Opening keyBunker

1. Open the Start Menu and type KeyBunker
2. Click KeyBunker in the search results
3. The keyBunker password dialog opens

KeyBunker appears as a Best Match when you type its name in the Start Menu

Setting Your Master Password

The same password dialog handles both first-time setup and all subsequent unlocks. On first launch the prompt reads "No vault exists. Enter new password:" — the password you enter becomes your master password and creates the vault. On subsequent launches the prompt reads "Enter keyBunker password:".

1. Enter your password in the dialog (on first launch, this becomes your master password)
2. Click OK

On first launch the prompt says "No vault exists. Enter new password:" — on subsequent launches it says "Enter keyBunker password:"

Add a Website Credential

Each entry stores the login credentials for one website. keyCocoon matches entries to sites by domain.

1. Click New Account
2. Enter an Account Name — a label for this entry, like GitHub or Amazon Work
3. Enter your Username or email address
4. Enter your Password
5. Enter the URL — the site's login URL or just its domain, like github.com
6. Click Save

The KeyBunker Credential Manager. Account Name, Username, Password, and URL are the key fields for basic logins.

Domain Matching

keyCocoon matches your entry to a login page by extracting the root domain from both the stored URL and the current page — subdomains are ignored. So accounts.google.com and mail.google.com both match a stored URL of google.com. Enter just the root domain in the URL field:

Testing Your Credential

You can test a credential on any login page — you don't need to be in a formal recording session. Activate webSlinger on the site and follow this sequence:

1. Activate webSlinger and navigate to the site's login page
2. Start a keyCocoon authentication session — click the keyCocoon icon in the browser toolbar, or the keyCocoon status icon on the webSlinger overlay, then enter your session duration and master password.
   Shortcut: If you skip this step, the master password dialog will appear automatically when you click Authenticate with keyCocoon in step 7.
3. Toggle the input overlay on
4. Right-click the username field and type your username
5. Set the Press Enter option to match your login form's layout:
   • Checked — for two-page logins where entering the username submits and navigates to a separate password page
   • Unchecked — for single-page logins where both username and password fields are visible at once, so the form doesn't submit before the password is filled
6. Click Record
7. Right-click the password field (highlighted red in the overlay)
8. Click Authenticate with keyCocoon — webSlinger sends the current domain and the username you entered to keyCocoon, which retrieves the matching credential from keyBunker

After typing the username, right-clicking the password field (red) shows this menu. The domain and username confirm which credential keyCocoon will look up.

Watch the validation log for the result — there is no separate confirmation dialog:

• Green message — credential found, password entered, login succeeded
• Red message — credential not found, or login failed

What is TOTP?

TOTP (Time-based One-Time Password) is the 6-digit code that changes every 30 seconds — the kind generated by apps like Google Authenticator or Authy. Sites use it as a second factor on top of your password.

keyBunker generates these codes automatically during automation, so your scripts can log in to 2FA-protected accounts without any manual intervention.

The TOTP Secret Key

Every TOTP code is generated from a secret key — a string that looks like JBSWY3DPEHPK3PXP. The website gives you this key exactly once, when you first set up 2FA. keyBunker needs this key to generate matching codes.

Grabbing the Key

Follow the site's normal instructions for setting up an authenticator app. When you reach the QR code screen, the secret key is always available nearby — look for a link or button labeled something like "Can't scan the QR code?", "Enter this text code", or "Copy Key". Grab it on your way through.

The key is always available alongside the QR code — sometimes shown automatically, sometimes one click away

Entering the Key in keyBunker

While the QR code screen is still open, enter the key into keyBunker before scanning with your phone — once you scan, the authenticator app immediately prompts for additional steps and you may lose track of the key.

1. Open keyBunker and create or open the credential entry for this site
2. Paste the secret key into the TOTP Secret field and click Save
3. Now scan the QR code with your authenticator app and complete enrollment normally on your phone

Paste the key into the TOTP Secret field before scanning the QR code with your phone

Once enrollment is complete, you can test that keyCocoon can fill in the code automatically — see Testing Your Credential on the previous page.

During Automation

When you record a session that includes a login, the generated script includes the credential and TOTP actions you recorded. When the script runs, these steps execute automatically:

1. The script navigates to the login page and enters the username
2. The script sends a credential request to keyCocoon — containing only the domain and username
3. keyCocoon retrieves the matching password from keyBunker and injects it directly into the form
4. If the site has a TOTP step, the script sends a TOTP request and keyCocoon fills the current 6-digit code generated from the secret stored in keyBunker
5. The form is submitted and automation continues

TOTP codes are filled the same way as passwords — the script requests the code, keyCocoon retrieves it from keyBunker

Authentication Sessions

keyCocoon will not serve credentials unless there is an active authentication session. Before running an automation script that involves login, you need to start a session:

1. Click the keyCocoon icon in the browser toolbar (or the keyCocoon status icon on the webSlinger overlay)
2. Enter your session duration — how long keyCocoon will remain authorized to serve credentials
3. Enter your master password

The session expires after the set period. This ensures credentials are never accessible indefinitely — even if your browser is left open, keyCocoon stops serving credentials once the session ends.

What webSlinger Never Sees

webSlinger handles navigation — clicks, page transitions, form interactions. Credential values travel a completely separate path: keyBunker to keyCocoon to the form, never through webSlinger.

Your session maps and generated scripts contain no credentials.

Troubleshooting