Summary
You've probably leaked an API key to an LLM at some point. This stops that by encrypting secrets in a local SQLite vault and only resolving them at runtime through MCP tools, so the plaintext never hits the conversation transcript. The 16 tools cover the full lifecycle: store, resolve, list, delete, plus sandbox mode that swaps your .env for deterministic fakes before AI agents can read it. It also handles TOTP codes, encrypted share links, and can gate access behind Touch ID. Works with Claude, Cursor, Windsurf, and anything else that speaks MCP. Free tier gives you 5 secrets locally, Pro unlocks unlimited plus team vaults and audit logs.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Keyblind — Blind AI to Your Keys
Encrypted secrets vault with MCP for AI agents. Secrets resolved at runtime, never leaked to LLM conversations.
Why
Developers regularly leak API keys, passwords, and tokens to AI coding tools. 100,000+ LLM conversations with exposed secrets were found indexed by search engines in 2025.
AI agents read your .env files. They copy-paste secrets into conversations. They commit them accidentally. Keyblind stops this by keeping secrets encrypted at rest and resolving them at runtime — the plaintext value never touches the LLM transcript.
How It Works
┌──────────┐ ┌────────────────┐ ┌─────────────────┐
│ AI Agent │ ──→ │ Keyblind MCP │ ──→ │ Encrypted │
│ (Claude) │ │ Server │ │ SQLite Vault │
│ │ ←── │ (16 tools) │ ←── │ (AES-256-GCM) │
└──────────┘ └────────────────┘ └─────────────────┘
↑ │
│ secret value never appears │ secrets never
│ in conversation transcript │ stored in plaintext
Quick Start
# 1. Install
npm i -g keyblind
# 2. Initialize your vault
keyblind init
# 3. Auto-configure MCP for Claude Code (one command)
keyblind setup-mcp
# 4. Store secrets
echo "sk-proj-abc123" | keyblind set OPENAI_API_KEY
keyblind set DATABASE_URL - # prompts securely
# 5. Sandbox your .env (AI agents see fakes)
keyblind sandbox
# 6. Resolve a secret
keyblind get OPENAI_API_KEY
# 7. Run commands with secrets injected as env vars
keyblind run -- npm start
# 8. List all secrets (names only, values hidden)
keyblind list
That's it. After
keyblind setup-mcp, restart Claude Code. Then just say "list my keyblind secrets" or "use my OPENAI_API_KEY" — the AI agent resolves secrets at runtime without ever seeing them in the transcript.
MCP Server
Keyblind is MCP-first — it works with every AI tool that speaks the Model Context Protocol (Claude Code, Cursor, Copilot, Windsurf, Cline, Zed).
Setup (automatic)
keyblind setup-mcp
This auto-configures Claude Code to use Keyblind. Works from any directory. For other editors, see editor-specific configs.
Setup (manual)
Add a .mcp.json to your project root, or use claude mcp add:
claude mcp add --scope user keyblind -- keyblind start
With biometric gate (Touch ID required before secrets are resolved):
keyblind unlock # Authenticate first
claude mcp add keyblind -- keyblind start --biometric
Session expires after 15 minutes. Requires Pro or Team license.
MCP Tools
| Tool | Description |
|---|---|
resolve_secret | Resolve a secret at runtime (value hidden from transcript) |
store_secret | Encrypt and store a secret |
list_secrets | List secret names (values never revealed) |
delete_secret | Delete a secret |
sandbox_env | Replace .env values with deterministic fakes |
unsandbox_env | Restore real .env values from vault |
audit_log | View secret resolution audit trail |
totp_code | Generate a TOTP 2FA code for a stored config |
totp_store | Store a TOTP configuration from otpauth:// URI |
totp_list | List all stored TOTP configurations |
totp_delete | Delete a TOTP configuration |
create_share_link | Create encrypted, expiring share link for a secret |
receive_share | Receive and decrypt a shared secret |
deadman_status | Check dead man's switch status |
deadman_checkin | Reset dead man's switch timer |
sso_status | Check SSO/OIDC authentication status |
Web Dashboard
Manage your secrets from a browser at app.keyblind.dev. Start the HTTP server:
keyblind start --http
Then sign in with your license key at app.keyblind.dev/login. Features:
- View, add, copy, and delete secrets
- Audit log with full access history
- License management
- Pro/Team tier status
Browser Extension
The Keyblind Chrome Extension detects and blocks secrets from being pasted into AI chat interfaces (Claude.ai, ChatGPT, Copilot).
Features:
- Detects 12+ API key formats (OpenAI, GitHub, Stripe, AWS, etc.)
- Intercepts paste events on AI chat sites
- Warning banner when secrets are detected
- Popup with vault connection status
Located in browser-extension/. Load as unpacked extension from chrome://extensions.
Pricing
| Free | Pro | Team | |
|---|---|---|---|
| Price | $0 | $79/year | $29/user/month |
| Secrets | 5 | Unlimited | Unlimited |
| Local vault | ✓ | ✓ | ✓ |
| Sandbox / Unsandbox | ✓ | ✓ | ✓ |
| MCP server | ✓ | ✓ | ✓ |
| Dashboard | ✓ | ✓ | ✓ |
| Browser extension | ✓ | ✓ | ✓ |
| 7 backends | ✓ | ✓ | ✓ |
| Team vaults | — | ✓ | ✓ |
| Audit log | — | ✓ | ✓ |
| Secret sharing | — | ✓ | ✓ |
| Dead man's switch | — | ✓ | ✓ |
| TOTP 2FA | — | ✓ | ✓ |
| Biometric gate | — | ✓ | ✓ |
| SSO/OIDC | — | — | ✓ |
| CI/CD integration | — | ✓ | ✓ |
# Buy a license at keyblind.dev, then activate:
keyblind activate <your-license-key>
# Check your status
keyblind status
Backends
Keyblind supports multiple secret backends:
keyblind backends # List available backends
keyblind backend 1password # Switch to 1Password
keyblind backend bitwarden # Switch to Bitwarden
| Backend | Read | Write | Requires |
|---|---|---|---|
| local (default) | ✓ | ✓ | Nothing |
| 1password | ✓ | ✓ | op CLI |
| bitwarden | ✓ | — | bw CLI |
| env | ✓ | — | Nothing |
| aws | ✓ | ✓ | aws CLI |
| gcp | ✓ | ✓ | gcloud CLI |
| azure | ✓ | ✓ | az CLI |
Keyblind vs Cloak
| Keyblind | Cloak | |
|---|---|---|
| Protocol | MCP (all editors) | VS Code extension only |
| Editors | Claude Code, Cursor, Copilot, Windsurf, Cline, Zed | VS Code, Cursor |
| Storage | AES-256-GCM SQLite | AES-256-GCM file |
| Backends | Local, 1Password, Bitwarden, Env, AWS, GCP, Azure | Local only |
| Sandbox | Deterministic HMAC fakes | AES-256-GCM encrypted |
| Web dashboard | ✓ (app.keyblind.dev) | — |
| Browser extension | ✓ (Chrome) | — |
| TOTP 2FA | ✓ | — |
| Secret sharing | ✓ (encrypted URL fragment) | — |
| Dead man's switch | ✓ | — |
| Touch ID | ✓ (macOS biometric gate) | ✓ |
| CI/CD | keyblind run for env injection | — |
| Network | Zero (fully local) | Zero |
| License | MIT | Proprietary |
| Free tier | ✓ (5 secrets) | ✓ |
| Pro | $79/year (unlimited) | — |
Security
- AES-256-GCM encryption with PBKDF2 key derivation (600K iterations)
- Machine-identity-bound key — encryption key XOR-wrapped with machine fingerprint
- Zero network, zero telemetry — no cloud, no accounts, no analytics
- Vault stored at
~/.keyblind/with0700permissions - Deterministic sandbox fakes using HMAC-SHA256 per project + key name
CLI Reference
keyblind init Initialize the encrypted vault
keyblind set <name> Store a secret (value from stdin)
keyblind set <name> - Store a secret (prompts securely)
keyblind get <name> Resolve and print a secret
keyblind list List all stored secrets
keyblind delete <name> Delete a secret
keyblind setup-mcp Auto-configure MCP for Claude Code
keyblind sandbox [.env] Replace .env with deterministic fakes
keyblind unsandbox [.env] Restore real .env values
keyblind run <command...> Run command with secrets as env vars
keyblind start Start MCP server (stdio — for AI agents)
keyblind start --http Start MCP HTTP server (for dashboard)
keyblind start --biometric Start MCP server with biometric requirement
keyblind backends List available backends
keyblind backend <name> Switch backend
keyblind activate <key> Activate a Pro/Team license
keyblind deactivate Remove current license
keyblind status Show license and vault status
keyblind audit Show secret resolution audit log
keyblind check --expired List secrets past expiry
keyblind rotate <name> Update a secret value
keyblind team init [path] Create a shared team vault
keyblind team push <name> Push a secret to team vault
keyblind team pull Pull secrets from team vault
keyblind team list List secrets in team vault
keyblind totp set <name> Store TOTP 2FA config
keyblind totp code <name> Generate current TOTP code
keyblind totp list List all TOTP configs
keyblind totp delete <name> Delete a TOTP config
keyblind share <name> Create encrypted share link
keyblind receive <url> Receive a shared secret
keyblind deadman setup Configure dead man's switch
keyblind deadman checkin Reset dead man's switch timer
keyblind deadman status Show dead man's switch status
keyblind deadman disable Disable dead man's switch
keyblind sso configure Set up SSO/OIDC for team access
keyblind sso login Authenticate via browser SSO
keyblind sso logout Clear SSO session
keyblind sso status Show SSO auth status
keyblind doctor Run vault health check
keyblind generate <name> Generate a strong random secret
keyblind import [.env] Bulk import from .env file
keyblind export Export all secrets
keyblind completions [shell] Generate shell completion script
Development
git clone https://github.com/aarifmms/keyblind.git
cd keyblind
npm install
npm run build # Compile TypeScript
npm test # Run tests
npm run dev # Watch mode
License
MIT
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →