| title | project | type | status | revenue_target | beth_topics | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
VaniKeys - Zero-Knowledge Vanity SSH Keys |
vanikeys |
software |
active |
600000-3600000 |
|
Enterprise-grade vanity key generation. You keep the private key, we do the compute.
Turn your SSH keys from random strings into branded, identifiable credentials - without ever sharing your private keys.
β You order vanity key β Service generates keys β Service sends private key
β
THEY KNOW YOUR PRIVATE KEY
This is unacceptable for:
- Production SSH keys
- Enterprise security
- Compliance requirements
- DevOps infrastructure
Why existing services fail:
- Must see your private key to find vanity patterns
- Creates insider threat risk
- Violates security best practices
- Deal-breaker for enterprise buyers
β You generate seed β VaniKeys finds path β You derive key locally
β
YOUR PRIVATE KEY NEVER LEAVES YOUR MACHINE
How it works:
- You keep a secret seed (never shared)
- VaniKeys searches millions of derivation paths
- VaniKeys tells you which path produces vanity pattern
- You derive the key on your machine
- VaniKeys never sees your private key
Result: You get computational power without the trust risk.
This is not just a feature - it's what makes enterprise vanity keys possible.
# Install VaniKeys CLI
pip install vanikeys-client
# Initialize your seed (stays on your machine)
vanikeys init
# Order vanity SSH key
vanikeys order ssh --pattern "dev123"
# β VaniKeys searches millions of paths (~30 seconds)
# β Order: ord_abc123, Status: FOUND
# Verify and derive your key locally
vanikeys verify ord_abc123 # β Cryptographic proof valid
vanikeys derive ord_abc123 --output ~/.ssh/dev_key
# Use your vanity key
ssh-keygen -lf ~/.ssh/dev_key.pub
# 256 SHA256:dev123xxxxxxxxxxxxxxxxxxxxxxxxx no comment (ED25519)Your private key was generated on your machine. VaniKeys never saw it.
| Feature | VaniKeys | Traditional Services |
|---|---|---|
| Private key security | β Never leaves your machine | β Service knows your key |
| Cryptographic proofs | β Verifiable before use | β "Trust us" |
| Enterprise-ready | β Audit-friendly, compliant | β Security violation |
| Insider threat | β Impossible | β High risk |
| Computational leverage | β GPU acceleration | β Yes |
| Mathematical guarantee | β HD derivation protocol | β No |
Technical deep dive: See docs/ZERO_KNOWLEDGE_PROTOCOL.md
Problem: 500 developers with random SSH keys. Which key belongs to whom?
Solution: Branded vanity keys for your organization.
# DevOps manager orders bulk keys
vanikeys order bulk --pattern "acme-dev" --quantity 500
# Each team member gets identifiable key:
SHA256:acmedevxxxxxxxxxxxxxxxxxxxxxxxxxBenefits:
- Audit trail: See who accessed what at a glance
- Security: Spot unauthorized keys immediately
- Onboarding: Standardized key generation
- Compliance: Traceable credential management
Problem: Multiple environments, keys getting mixed up.
Solution: Environment-specific vanity patterns.
vanikeys order ssh --pattern "prod" # Production keys
vanikeys order ssh --pattern "staging" # Staging keys
vanikeys order ssh --pattern "dev" # Development keysResult: Can't accidentally use wrong key for wrong environment.
Problem: Need to rotate 1000+ SSH keys across infrastructure.
Solution: Versioned vanity keys for rotation tracking.
vanikeys order bulk --pattern-template "infra-v2-{001..1000}"
# Clear visual distinction:
# Old: SHA256:infrav1001...
# New: SHA256:infrav2001...Problem: Students need practice keys, distinct from real credentials.
Solution: Lab-branded keys that can't be confused with production.
vanikeys order bulk --pattern "lab" --quantity 100
# Visually obvious these are lab keys:
SHA256:lab123xxxxxxxxxxxxxxxxxxxxxxxxxMarket Size:
- B2B/Enterprise: Tens of millions of developers globally
- Every tech company has DevOps teams needing SSH keys
- Recurring revenue: Key rotation, team turnover
Competitive Landscape:
- Almost no competition in zero-knowledge vanity SSH keys
- Traditional vanity services focus on crypto addresses
- Enterprise SSH key management is greenfield
Individual Developers:
- Pay-as-you-go: $0.50 - $50 per key (based on pattern difficulty)
- Free tier: 3 keys/month (trial)
Team Plans:
- $100/month: 50 keys included, $1.50/key after
- $500/month: 500 keys included, $1.00/key after
Enterprise:
- Custom pricing for 1000+ keys
- Volume discounts (up to 30% off)
- Dedicated compute clusters
- On-premise deployment option
Pattern Difficulty:
| Pattern | Time | Cost |
|---|---|---|
| 3 chars | < 1s | $0.50 |
| 4 chars | ~2s | $1.00 |
| 5 chars | ~30s | $2.50 |
| 6 chars | ~30m | $10.00 |
| 7 chars | ~20h | $50.00 |
Conservative:
- 10 enterprise customers Γ $500/month = $5K/month
- 100 team customers Γ $100/month = $10K/month
- 500 individuals Γ $10/month = $5K/month
- Total: $20K/month = $240K/year
Target:
- 50 enterprise Γ $500/month = $25K/month
- 500 teams Γ $100/month = $50K/month
- 2000 individuals Γ $20/month = $40K/month
- Total: $115K/month = $1.4M/year
Aggressive (Product-Market Fit):
- 200 enterprise Γ $1000/month = $200K/month
- 2000 teams Γ $100/month = $200K/month
- 10000 individuals Γ $30/month = $300K/month
- Total: $700K/month = $8.4M/year
Client CLI:
- Python 3.8+ (cross-platform)
- Ed25519 key generation (fast, modern)
- Secure seed storage (encrypted with password)
- Proof verification (zero-knowledge protocol)
Server API:
- FastAPI (Python web framework)
- PostgreSQL (orders, proofs, audit logs)
- Redis (job queue, real-time status)
- GPU compute (vanity path search)
Infrastructure:
- RunPod Serverless: GPU compute ($0.008/job, <200ms cold start)
- Cost: $24/month for 100 jobs/day
- Scales automatically with demand
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Customer Environment (Trusted) β
β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β vanikeys CLI β β
β β β’ Master seed (encrypted, local) β β
β β β’ Key derivation β β
β β β’ Proof verification β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β β Public data only (root public key, orders) β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β VaniKeys Infrastructure (Untrusted) β
β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β API Server (FastAPI) β β
β β β’ Order management β β
β β β’ Job dispatch β β
β β β’ Proof generation β β
β ββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ β
β β β
β ββββββββββββββΌββββββββββββββββββββββββββββββββββββββ β
β β Search Workers (GPU) β β
β β β’ Test millions of derivation paths β β
β β β’ Find vanity pattern matches β β
β β β’ CANNOT access private keys β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Key Property: Trust boundary mathematically enforced by cryptographic one-way functions.
vanikeys/
βββ pyproject.toml # Python project configuration
βββ README.md # This file
βββ CHANGELOG.md # Version history
βββ .env.example # Environment template
β
βββ src/
β βββ vanikeys/
β βββ crypto/ # Core cryptography (HD derivation, proofs)
β βββ domain/ # Models (Pattern, Key, Order, etc.)
β βββ services/ # Business logic (SearchService, OrderService)
β βββ repositories/ # Data access (OrderRepo, ProofRepo)
β βββ api/ # FastAPI routes
β βββ cli/ # Customer CLI tool
β βββ config/ # Configuration
β
βββ tests/ # Test suite
β βββ test_crypto.py # Cryptography tests (critical!)
β βββ test_derivation.py # HD derivation tests
β βββ test_proofs.py # Proof generation/verification
β βββ test_integration.py # End-to-end tests
β
βββ docs/ # Documentation
β βββ ZERO_KNOWLEDGE_PROTOCOL.md # Protocol design (MUST READ)
β βββ HD_DERIVATION_IMPLEMENTATION.md # Implementation guide
β βββ CUSTOMER_QUICKSTART.md # Customer guide
β βββ DEPLOYMENT_GUIDE.md # Deployment instructions
β
βββ deployment/ # Deployment scripts
βββ deploy-staging.sh
βββ deploy-production.sh
βββ rollback.sh
π Security & Protocol (Start Here):
- ZERO_KNOWLEDGE_PROTOCOL.md - Protocol design, security analysis, trust model β
- HD_DERIVATION_IMPLEMENTATION.md - Implementation guide for developers
π₯ Customer Documentation:
- CUSTOMER_QUICKSTART.md - How to use VaniKeys (customer-facing)
π Operations:
- DEPLOYMENT_GUIDE.md - Deployment and infrastructure
From ZERO_KNOWLEDGE_PROTOCOL.md:
"The VaniKeys Zero-Knowledge Protocol solves the fundamental trust problem in vanity key generation. Traditional services must generate and test private keys to find vanity patterns - when they find a match, they know your private key. This is unacceptable for production systems.
Our protocol uses Hierarchical Deterministic (HD) key derivation: we search the derivation space, not the key space. We tell you which path to take, not what the key is. Your private key is derived on your machine from your secret seed + the path we found.
Result: Mathematically proven security. VaniKeys never sees your private key. Not policy, not promises - cryptographic guarantees."
- Python 3.10+
- PostgreSQL 14+
- Redis 7+
- GPU (optional, for local search testing)
# Install uv (fast package manager)
curl -LsSf https://astral.sh/uv/install.sh | sh
# Create virtual environment
uv venv
source .venv/bin/activate
# Install project with dev dependencies
uv pip install -e ".[dev]"
# Setup infrastructure
docker-compose up -d
# Run database migrations
python -m vanikeys.migrations.run
# Run tests (especially crypto tests!)
pytest tests/test_crypto.py -v
pytest tests/test_derivation.py -v
pytest tests/test_proofs.py -v# Run full test suite
pytest
# Run with coverage
pytest --cov=src tests/
# Lint & format
ruff check .
ruff format .
# Type check (important for crypto code!)
mypy src/vanikeys/crypto/
# Explore code structure
reveal src/vanikeys/crypto/Week 1-2: Core Cryptography
- ZERO_KNOWLEDGE_PROTOCOL.md specification β
- HD_DERIVATION_IMPLEMENTATION.md guide β
- Ed25519 HD derivation implementation
- SSH fingerprint pattern matching
- Proof generation/verification
- Comprehensive crypto test suite
Week 3: Client CLI
- Seed generation & secure storage
- Order placement (API client)
- Proof verification
- Key derivation
- Export to OpenSSH format
Week 4: Server API
- FastAPI endpoints (order, status, verify)
- GPU search workers
- Database schema (orders, proofs)
- Job queue (Redis)
- Stripe integration (payments)
- Pattern difficulty estimator
- Progress tracking (real-time updates)
- Beta testing (10 customers)
- Documentation polish
- Production deployment (tia-apps)
- Monitoring & alerting
- Customer support system
- Public launch (Hacker News, DevOps communities)
- 50 beta signups
- 10 paying customers
- $500 revenue
- 100+ keys generated
- Zero security incidents
β Zero-knowledge protocol (we're the only one) β Enterprise-ready (security + compliance) β SSH/DevOps focus (bigger market than crypto) β Cryptographic proofs (verifiable, auditable) β B2B business model (recurring revenue)
β GPU acceleration (100x faster than CPU) β Zero trust required (verify proofs yourself) β No technical knowledge needed (CLI is simple) β Bulk generation (provision entire teams) β Professional support (not just a script)
This is a bootstrap opportunity (revenue-generating business), but best practices:
- Security is critical - crypto code must be perfect
- Write tests - especially for cryptography
- Document thoroughly - security relies on understanding
- Follow TIA Python Guide - clean architecture
- Use reveal - explore before modifying
Proprietary - Revenue-generating business opportunity
β Large market: Every developer needs SSH keys β Underserved: No zero-knowledge vanity key services exist β B2B revenue: Enterprise buyers, recurring revenue β Low competition: Existing services focus on crypto addresses β Clear value prop: Security + branding + compliance
β Zero-knowledge protocol: Hard to replicate correctly β Cryptographic expertise: Security is complex β Infrastructure: GPU compute optimization β Documentation: Comprehensive technical docs
β Low capital: $0 upfront, $70/month infrastructure β Fast to revenue: 6-8 weeks to first dollar β High margins: 99%+ profit margin β Scalable: Serverless GPU grows with demand
For Customers:
pip install vanikeys-client
vanikeys init
vanikeys order ssh --pattern "myteam"For Developers:
git clone https://github.com/scottsen/vanikeys.git
cd vanikeys
uv pip install -e ".[dev]"
pytestFor Enterprise: Contact: sales@vanikeys.dev
- Documentation: https://docs.vanikeys.dev
- Security Issues: security@vanikeys.dev (PGP key on website)
- Technical Support: support@vanikeys.dev
- Sales/Enterprise: sales@vanikeys.dev
- GitHub: https://github.com/scottsen/vanikeys
Version: 0.2.0 (Zero-Knowledge Protocol) Last Updated: 2025-12-03 Status: Phase 1 - MVP Development
Core Innovation: Zero-knowledge vanity key generation with cryptographic security guarantees. The only service where you never share your private keys.