Syncific Vault
Your API keys don't belong
in your database.
WordPress stores API keys in plain text in wp_options. Syncific Vault moves them to an encrypted off-site vault — and injects the real key at request time. Free. Open source. No limits.
The problem
Every AI plugin stores keys
in your database.
WordPress 7.0's Connectors API, AI Engine, ClassifAI, Elementor AI — they all write your OpenAI, Anthropic, and Stripe keys directly to wp_options. In plain text. If your database is compromised, every key is exposed.
Database dumps, SQL injection, compromised plugins, hosting breaches — any of these expose your keys. And once a key is out, it can be used to generate charges on your OpenAI account, process payments through your Stripe account, or send email through your SendGrid account.
wp_options → openai_api_key → sk-proj-abc123...
wp_options → anthropic_key → sk-ant-api03-xyz...
wp_options → stripe_secret → sk_live_real789... Real keys in plain text. Visible in any database export.
wp_options → openai_api_key → sk-sv-vault-protected-000...
wp_options → anthropic_key → sk-ant-sv-vault-protected-...
wp_options → stripe_secret → sk_live_sv_vault_protected_... Only placeholders in your database. Real keys in the vault.
How it works
Five minutes to protect every key.
Store your key in the vault
Paste your API key into Syncific Vault. It's encrypted with AES-256 and sent to an off-site vault — never stored in your WordPress database.
Copy the placeholder into your plugins
Syncific Vault generates a placeholder key that passes format validation. Paste it into AI Engine, ClassifAI, WP 7.0 Connectors — anywhere you'd normally put the real key.
Every plugin works through the vault
When any plugin makes an API call, Syncific Vault intercepts it and injects the real key. The plugin works normally — it doesn't know the key was swapped.
Universal
One vault for all your plugins.
Store your API keys in Syncific Vault — not in your database. Paste the secure placeholder into any plugin that needs it. When you rotate a key with your provider, update it once in Syncific Vault — every plugin gets the new key instantly.
Protection
What Syncific Vault
protects against.
If your database is accessible to an attacker — through any vector — your API keys are safe because they're not there.
Backups contain your full wp_options table. Every API key in plain text.
Attackers read wp_options first. If your keys are there, they're gone.
A single vulnerable plugin can read every option in your database.
phpMyAdmin, Adminer, hosting panel database tools — all expose keys.
Your host gets breached. Your database is in the dump. Your keys are exposed.
Security
Built on patent-pending architecture.
The same broker architecture that protects OAuth credentials for Lightroom, Figma, Canva, and Dropbox in Syncific now protects your API keys.
AES-256 encrypted vault
Keys encrypted in an isolated vault file on a separate server. Not a database — an encrypted file on disk with strict permissions.
Keys never in WordPress
Not in wp_options. Not in wp_postmeta. Not in transients. Not in any WordPress table. Not even temporarily.
In-memory only
Keys retrieved into PHP memory for the duration of a single request. When the request ends, the key is gone. Never written to disk.
One-click key rotation
Rotate a key once in the vault. Every plugin on your site gets the new key instantly. No need to update each plugin individually.
Rate-limited access
60 vault requests per minute per site. Abuse prevention built in. Legitimate usage never hits the limit.
Fails open
If the vault is temporarily unreachable, your site keeps working. API calls proceed without injection — nothing breaks.
Patent-pending broker architecture · US App. No. 19/440,404
Supported APIs
Presets for the APIs you use.
Select a preset, paste your key, done. Or enter any custom domain for APIs not listed.
Verify
Built-in database scanner.
Syncific Vault includes a one-click scanner that checks your wp_options table for common API key patterns — OpenAI, Anthropic, Google AI, Stripe, SendGrid. Run it anytime to confirm your keys are protected and not exposed in your database.
Green means clean. Red means you have keys to protect.
Scanned 9 key patterns across wp_options. No exposed API keys found.
Free
Completely free. No limits.
No premium tier. No feature gates. No limit on the number of keys you can protect. Syncific Vault is built on the same broker infrastructure that powers the Syncific creative asset platform — the vault adds negligible overhead.
Frequently Asked Questions
Where are my keys stored? +
Your keys are encrypted with AES-256 and stored in an isolated vault file on the Syncific broker server. The vault file is not a database — it's an encrypted file on disk with strict permissions (0600). The encryption key is separate from the vault file. Your WordPress database never contains your real API keys.
Will my existing plugins still work? +
Yes. Syncific Vault uses WordPress's http_request_args filter to intercept outgoing API calls and inject the real key before the request is sent. The calling plugin (AI Engine, ClassifAI, Elementor AI, WooCommerce, etc.) works exactly as before — it doesn't know the key was swapped.
How do I rotate a key? +
Click 'Rotate Key' next to any protected key in the Syncific Vault settings page, paste your new key, and you're done. Every plugin on your site that uses that key gets the new one instantly — no need to update settings in each individual plugin.
What happens if the vault is unreachable? +
The plugin fails open — it never blocks functionality. If the Syncific broker is temporarily unreachable, API calls proceed without key injection. Once the broker is reachable again, keys are automatically injected. Your site keeps working regardless.
Is this compatible with WordPress 7.0's Connectors API? +
Yes. Syncific Vault intercepts the HTTP requests that the Connectors API makes to AI providers, injecting the real key from the vault instead of the one stored in the WordPress database.
What about multisite? +
Each site in a multisite network gets its own vault entry (keyed by site URL hash). Sites cannot access each other's keys.
Is it really free? +
Yes. Syncific Vault is completely free — no premium tier, no feature gates, no limits on the number of keys you can protect. It's built on the same broker infrastructure that powers Syncific's creative asset platform.
Protect your API keys. Install Syncific Vault.
No plugin required on destination sites. Cancel anytime.