# Service (gRPC)
The keysd binary runs as a service on your local machine exposed via gRPC. The command line client (keys) and desktop app connect to this local service.
The service is designed to allow access only to explicitly authorized clients and protects key material and
cryptographic operations by using the platform Keyring APIs and a user supplied password.
The command line client authorizes via
keys auth which uses the gRPC calls
Access is over HTTPS on 127.0.0.1 on port 22405 with a certificate generated on first run.
You can find the certificate in the app support directory, for example,
on macOS at
For more details on service authentication, see Auth.