VaultKey — Secure Client Credential Manager for n8n and Make Agencies

Q: Who can build VaultKey — Secure Client Credential Manager for n8n and Make Agencies?

This is a intermediate level project. Automation agencies and freelancers building n8n and Make workflows for clients — estimated 25,000+ active builders based on n8n Discord and Make community size.

Q: How does VaultKey — Secure Client Credential Manager for n8n and Make Agencies make money?

SaaS subscription. $49/month solo (3 clients, 10 integrations), $99/month agency (unlimited clients and integrations). 7-day free trial.

Automation agencies are literally asking clients for passwords over Slack because OAuth flows are too annoying to set up per client. VaultKey wraps OAuth and API key management into a client-facing portal so agencies never touch a raw password again.

𝕏 Post Reddit HN

Difficulty

intermediate

What is it?

When building automations for clients in n8n or Make, agencies face an awkward choice: ask the client to paste their API key into a Slack DM (terrible) or set up OAuth from scratch for every integration (time-consuming). VaultKey solves this with a white-label credential portal — the client clicks a secure link, authenticates with Google, Shopify, or Stripe via standard OAuth, and VaultKey stores the encrypted token and injects it into the agency's n8n or Make workflows automatically. Agencies pay $49-$99/month per workspace. Buildable in 2 weeks using Next.js, Supabase with vault encryption, and standard OAuth libraries for the top 10 integrations. This is the missing credential layer that every automation agency reinvents badly on every engagement.

Why now?

n8n's community has grown to 50,000+ members and agencies are now running dozens of client workflows simultaneously — the credential management pain is peaking in June 2026 Reddit threads precisely because the tooling never kept up with the agency model.

▸White-label client portal where clients click one link and complete OAuth for Google, Shopify, Stripe, and 7 more integrations without seeing agency infrastructure.
▸Encrypted token storage using Supabase pgsodium — agency never sees raw credentials.
▸n8n and Make credential injection via webhook that pushes tokens directly into workflow credential stores.
▸Audit log showing when each client credential was created, refreshed, or revoked.

Target Audience

Automation agencies and freelancers building n8n and Make workflows for clients — estimated 25,000+ active builders based on n8n Discord and Make community size.

Example Use Case

A Make agency managing 12 client automations stores all OAuth tokens in VaultKey, sends each client a branded portal link for one-click Google and Shopify auth, and never receives a password in Slack again — saving 2 hours per onboarding.

User Stories

▸As an automation agency owner, I want to send clients a branded link to connect their Google and Shopify accounts, so that I never have to ask for a password over Slack.
▸As a freelance n8n builder, I want client OAuth tokens injected into my workflows automatically, so that I spend zero time on credential setup per project.
▸As a client of an automation agency, I want to revoke my connected accounts instantly from the portal, so that I feel in control of my own credentials.

Done When

✓Client portal: done when client clicks invite link, completes Google OAuth, and credential card appears as green in agency dashboard.
✓Token injection: done when agency clicks inject and the credential appears in n8n's credential store within 10 seconds.
✓Audit log: done when every credential event (created, refreshed, revoked) appears in the log with timestamp and actor.
✓Payment: done when Stripe checkout completes and agency workspace upgrades from trial to paid with unlimited clients unlocked.

Is it worth building?

$69/month × 50 agencies = $3,450 MRR at month 3. $99/month × 150 agencies = $14,850 MRR at month 8. Math assumes 5% conversion from n8n Discord community (3,000 active members) via cold DM campaign.

Unit Economics

CAC: $30 via Discord DM and community content (time cost). LTV: $1,782 (18 months at $99/month). Payback: under 1 month. Gross margin: 90%.

Business Model

SaaS subscription

Monetization Path

$49/month solo (3 clients, 10 integrations), $99/month agency (unlimited clients and integrations). 7-day free trial.

Revenue Timeline

First dollar: week 2 (beta agency upgrades). $1k MRR: month 2 (15 agencies at $69). $5k MRR: month 6 (55 agencies). $10k MRR: month 12 (105 agencies via word of mouth).

Estimated Monthly Cost

Supabase: $25, Vercel: $20, Resend: $10, Stripe fees: $25, OAuth app registration (free for most providers). Total: ~$80/month.

Profit Potential

Sustainable at $5k-$10k MRR. High retention because switching means re-doing all client credentials.

Scalability

High — expand integrations to HubSpot, Airtable, QuickBooks. White-label for larger agencies reselling to their own clients.

Success Metrics

20 agency signups in month 1. 8 convert to paid. Zero credential security incidents. Average 4 clients onboarded per agency workspace.

Launch & Validation Plan

Post in n8n Discord and r/n8n asking how agencies share client credentials — collect 20 replies, DM responders with beta invite.

Customer Acquisition Strategy

First customer: DM 30 active n8n Discord members who mention client work, offer free agency account for 60 days in exchange for weekly feedback. Ongoing: Reddit r/n8n, r/automation, n8n community forum posts, YouTube tutorials showing the client onboarding flow.

What's the competition?

Competition Level

Low

What's the roadmap?

Feature Roadmap

V1 (launch): Google, Shopify, Stripe OAuth, n8n injection, agency dashboard, client portal. V2 (month 2-3): HubSpot and Airtable OAuth, Make injection, token refresh alerts. V3 (month 4+): white-label portal branding, team seats, audit export, SOC 2 prep.

Milestone Plan

Phase 1 (Week 1-2): schema, OAuth for 3 providers, client portal, dashboard ships — done when end-to-end OAuth completes. Phase 2 (Week 3-4): n8n injection, Stripe billing, invite email — done when first paying agency injects a live credential. Phase 3 (Month 2): 10 paying agencies, 3 more OAuth providers added based on requests.

How do you build it?

Tech Stack

Next.js, Supabase (with pgsodium encryption), OAuth 2.0 libraries for Google and Shopify and Stripe, n8n REST API, Stripe, Resend — build with Cursor for OAuth flows and encryption, v0 for client portal UI.

Suggested Frameworks

next-auth for OAuth, Supabase pgsodium for encryption, n8n REST API client

Time to Ship

2 weeks

Required Skills

OAuth 2.0 implementation, Supabase encryption, Next.js API routes, n8n REST API.

Resources

Supabase pgsodium docs, next-auth docs, n8n REST API docs, OAuth 2.0 RFC.

MVP Scope

app/page.tsx (landing), app/portal/[token]/page.tsx (client-facing OAuth portal), app/dashboard/page.tsx (agency credential overview), app/api/auth/[provider]/route.ts (OAuth callback handlers), app/api/credentials/route.ts (store and retrieve encrypted tokens), app/api/inject/route.ts (push to n8n via REST API), lib/encryption.ts (Supabase pgsodium wrapper), lib/db/schema.ts (workspaces, clients, credentials, audit_logs), components/CredentialCard.tsx, .env.example.

Core User Journey

Agency signs up -> creates client workspace -> sends portal link -> client completes OAuth -> agency injects credential to n8n -> first automation runs.

Architecture Pattern

Agency creates client invite link -> client clicks portal URL -> OAuth flow completes -> encrypted token stored in Supabase vault -> agency triggers injection API -> n8n REST API receives credential -> workflow runs with valid token.

Data Model

Agency has many Workspaces. Workspace has many Clients. Client has many Credentials. Credential stores encrypted token, provider, scopes, expiry. AuditLog records every create, read, refresh, revoke event.

Integration Points

Supabase for database and pgsodium encryption, next-auth for OAuth flows, n8n REST API for credential injection, Make API for Make workflow injection, Stripe for billing, Resend for portal invite emails.

V1 Scope Boundaries

V1 excludes: self-hosted VaultKey for agencies, mobile app, SSO, SOC 2 certification, webhooks for token refresh notifications, Zapier injection.

Success Definition

An automation agency onboards a client in under 3 minutes via the portal link, and the n8n workflow runs successfully using the injected OAuth token without the agency ever touching a password.

Challenges

OAuth scopes differ per use case — some clients need read-only Google Sheets access while others need full Drive — requiring flexible scope configuration. Distribution challenge: agencies will not pay until they have been burned by a credential leak — must market to the fear of the Slack DM password moment.

Avoid These Pitfalls

Do not build custom OAuth for every provider on day one — ship Google, Shopify, Stripe only and let demand drive the next three. Do not store decrypted tokens in memory longer than the injection request lifecycle. Finding first 10 paying agencies takes longer than building — spend 80% of week 1 in n8n Discord before writing code.

Security Requirements

Supabase Auth for agency accounts. pgsodium encryption on all credential rows. RLS scoped to agency_id. Invite tokens are single-use and expire in 72h. Rate limit portal to 20 req/min. GDPR: credential deletion endpoint required.

Infrastructure Plan

Vercel for Next.js. Supabase for Postgres with pgsodium extension enabled. No file storage needed. GitHub Actions for CI. Sentry for error tracking. Vercel preview environments for staging.

Performance Targets

Expected: 50 agency workspaces, 200 client portals, 500 req/day. API response under 400ms. Portal page load under 1.5s. No caching needed at launch scale.

Go-Live Checklist

☐OAuth flows tested for Google, Shopify, Stripe.
☐Encrypted credential storage verified via Supabase pgsodium.
☐Stripe payment tested end-to-end.
☐Sentry live for error tracking.
☐Custom domain with SSL active.
☐Privacy policy and security page published.
☐5 beta agencies completed full onboarding.
☐Rollback plan: revert to previous Vercel deployment.
☐Launch post drafted for n8n Discord and r/n8n.

First Run Experience

On first run: demo workspace pre-loaded with 3 fake clients showing Google, Shopify, and Stripe credential cards in various states (connected, pending, expired). User can immediately click any card to see the audit log and try the inject button against the n8n sandbox. No manual config required: demo mode uses mock OAuth responses so the full flow is explorable without real API keys.

How to build it, step by step

1. Define Supabase schema: agencies, clients, credentials (encrypted), audit_logs with RLS scoped to agency_id. 2. Run npx create-next-app vault-key with TypeScript and Tailwind. 3. Install next-auth, Supabase JS, Stripe SDK, Resend. 4. Implement OAuth callbacks for Google, Shopify, Stripe at /api/auth/[provider] storing encrypted tokens via pgsodium. 5. Build client portal page at /portal/[invite_token] that shows available OAuth buttons for that workspace. 6. Build agency dashboard showing all clients and credential status per provider. 7. Build /api/inject endpoint that decrypts token and POSTs to n8n REST API credential store. 8. Add Stripe checkout for $49 and $99 plans with workspace activation webhook. 9. Seed demo workspace with 3 fake clients and credential statuses for the dashboard preview. 10. Verify: send portal link, complete Google OAuth, trigger inject endpoint, confirm n8n credential appears in workflow editor.

Generated

June 13, 2026

Model

claude-sonnet-4-6

← Next

FirmFlow — AI Lead Follow-Up and Intake Automation for Law Firms

ClinicPulse — AI Lead Nurture and Appointment Recovery for Medical Practices

Disclaimer: Ideas on this site are AI-generated and may contain inaccuracies. Revenue estimates, market demand figures, and financial projections are illustrative assumptions only — not financial advice. Do your own research before making any business or investment decisions. Technology availability, pricing, and market conditions change rapidly; always verify details independently.