ZKettle FAQs

Question 1

What is ZKettle and how does it secure my secrets?

Accepted Answer

ZKettle is a self-hosted tool designed for sharing self-destructing secrets. It ensures security through zero-knowledge, client-side AES-256-GCM encryption, meaning your plaintext secret and decryption key never leave your device or reach the server; only encrypted ciphertext is stored.

Question 2

How do secrets expire in ZKettle?

Accepted Answer

ZKettle provides flexible expiration options for secrets. You can configure them to self-destruct after a specified number of views or once a predetermined time limit (e.g., minutes, hours) has passed, automatically deleting the ciphertext from the server.

Question 3

What are the deployment options for ZKettle?

Accepted Answer

ZKettle is highly adaptable for self-hosting. You can deploy it using Docker, Systemd, directly with TLS, or behind a reverse proxy like Caddy or Nginx. This offers flexibility to integrate into various infrastructure setups.

Question 4

Can ZKettle be integrated with AI agents or existing workflows?

Accepted Answer

Yes, ZKettle features an MCP (Multi-Client Protocol) server, enabling seamless integration with AI agents like Claude Code or Cursor. It also offers a comprehensive CLI, a web viewer, and an Admin API for flexible secret management within your existing workflows.

Question 5

Does ZKettle allow monitoring or listing of active secrets?

Accepted Answer

Yes, ZKettle provides an Admin API and a metrics endpoint. With a configured admin token, you can list active secrets (metadata only, no plaintext or keys) and retrieve server metrics, offering visibility and control over your deployment.

ZKettle

ZKettle

Key Features

Use Cases

Key Features

Use Cases