Linux 软件免费装

在这里免费安装WordPress以及其他软件

Banner图

Syncific Vault — API Key Protection & Security

开发者 lightsyncpro
tagteamdesign
更新时间 2026年6月2日 00:08
PHP版本: 7.4 及以上
WordPress版本: 7.0
版权: GPLv2 or later
版权网址: 版权信息

标签

security ai encryption connectors api keys

下载

1.0.1

详情介绍:

WordPress stores API keys in your database in plain text by default. If your database is compromised through SQL injection, a backup leak, or a vulnerable plugin, every API key is exposed. WordPress 7.0's new Connectors API stores AI provider keys the same way (core ticket #64789). Syncific Vault fixes this. Your API keys are moved to an encrypted vault hosted off-site. Your WordPress database stores only a reference — the real key is injected at request time and never persists locally. One vault for all your AI plugins. Store your API keys in Syncific Vault — not in your database. Paste the secure placeholder into AI Engine, ClassifAI, Elementor AI, or any plugin that needs it. When you rotate a key with your provider, update it once in Syncific Vault — every plugin gets the new key instantly. How it works
  1. Paste your API key in the Syncific Vault settings page
  2. The key is encrypted and sent to the Syncific Vault (AES-256, never in your database)
  3. A secure placeholder key is generated — paste it into your other plugins' settings
  4. When any plugin makes an API call, Syncific Vault intercepts it and injects the real key
  5. Other plugins work normally — they don't know the key was swapped
  6. If your database is dumped or compromised, no API keys are exposed
Supports any AI API key Security Protects against External Service This plugin relies on the Syncific Vault API, an external broker service operated by Syncific, to store and retrieve encrypted API keys. All requests are sent to the broker endpoint at https://lightsyncpro.com/wp-json/lsp-broker/v1/ — the broker host that Syncific operates for this service. What the service does: Syncific Vault provides encrypted off-site storage for API keys. Keys are encrypted with AES-256 and stored in an isolated vault file on the Syncific broker server (lightsyncpro.com) — not in your WordPress database. What data is sent and when: No other user data, site content, or visitor information is ever transmitted. Service links: Supported AI Providers Syncific Vault includes preset support for the following AI provider APIs. This plugin does not connect to these services directly. They are the destination domains whose API keys are protected by Vault. When another plugin on your site makes a request to one of these domains, Syncific Vault intercepts the request and injects the protected key. The traffic to these providers originates from your other plugins (such as AI Engine, ClassifAI, or any plugin you've configured), not from Syncific Vault itself. You may also add any other domain through the "Add Custom Domain" option in the plugin settings. Whatever domain you add becomes a protected destination — your other plugins continue to send requests to that domain as they normally would, and Syncific Vault transparently provides the credentials. Free and open source Syncific Vault is completely free. No limits on the number of keys you can protect. Made by Syncific Syncific Vault is built by the team behind Syncific — the creative asset sync platform. The same patent-pending broker architecture that protects OAuth credentials for Lightroom, Figma, Canva, and Dropbox now protects your API keys.

安装:

  1. Upload the syncific-vault folder to /wp-content/plugins/
  2. Activate the plugin through the 'Plugins' menu in WordPress
  3. Go to Settings → Syncific Vault
  4. Select a preset (OpenAI, Anthropic, etc.) or enter a custom domain
  5. Paste your API key and click "Store in Vault"
  6. Copy the placeholder key and paste it into your other plugins' key fields
  7. Done — your key is now protected and every plugin works through the vault

屏幕截图:

  • Placeholder keys paste into any plugin — Vault transparently injects the real key on every request
  • Built-in database scanner checks wp_options, wp_postmeta, and wp_usermeta against 20 credential patterns (OpenAI, Anthropic, Google AI, OpenRouter, xAI, Stripe, GitHub, AWS, and more)

升级注意事项:

1.0.1 Adds per-site token binding and broker callback verification, expands the credential scanner to 20 patterns across three tables, and hardens admin input validation. Recommended for all users. 1.0.0 First release — protect your API keys from database exposure.

常见问题:

Where are my keys stored?

Your keys are encrypted with AES-256 and stored in an isolated vault file on the Syncific broker server. The vault file is not a database — it's an encrypted file on disk with strict permissions (0600). The encryption key is separate from the vault file. Your WordPress database never contains your real API keys.

How is this different from a plugin that encrypts keys in the WordPress database?

Encryption-in-database plugins still leave the encrypted keys and the encryption key on your WordPress server. If an attacker gains access through SQL injection, a backup leak, or a vulnerable plugin, they can extract both the encrypted keys and the means to decrypt them. Syncific Vault is architecturally different: the keys aren't on your WordPress server at all. There's nothing to decrypt because there's nothing there.

Will my existing plugins still work?

Yes. Syncific Vault uses WordPress's http_request_args filter to intercept outgoing API calls and inject the real key before the request is sent. The calling plugin (AI Engine, ClassifAI, Elementor AI, WooCommerce, etc.) works exactly as before — it doesn't know the key was swapped.

How do I rotate a key?

Click "Rotate Key" next to any protected key in the Syncific Vault settings page, paste your new key, and you're done. Every plugin on your site that uses that key gets the new one instantly — no need to update settings in each individual plugin.

What happens if the vault is unreachable?

The plugin fails open — it never blocks your WordPress site from loading. During a Syncific Vault outage, API calls from your other plugins will proceed with the placeholder key and fail authentication at the provider (OpenAI, Anthropic, etc.). Your site remains fully functional; only the AI features dependent on protected keys are temporarily affected. Once the broker is reachable, key injection resumes automatically.

Is this compatible with WordPress 7.0's Connectors API?

Yes. Syncific Vault intercepts the HTTP requests that the Connectors API makes to AI providers, injecting the real key from the vault instead of the one stored in the WordPress database.

What about multisite?

Each site in a multisite network gets its own vault entry (keyed by site URL hash). Sites cannot access each other's keys.

Can I verify my keys are protected?

Yes. Syncific Vault includes a built-in database scanner that checks wp_options for common AI API key patterns (OpenAI, Anthropic, Google AI, OpenRouter). Run it anytime from the settings page to confirm no keys are exposed.

Do you store my keys forever?

Keys remain in the vault until you remove them. You can remove any key from the Syncific Vault settings page at any time. On plugin uninstall, local references are cleaned up. To remove keys from the vault itself, use the Remove button before uninstalling.

What if Syncific shuts down? Will I lose access to my AI services?

No. Syncific Vault doesn't replace your provider relationship — OpenAI, Anthropic, Google AI, and OpenRouter all let you retrieve or regenerate keys from your provider dashboard at any time. We recommend keeping an off-vault backup of any business-critical API key. The plugin is designed so you can leave at any time: deactivate Syncific Vault, paste your original keys directly into your plugins, and continue normally. Your provider accounts and keys are always yours.

更新日志:

1.0.1 1.0.0