger passkey or passphrase unlock, and inspect the exact encrypted envelope in replies—all 100% client-side with a live demo at passkey-demo.boltai.com.

Why is it gaining traction?

Unlike generic browser github ai tools or copilot extensions, this focused browser demo stands out by making encrypted-at-rest storage inspectable in under a minute, without backends or packages. Developers hook into its chat-like UX that reveals plaintext in memory post-unlock and shows JSON envelopes, beating raw localStorage for api protection in browser github games or minecraft browser demo scenarios. Its narrow scope—passkey-gated local unwrap—sparks discussions on browser security patterns amid rising browser demographics demanding better secret handling.

Who should use this?

Frontend devs building browser apps with user-pasted API keys, like github browser automation scripts or democracy browser tools needing local persistence. Ideal for prototyping BYOK in single-page apps or educating teams on WebAuthn PRF over plaintext IndexedDB. Skip if you need synced vaults or full auth systems.

Verdict

Grab this as a crisp OSS reference for browser demos (12 stars, MIT)—docs are thorough, setup is npm run dev—but at 1.0% credibility, treat it as a pattern demo, not production code. Test in Chromium for best PRF support.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.