New Release

Your keys belong
in the Keychain.

keybridge saves any highlighted secret — an API key, a token, a password — straight into your Apple Keychain from any app on your Mac. Then finds it again in a keystroke.

open ⌘⇧K
O OpenAI platform.openai.com ⏎ copy
S Stripe — live sk_live_••••••
N Notion internal integration
C Cloudflare api token
switch profile 📁 Default

⌘⇧K — search, then copy without leaving the app you're in

What it is

A keychain you'll actually use

Most of us keep API keys in the worst possible places — a Notes file, a .env that never gets deleted, a Slack message to ourselves. The Apple Keychain has been sitting right there the whole time, encrypted and synced, but it's a pain to put things into and a worse pain to get them back out.

keybridge is the missing front door. Highlight a secret in any app, save it to your Keychain, and pull it back with a Spotlight-style palette whenever you need it. That's the whole app.

How it works

Three motions

  1. Highlight, then save

    Select a key in Safari, a terminal, your notes — anywhere — and right-click → Services → Save Secret to Keychain, or assign the shortcut ⌃⌥⌘K. Copied it instead? ⌃⌥⌘V saves from the clipboard.

  2. Name it

    A small glass panel slides in showing the captured value. Type the service or domain, drop it into a profile, and hit save. It lands in your Keychain as a generic password.

  3. Find it in a keystroke

    Press ⌘⇧K, type a few letters, press . The secret is on your clipboard and the palette is gone — all without leaving the app you were in.

The hard part

Everything follows from the sandbox

keybridge is bound for the Mac App Store, which is the single most important constraint in the whole project. A sandboxed app can't read your selection with the Accessibility API, can't synthesize keystrokes, can't peek at the active browser's URL. Every interesting decision is a way around a wall.

Capturing highlighted text OS-wide is done through macOS System Services — the one sanctioned path. The global hotkeys use Carbon's RegisterEventHotKey, which registers with the window server and needs no Accessibility permission at all. And the palette is a non-activating panel that takes keyboard focus while your previous app stays frontmost — a "Spotlight illusion" that's what lets you copy and immediately ⌘V back where you were.

The one I'm proudest of catching: on macOS the legacy keychain quietly ignores access groups, so an early build's search was returning every secret in the login keychain — other apps' included. Forcing the data-protection keychain scoped reads back to keybridge's own items. A privacy leak that never shipped.

A secrets manager earns trust by what it refuses to do. keybridge makes exactly one network call — fetching website logos — and it's off by default.

What it doesn't do

No cloud. No account. No catch.

Your secrets live only in the Apple Keychain. keybridge keeps no copy, runs no server, and has no account to sign into. Out of the box it makes zero network connections; the only one it can make is fetching a website's logo for a saved key, and that stays off until you turn it on. Syncing across your Macs through iCloud Keychain is coming in a future update.

Keys can be grouped into profiles — one per project — that you cycle through with in the palette. The profile name never touches the keychain; only an opaque id does, so renaming a project is just editing a local registry.

Try it

keybridge runs quietly in your menu bar on macOS 14 and later. It's coming to the Mac App Store.

You can read more at keybridge.z8ch.com.