Your Keys.
Your Cloud.
Your Portfolio.
mgr.domains is built on a strict Trust No One architecture. We cannot see your domains, we cannot read your API keys, and we cannot access your database.
The Architecture of Sovereignty
1. Client-Side Encryption
All API keys (GoDaddy, Namecheap) are encrypted directly in your browser using AES-256 and PBKDF2 before they ever leave your device.
2. The Dumb Vault
The server acts purely as a dumb storage vault. It only receives and stores unreadable, encrypted blobs in your private Cloudflare D1 database.
3. Cryptographic Auth
You authenticate via cryptography using a hashed X-MGR-SECRET. Your plaintext Master Password is never transmitted over the internet.
4. Local Execution & Ephemeral APIs
Raw 10,000+ domain CSVs are parsed and matched entirely in your browser's local memory. High-value external keys (like OpenAI) use a strict "Courier Pattern"—they are sent via ephemeral headers, consumed for a single request, and instantly destroyed without touching the database.
The Emergency Kit
Because your keys only exist in plaintext on your local machine, there is no "Forgot Password" button.
During setup, we generate a downloadable Emergency Kit PDF containing your recovery tokens. If you lose your Master Password, nobody can recover your data—not even us.
However, you are never locked out of your infrastructure. We provide a "Nuclear Wipe" option allowing you to safely overwrite your encrypted database and deploy a clean slate without breaking your Cloudflare account.