Secure Crypto Key Storage
Formerly Key Manager — now ColdStack
A portable, self-contained ~45MB Windows application for encrypting and managing cryptocurrency wallet information. Built by Kris Racette with military-grade encryption standards. Now with a user-initiated Check for Updates feature — offline by default, zero telemetry.
Vault Initialisation — Create your master password
Account Management — Organise by investor or wallet
BIP39 Derivation Engine — Derive addresses from mnemonics
Address Management — Multi-chain support
Private Key Vault — Encrypted, masked by default
Portfolio View — Full vault overview
ColdStack (formerly Key Manager) is a secure application developed by Kris Racette and released under the Executive Mind banner for storing and managing cryptocurrency wallet information. It encrypts your data with AES-256-GCM authenticated encryption and Argon2id key derivation — the same standards used by password managers and crypto exchanges.
No installation required. No Python dependencies. Just copy the ~45MB self-contained coldstack.exe to a USB drive and run it. Your encrypted vault is co-located in the same directory, so it travels with you. Everything stays local — no telemetry, no background polling, no data ever leaves your computer without your explicit action. This is the security-first philosophy that defines every Executive Mind product.
Version 4.1 adds a Go Online toggle — when enabled, ColdStack fetches wallet balances via public RPC endpoints and live crypto prices via CoinGecko's free API. Balance fetching supports 15+ chains including EVM (Ethereum, Arbitrum, Base, BSC, Polygon, Optimism, HyperEVM/HYPE), BTC, SOL, DASH, SUI, ZEC, XRP, ADA, ATOM, SCRT, and RUNE. Prices are cached in-memory for 60 seconds and never written to disk. Offline by default — zero network requests unless you explicitly enable it. The CLI EXE has been deprecated; CLI mode remains available via python src/main.py for development and scripting.
Your master password is never stored. It exists only in memory during your active session. After 5 minutes of inactivity, the vault auto-locks and sensitive data is cleared.
The encrypted vault lives next to coldstack.exe in the same folder. Put both on a USB drive, and your encrypted data goes wherever you go. No registry entries. No system dependencies. No ~/.key_manager/ hidden directories.
Military-grade authenticated encryption. Your data is protected with the same standard used by governments and financial institutions worldwide.
Winner of the Password Hashing Competition. 64MB memory, 3 iterations, 4 lanes — resistant to brute-force and side-channel attacks.
Self-contained ~45MB coldstack.exe. No installation. No Python runtime needed. Copy to a USB drive and your vault goes where you go.
5-minute inactivity timeout automatically locks the vault. Sensitive data is cleared from memory. Re-entry requires your master password.
Bulk-import addresses from CSV or Excel files. Supports 20+ predefined chains plus custom labels. Format guide built into the app.
Mnemonics and private keys are hidden by default. Reveal on demand with password re-entry. Auto-hide after 5 minutes of inactivity.
Derive addresses and private keys directly from 24-word mnemonics. Supports EVM, BTC (Taproot/SegWit/Legacy), SOL, DASH, and SUI with standard HD wallet paths (BIP-32/BIP-44). No browser, no external tool — derivation happens locally inside the encrypted vault.
User-initiated update check via a single GitHub API call. Offline by default — only fires when you click the button. Runs in a background thread so the GUI stays responsive. No auto-updates, no background polling, no telemetry.
Private keys are now derived per-chain from your mnemonic, not stored as static entries. View individual chain keys or the master key. Each key is encrypted at rest and masked by default.
Offline by default. When enabled, unlocks read-only balance fetching and price feeds. Your keys never leave the vault. Online/Offline indicator in the status bar shows green Online or grey Offline.
Check balances inline on each address card. Supports 15+ chains including EVM (ETH, ARB, BASE, BSC, POLY, OPT), BTC, SOL, SUI, DASH, ZEC, XRP, ADA, ATOM, SCRT, RUNE, and HyperEVM (HYPE). Per-card Check Balance button.
Live crypto prices via CoinGecko's free API. 60-second in-memory cache. No API key required. Choose USD, AUD, CAD, EUR, or CHF as your default currency. Fiat equivalent shown alongside native balance.
Fetch ERC-20 token balances alongside native chain balances. Configurable token contract addresses per chain. All EVM chains supported — Ethereum, Arbitrum, Base, BSC, Polygon, Optimism, and HyperEVM.
Redesigned address cards showing coin + chain + derivation on one line, with balances appearing only when fetched. Reduced vertical space per card. Notes only shown when present.
Organized by account and chain. 20+ predefined chains including BTC, EVM, SOL, ZEC, XMR, and more.
Store recovery phrases encrypted. Derive addresses and keys directly from them using the BIP39 engine. Hidden by default. Reveal only when needed with password confirmation.
Multiple chain-specific keys per account. Labeled and organized. Protected with the same encryption as everything else.
AES-256-GCM authenticated encryption ensures both confidentiality and integrity. Every vault file is tamper-evident — any modification invalidates the authentication tag.
Argon2id with 64MB memory cost, 3 iterations, and 4 parallel lanes. Resistant to GPU cracking, ASIC attacks, and side-channel timing analysis. Your password is transformed into an encryption key through a process that takes ~1 second — fast enough for you, too slow for attackers.
No password is ever written to disk. It exists only in volatile memory during your session. Auto-lock after 5 minutes of inactivity clears all sensitive data. Reveal-sensitive-data operations require password re-entry every time.
Offline by default. The only network request is the user-initiated Check for Updates feature, which queries the GitHub releases API only when you click the button. No background polling. No analytics. No auto-updates. Your data never leaves your computer. BIP39 derivation also runs entirely locally — no external libraries call out to the network.
Go Online is OFF by default — zero network requests unless you explicitly enable it. Only public addresses are queried — private keys and mnemonics NEVER leave the vault. Prices cached in-memory only (60s TTL), never written to disk. Online mode and currency settings stored in the encrypted vault alongside your other data.
Freeware. Open source. No installation. Download the v4.1 release from GitHub and start securing your crypto keys today.
Download ColdStack v4.1 →Built by Kris Racette • Released as freeware • Source available on GitHub
Kris Racette (also known as Kristopher Racette and Kristopher Marc Racette) is the Founder of Executive Mind and the creator of ColdStack (formerly Key Manager). With 18+ years of accounting experience and a Master of Commerce from the University of New South Wales, Kris brings a unique perspective to security tooling — one that bridges financial rigor with technical implementation.
ColdStack was built to solve a real problem: securely storing cryptocurrency wallet information without relying on cloud services, browser extensions, or third-party apps that could be compromised. Every design decision prioritizes security, portability, and user control.
The source code is available for audit and contribution on GitHub. Executive Mind believes in open-source security — when the code is public, the security claims are verifiable.