PushKeyPushKey

Cloud API

Zero-knowledge sync backend for Pro+ users. Self-hostable via FastAPI.

The PushKey cloud API is a zero-knowledge sync backend — it stores only AES-GCM ciphertext. The server cannot decrypt your vault.

Run it

# self-hosted
uvicorn pushkey_cloud_api:app --host 0.0.0.0 --port 8000

Or deploy to Railway / Render using the included Procfile.

Endpoints

MethodPathDescription
POST/vault/pushUpload encrypted vault blob
GET/vault/pullDownload latest blob
GET/vault/statusSync metadata (no ciphertext)
POST/license/heartbeatRefresh license token
GET/license/verifyValidate license key

Authentication

All requests carry a Bearer token from your license key, refreshed every 24h by the desktop app:

Authorization: Bearer <license-token>

For self-hosted deployments, set PUSHKEY_API_SECRET in your environment.

Environment variables

VariableDescription
PUSHKEY_API_SECRETShared secret for self-hosted auth
DATABASE_URLPostgres connection string
REDIS_URLOptional — rate limiting and session cache

Admin dashboard

A Next.js admin dashboard (web/) provides license management, analytics, audit logs, and user CRM. Deploy to Vercel:

cd web && vercel deploy

Set NEXT_PUBLIC_ADMIN_API_URL to your API base URL.

AI Agents & Skills

Use PushKey with Claude Code, OpenAI Agents SDK, and any MCP-compatible agent framework.

.env Injection

Write assigned keys directly into project .env files.

On this page

Run itEndpointsAuthenticationEnvironment variablesAdmin dashboard