Your license keys, sealed on your own machine.
License Tracker keeps every key, renewal date, and receipt in one encrypted vault that never leaves your computer. There is no account to make and no server to trust, because there is no server.
- Developer
- Ableton
- License key
- ••••••••••••
- Purchased
- 2024-06-18 · 749 USD
This is how the app behaves. Keys stay masked until you ask for them, so a shoulder or a screen share never gives one away.
A quiet dashboard that tells you what is coming due.
The vault opens on totals and renewals. Every screenshot here is the running application, photographed against its own demo catalog.

Walk the whole catalog without losing your place.
One browser replaces the old Licenses, Developers, and Vendors tables. Pick a category, then a developer, then a license, and the detail lands in the last column. The path you took stays on screen, so you always know where you are.



Built for the person who actually owns the licenses.
A dashboard that watches dates
Totals, spend by currency, and the license mix by type and category. Renewals inside the next 90 days surface with the days left already counted.
One catalog for everything
Licenses, developers, and vendors share a single Miller-column browser, with installation tracking, tags, notes, and archiving in the detail pane.
Scanner finds what you own
Reads the Windows registry and AppX packages, then walks the filesystem for VST3, VST2, CLAP, and AAX plugins. Turn any finding into a tracked license.
Real icons, fetched or extracted
Pull a product icon from the developer's own site on any OS, lift it out of an installed Windows binary after a scan, or upload your own.
Fields you define
Text, number, date, boolean, select, URL, and email. Flag any definition as encrypted and its values join the sealed set.
Your data leaves whole
Portable JSON export and import, with an optional passphrase-encrypted blob when you want the sensitive fields to travel too.
Two locks, not one.
The whole database file is encrypted, and the fields worth stealing are encrypted again inside it. A weakness in either layer still leaves the other standing.
SQLCipher, AES-256
The database is ciphertext on disk. Copy the file off the machine and it is noise without your password.
- Cipher page size
- 4096
- KDF iterations
- 256,000
- HMAC
- SHA512
- Key derivation
- PBKDF2_HMAC_SHA512
NaCl, XSalsa20-Poly1305
Keys, order numbers, emails, usernames, notes, and vendor passwords are sealed a second time, individually, inside the encrypted file.
- Master KDF
- Argon2id
- Memory cost
- 512 MB
- Iterations · threads
- 3 · 4
- Fallback ladder
- 512 → 64 MB
There is a CLI, and it is not an afterthought.
lt speaks to the exact REST API the web UI uses, which is what keeps that API honest. Script your backups, seed a demo, or add a license without leaving the terminal.
# unlock once; the token lands in ~/.licensetracker
$ lt auth unlock --password ...
{ "success": true }
# what is coming due
$ lt dashboard summary
13 licenses · 2 renewals in 90 days
# find it without opening a browser
$ lt licenses list --query serum
# discover what is installed
$ lt scan run --profile quick
# take everything with you
$ lt export --out backup.json \
--include-sensitive --passphrase ...
$ lt auth lockOne process. Node 20. No build step for the UI.
The server, the REST API, the web UI, and the CLI are the same Node process talking to one encrypted file. There is no Electron and no framework to compile.
Install
Node 20 or newer, then pull the dependencies once.
./scripts/setup.shStart it
It binds to loopback. Nothing is exposed to your network.
./scripts/dev.shMake a vault
Pick a master password. It cannot be recovered, so keep it.
open http://127.0.0.1:5555