Skip to content
← Field notes
Perspective

Keys aren't passwords — stop managing them like one

Physical keys, codes, and combinations behave nothing like digital secrets. The tools that manage them shouldn't pretend otherwise.

By The KeyCustody team


There’s a tempting shortcut: a key is a secret, a password is a secret, so surely a password manager can hold your building keys too. It can’t — and the reasons are instructive.

A physical key has custody, not just a value

A password has one property that matters: its value. A physical key has a chain of custody. It was cut from a blank, issued to a person, carried around, maybe copied, and eventually returned or lost. The interesting question is rarely “what is the key” — it’s “who has it right now, and who had it before.”

Password tools answer the first question and ignore the second. For physical keys, the second question is the entire job.

Codes and combinations sit in between

Door codes and safe combinations are values you could store in a vault app. But they also get shared verbally, written on a sticky note, and known by six people who’ve since left. Managing them well means tracking who knows them and when they last changed — again, custody, not just storage.

What this means in practice

KeyCustody treats a key as a physical object with a history, a code as a shared secret with a rotation story, and a combination as both. One data model, built for the way these things actually move through a building — not the way a login does.

Keys aren’t passwords. Managing them like one is how the master ring ends up in someone’s kitchen drawer, three jobs ago.


Request a demo