Keyblind
Encrypted secrets vault for AI agents stores API keys in AES-256-GCM and resolves them at MCP runtime so plaintext never touches the LLM transcript.
Keyblind — Blind AI to Your Keys
Encrypted secrets vault with MCP for AI agents. Secrets resolved at runtime, never leaked to LLM conversations.
Why
Developers regularly leak API keys, passwords, and tokens to AI coding tools. 100,000+ LLM conversations with exposed secrets were found indexed by search engines in 2025.
AI agents read your .env files. They copy-paste secrets into conversations. They commit them accidentally. Keyblind stops this by keeping secrets encrypted at rest and resolving them at runtime — the plaintext value never touches the LLM transcript.
How It Works
┌──────────┐ ┌────────────────┐ ┌─────────────────┐
│ AI Agent │ ──→ │ Keyblind MCP │ ──→ │ Encrypted │
│ (Claude) │ │ Server │ │ SQLite Vault │
│ │ ←── │ (6 tools) │ ←── │ (AES-256-GCM) │
└──────────┘ └────────────────┘ └─────────────────┘
↑ │
│ secret value never appears │ secrets never
│ in conversation transcript │ stored in plaintext
Quick Start
# Install
npm i -g keyblind
# Initialize your vault
keyblind init
# Store secrets
echo "sk-proj-abc123" | keyblind set OPENAI_API_KEY
keyblind set DATABASE_URL - # prompts securely
# Sandbox your .env (AI agents see fakes)
keyblind sandbox
# Resolve a secret
keyblind get OPENAI_API_KEY
# Run commands with secrets injected as env vars
keyblind run -- npm start
# List all secrets (names only)
keyblind list
MCP Server
Keyblind is MCP-first — it works with every AI tool that speaks the Model Context Protocol:
Claude Code, Cursor, Copilot, Windsurf, Cline, Zed — add a .mcp.json to your project root:
{
"mcpServers": {
"keyblind": {
"command": "npx",
"args": ["keyblind", "start"]
}
}
}
With biometric gate (Touch ID required before secrets are resolved):
{
"mcpServers": {
"keyblind": {
"command": "npx",
"args": ["keyblind", "start", "--biometric"]
}
}
}
Note:
--biometricrequires runningkeyblind unlockfirst to authenticate. Session expires after 15 minutes.
Full editor-specific configs →
MCP Tools
| Tool | Description |
|---|---|
resolve_secret | Resolve a secret at runtime (value hidden from transcript) |
store_secret | Encrypt and store a secret |
list_secrets | List secret names (values never revealed) |
sandbox_env | Replace .env values with deterministic fakes |
unsandbox_env | Restore real .env values from vault |
delete_secret | Delete a secret |
Backends
Keyblind supports multiple secret backends:
keyblind backends # List available backends
keyblind backend 1password # Switch to 1Password
keyblind backend bitwarden # Switch to Bitwarden
| Backend | Read | Write | Requires |
|---|---|---|---|
| local (default) | ✓ | ✓ | Nothing |
| 1password | ✓ | ✓ | op CLI |
| bitwarden | ✓ | — | bw CLI |
| env | ✓ | — | Nothing |
| aws | ✓ | ✓ | aws CLI |
| gcp | ✓ | ✓ | gcloud CLI |
| azure | ✓ | ✓ | az CLI |
Keyblind vs Cloak
| Keyblind | Cloak | |
|---|---|---|
| Protocol | MCP (all editors) | VS Code extension only |
| Storage | AES-256-GCM SQLite | AES-256-GCM file |
| Backends | Local, 1Password, Bitwarden, Env | Local only |
| Sandbox | Deterministic HMAC fakes | AES-256-GCM encrypted |
| Touch ID | ✓ (macOS biometric gate) | ✓ |
| CI/CD | keyblind run for env injection | — |
| Network | Zero (fully local) | Zero |
| License | MIT | Proprietary |
Security
- AES-256-GCM encryption with PBKDF2 key derivation (600K iterations)
- Machine-identity-bound key — encryption key XOR-wrapped with machine fingerprint
- Zero network, zero telemetry — no cloud, no accounts, no analytics
- Vault stored at
~/.keyblind/with0700permissions - Deterministic sandbox fakes using HMAC-SHA256 per project + key name
CLI Reference
keyblind init Initialize the encrypted vault
keyblind set <name> Store a secret (value from stdin)
keyblind set <name> - Store a secret (prompts securely)
keyblind get <name> Resolve and print a secret
keyblind list List all stored secrets
keyblind delete <name> Delete a secret
keyblind sandbox [.env] Replace .env with deterministic fakes
keyblind unsandbox [.env] Restore real .env values
keyblind run <command...> Run command with secrets as env vars
keyblind start Start MCP server (for AI agents)
keyblind backends List available backends
keyblind backend <name> Switch backend
Development
git clone https://github.com/aarifmms/keyblind.git
cd keyblind
npm install
npm run build # Compile TypeScript
npm test # Run tests
npm run dev # Watch mode
License
MIT
Related Servers
Alpha Vantage MCP Server
sponsorAccess financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
Moralis Web3 API
Interact with the Moralis Web3 API to access blockchain data across multiple networks through a structured interface.
Matter AI
Provides advanced code review, implementation planning, and pull request generation using Matter AI.
Flame MCP Server
Provides live, up-to-date documentation for the Flame game engine.
CRAN Package README MCP Server
Fetch comprehensive information about CRAN packages, including READMEs, metadata, and search functionality.
CodeAlive MCP
Provides semantic code search and codebase interaction features via the CodeAlive API.
MCPunk
Explore and understand codebases through conversation by breaking files into logical chunks for searching and querying without embeddings.
Nucleus MCP
Local-first, cross-platform memory sync for AI coding tools (Cursor, Claude, Windsurf) with persistent engrams and hypervisor security.
Webflow
Interact with the Webflow API to manage sites, collections, and items.
SAP Documentation
Provides offline access to SAP documentation and real-time SAP Community content.
Neo N3 MCP Server
Integrates with the Neo N3 blockchain for wallet management, asset transfers, contract interactions, and blockchain queries.