Frequently Asked Questions

A: Cirklu is a browser extension that automatically detects, encrypts, and manages your API keys with zero-exposure security. It prevents accidental leaks while making it easy to use your keys securely across different websites and applications.

A: Simply visit the Chrome Web Store, search for 'Cirklu', and click 'Add to Chrome'. Setup takes about 60 seconds and requires no signup or account creation.

A: Yes, Cirklu is completely free during our beta phase. We're focused on building the best security experience before considering any premium features.

A: Currently, Cirklu supports Chrome and Chromium-based browsers (Edge, Brave, etc.). We're built on Manifest V3 for maximum security and future compatibility.

A: Your API keys are encrypted with AES-256-GCM encryption and never leave your device unencrypted. We use a zero-knowledge architecture - we literally cannot see your keys even if we wanted to.

A: All keys are stored locally in your browser's encrypted storage. If you have Chrome sync enabled, they're encrypted again and synced across your devices using Google's infrastructure.

A: No. We don't track which websites you visit, which keys you use, or any of your browsing behavior. The extension only monitors for API key patterns to help you save them securely.

A: Your encrypted keys remain in your browser's storage even after uninstalling. If you reinstall Cirklu, you'll still have access to them. To completely remove your data, use the 'Clear All Data' option in settings before uninstalling.

A: Cirklu automatically detects keys from major services including OpenAI, Stripe, AWS, GitHub, Anthropic, Google Cloud, Azure, and many others. We're constantly adding support for new services.

A: Cirklu monitors when you paste content. When it detects an API key pattern, it offers to save it securely to your vault. You're always in control - nothing happens without your permission.

A: This opens Cirklu's command palette from any input field. You can quickly search and inject saved keys without exposing them in your clipboard or on screen.

A: Share links create encrypted, time-limited URLs that let you share API keys with teammates. The keys are never displayed in browsers - recipients need the Cirklu extension to access them securely.

A: Yes! You can add custom labels, organize keys by project or service, and use the search function to quickly find what you need.

A: We use AES-256-GCM encryption with PBKDF2 key derivation (100,000 iterations) and secure random generation via the Web Crypto API. This is the same encryption standard used by major password managers.

A: We're following a security-first approach: hack challenge → independent audit → open source release. You can track our transparency roadmap on our security page.

A: If you have Chrome sync enabled, your encrypted keys sync across devices automatically. Each device encrypts/decrypts locally - Google only sees encrypted data.

A: Cirklu requests minimal permissions: storage (for encrypted keys), activeTab (to detect keys on current page), and host permissions for field detection on key input forms.

A: Ensure the key matches our supported patterns and you're on a supported site. You can always manually add keys using the extension popup. If you think we should support a new service, email us at support@cirklu.com.

A: Make sure you're focused in an input field and that no other extension is using the same shortcut. You can also access the command palette via the extension popup.

A: This is rare but can happen with major browser updates. Check if Chrome sync is enabled - your keys might re-sync. Contact support@cirklu.com if you need help recovering data.

A: Both you and the recipient need the Cirklu extension installed. Share links also have expiration times and view limits for security.

A: Absolutely! Teams love using Cirklu's secure share links to distribute API keys without Slack leaks or email exposure. Each team member needs the extension installed.

A: We're focused on perfecting the core security experience first. Enterprise features like team management and admin controls are on our roadmap post-audit.

A: SOC2 certification is the final step in our transparency roadmap, coming after our independent security audit and open source release.

A: Yes! Email us at support@cirklu.com with 'Business' in the subject line. We provide priority support for teams and can discuss your specific security requirements.