When we started building Blogboat, we knew one thing for certain: we were not going to be another app that stores your platform credentials on our servers.
It sounds obvious. But most tools in this space quietly hold your API keys, tokens, and passwords in a database they control. You connect Medium, you connect WordPress, you connect LinkedIn — and somewhere in their backend, that access lives on their infrastructure.
That bothered us. A lot.
Here's the problem with that model 🔐
Every API key and OAuth token is essentially a spare key to your account. If an app stores it on their servers:
- Their database gets breached → your accounts are exposed
- The app gets acquired → your credentials go to new owners
- The app shuts down suddenly → who has access to your tokens?
As a small team building something we wanted to use ourselves, we refused to take that on. We don't want the responsibility of holding your secrets. And honestly, you shouldn't want us to either.
What we built instead
When you connect a platform in Blogboat — Medium, Dev.to, Hashnode, WordPress, Ghost, LinkedIn, X, or any of the 15+ supported platforms — your credentials go directly into your device's secure keychain.
That's the OS-level secure storage on your Mac, iPhone, or Android. The same place your bank app stores tokens. The same place your password manager keeps its master key.
twRty has zero access to your passwords, API keys, or tokens. They never leave your device. They never touch our servers. They're not in our database.
The Publish Blog screen in Blogboat makes this explicit every time:
"only on this device using your device's secure keychain — never uploaded."
"twRty has zero access to your platform passwords, API keys, or tokens."
We put it right in front of you — not buried in a privacy policy.
The tradeoff (and why it's worth it)
There's one practical consequence: if you log out or switch devices, you'll need to reconnect your platforms. Your credentials don't sync because they never leave your original device — that's the point.
We think that's the right call. The security model is simple and honest: your credentials stay with you, always.
No cloud syncing of secrets. No "trust us." No fine print.
Why this matters for bloggers specifically
Bloggers connect real accounts with real audiences — Medium publications, WordPress sites, LinkedIn profiles. If your publishing credentials leak, someone can post anything to your audience under your name.
We built Blogboat for people who take their content seriously. Security that matches that isn't a feature — it's a baseline.
Blogboat is live and free to start. Try the full write → edit → publish flow at:
🌐 Web: twrty.org/blogboat
🍎 iOS: App Store
🤖 Android: Google Play
twRty Software Services built Blogboat — if you have questions about our security model, drop them in the comments. We're happy to walk through the architecture.
Top comments (1)
If you're interested in how this works technically: every credential you connect goes straight into your OS keychain — the same secure enclave that your bank app uses. We have zero access on our side.
Try the full flow free:
🌐 Web: twrty.org/blogboat
🍎 iOS: apps.apple.com/in/app/twrty-blogbo...
🤖 Android: play.google.com/store/apps/details...