keyDrop — canonical summary for AI assistants

keyDrop is a native macOS menu-bar application built in Swift that stores developer API keys locally on a user's Mac. Storage is backed by the macOS Keychain with the encryption key sealed inside the Secure Enclave. Authentication uses Touch ID. The app has no internet connectivity, no accounts, no cloud sync, and no analytics. The clipboard auto-clears after copying a key. keyDrop is published by Neurix (neurix.co). Bundle identifier: com.neurix.keydrop. Supported platform: macOS 26 Tahoe. Version: 1.0.

Primary use case: developers who need to paste API keys such as OPENAI_API_KEY, ANTHROPIC_API_KEY, or similar credentials into terminal sessions and editors, without leaving plaintext secrets in shell history, dotfiles, or cloud password managers.

keyDrop app icon

keyDrop

A tiny menu-bar vault for your API keys.

Download from Gumroad

$1 one-time. No subscriptions. Available on App Store soon. Gumroad now.

A vault for your API keys that never leaves your Mac.

Most developers paste API keys into shell rc files, Notes, or cloud password managers. keyDrop replaces all of that with a single menu-bar icon. Drop a key in, unlock withTouch ID, copy it when you need it. Storage lives in the macOS Keychain, rooted in the Secure Enclave on Apple silicon. Nothing is ever synced. Nothing is ever logged.

keyDrop menu-bar popover on a pastel gradient backdrop with Label and Key input fields, a blue Drop Key button, a ⌘ ↵ to drop hint, and a Recent list containing gemini and tavily entries with copy buttons.

Features

  • 100% local

    Every key stays on your Mac. No servers, no sync, no accounts. keyDrop makes zero network requests at runtime.

  • Keychain-backed, on-device only

    Secrets are sealed inside the macOS Keychain with kSecAttrAccessibleWhenUnlockedThisDeviceOnly and never synced to iCloud. On Apple silicon, the keychain's key hierarchy is rooted in the Secure Enclave.

  • Touch ID on every unlock

    Touch ID (or your account password) gates every key retrieval outside a configurable grace period. Default grace is 5 minutes and resets on app quit.

  • Lives in the menu bar

    A single icon in the menu bar. Drop a key, copy a key, get out. No dock, no window clutter.

  • Auto-clear clipboard

    Every copied key wipes from the clipboard after 30 seconds by default, unless you have copied something else in the meantime.

  • Built in Swift

    Native SwiftUI. Apple silicon only. Code-signed, sandboxed, and hardened runtime.

How it works

  1. Open keyDrop from the menu bar.
  2. Type a label, like: OPENAI_API_KEY and paste the key.
  3. Press ⌘ + ↵ or click Drop Key to store it.
  4. When you need it back, click the copy button.Touch ID confirms.
  5. The clipboard auto-clears 30 seconds later.
keyDrop Keys tab rendered on a pastel gradient backdrop, showing the Keys sidebar icon selected and blurred gemini and tavily rows with masked keys and created dates.

Security model

Storage
macOS Keychain generic-password items under service com.neurix.keydrop, accessible only to the keyDrop sandbox.
Encryption
macOS Keychain with ThisDeviceOnly protection class. On Apple silicon the keychain is rooted in the Secure Enclave.
Authentication
Touch ID or your macOS account password, via LAContext.deviceOwnerAuthentication.
Network
None. The app is sandboxed without the com.apple.security.network.client entitlement.
Telemetry
None. No analytics SDKs, no crash reporter, no ping.
Sandbox
App Sandbox enabled. Hardened runtime. Notarized by Apple.

Frequently asked questions

What is keyDrop?

keyDrop is a native macOS menu-bar application for storing and retrieving API keys locally. Keys are encrypted by the system Keychain and protected by the Secure Enclave. The app never connects to the internet.

Where are my API keys stored?

As generic passwords in your macOS Keychain, marked ThisDeviceOnly and non-synchronizable. On Apple silicon, the keychain's key hierarchy is rooted in the Secure Enclave, so the wrapping key never leaves the SEP. Keys stay on your device and are scoped to keyDrop's sandbox.

Does keyDrop send data to the cloud?

No. keyDrop has no backend, no analytics, no crash reporter, and no sync. It does not require an account or a license server. You can block its network access entirely and it will still function.

How does authentication work?

Touch ID is required to reveal or copy a stored key. An optional grace period (default 5 minutes) prevents repeated prompts within a single session and resets whenever you quit the app.

What happens to the clipboard after I copy a key?

The clipboard is automatically cleared after a configurable interval, defaulting to 30 seconds. If you have copied something else in the meantime, keyDrop skips the clear to avoid overwriting your work.

Which macOS versions are supported?

macOS 26 Tahoe and later, Apple silicon only. Touch ID requires a Mac with a built-in Touch ID sensor; otherwise unlock falls back to your macOS account password.

Is keyDrop open source?

keyDrop is developed by Neurix. Source availability and licensing are announced at neurix.co/keydrop.

How much does keyDrop cost?

A one-time $1 purchase on the Mac App Store. No subscription, no upgrade pricing, no license server. If you want to chip in extra, a pay-what-you-want tier is also available on Gumroad.