I'm Freddy, and KeyForge started the way most small tools do: out of irritation with my own bookmarks bar. Somewhere between generating a UUID for a new database row, encrypting a config value before pasting it into a Slack message, and pretty-printing a wall of minified JSON from an API response, I'd open three or four different tabs, each one a different website, each one built by a different person, each one with its own quirks. None of it was hard work exactly. It was just friction — small, constant, and entirely avoidable.
The tipping point wasn't any single incident, but a pattern I noticed over a few weeks of client work. I was debugging an integration that involved AES-encrypted payloads, and I needed a quick way to test a decrypt operation against a known key and IV. I found a tool that looked right, pasted in a plaintext value close enough to the real secret to be useful for testing, and hit decrypt. It worked. Then, almost as an afterthought, I opened the network tab in my browser's dev tools out of habit — and watched my input get POSTed to a server I knew nothing about. Nothing sensitive was actually exposed that time, but the realization stuck with me: I had no idea what that site logged, who ran it, or what happened to my input after it left my machine. I'd been trusting random strangers' servers with my data for years, purely because it was convenient, and I'd never actually stopped to check.
Once I started paying attention, the list of things I wanted was short and specific. I wanted a GUID generator that didn't make me choose between v1, v4, and v5 by trial and error. I wanted encryption and hashing tools that ran locally, so I never had to wonder whether a “quick test” secret was sitting in someone's access logs. I wanted a password generator that used real cryptographic randomness instead of whatever Math.random()happens to produce. And I wanted a JSON formatter that didn't require me to trust yet another third party with API responses that might contain real customer data. None of these are exotic requirements. They're the everyday utility work of writing software — but I couldn't find a single site that did all four well, consistently, and without sending my input anywhere.
So I built KeyForge with one non-negotiable rule: nothing typed into any tool ever leaves the browser. Every cryptographic operation — AES encryption, SHA and MD5 hashing, password generation — runs through the Web Crypto API in a dedicated Web Worker, so the UI stays responsive and the computation never touches a server. GUID generation uses crypto.randomUUID() for v4 and the same cryptographically secure primitives for v1 and v5. JSON formatting runs on the built-inJSON.parse and JSON.stringify, which means there's no network round trip for a formatter to be slow about in the first place. You can verify all of this yourself with your browser's network inspector open — I built it that way specifically so nobody has to take my word for it.
The four tools that exist today — the GUID / UUID Generator, Encrypt / Decrypt, Password Generator, and JSON Formatter— are the ones I personally reached for most often, so they came first. Each one grew explanatory content alongside the tool itself as I wrote it, because I kept finding that the “which option do I pick” question was just as common as the “how do I use this” question. That's also why the Articles section exists — the tools solve the immediate task, the articles cover the reasoning behind it, for anyone who wants to go one level deeper than a UI can comfortably explain.
I didn't want to put a signup wall in front of tools this small — needing an account to generate a UUID defeats the entire point of a quick utility. KeyForge is funded by Google AdSense instead, which means the site needs to earn its keep through traffic rather than subscriptions. That tradeoff is transparent on every page: there's a disclosure in the footer, ads never load above the fold on mobile, and consent is required before any tracking or personalized-ad cookie activates at all. I run KeyForge through my own company, ShellRick Tech Pty (Ltd), based in South Africa, and I'm the person who answers the contact email if something's broken or a privacy request comes in — see About and Contact for the details.
The roadmap is driven by the same test everything else on this site had to pass: is this a tool I actually keep needing, and does a client-side version of it make a real difference? A JWT decoder, a regex tester, a timestamp converter, and a cron expression builder are next, all for the same reason the first four were built — they're the tools I keep having to explain to myself why I'm pasting into a random website instead of one I already trust. If you've had the same nagging feeling about your own bookmarks bar, that's exactly who KeyForge is for.