API Locker

API Locker

Encrypted credential vault with a 21-tool MCP server. Store and manage LLM API keys, service API keys, and OAuth credentials — then let your AI agent list, reveal, rotate, rename, pause, and proxy calls through them.

Category
Visit Server

README

<div align="center">

<img src="https://www.apilocker.app/brand/logo-256.png?v=2" alt="API Locker mascot" width="180" height="180" />

API Locker

One vault, three types of credentials. Replace your .env file with one token.

npm license website mcp

</div>

API Locker is an encrypted credential vault for developers. Store your LLM API keys, service API keys, and OAuth credentials in one place — then inject them into any command with apilocker run -- npm start. Your raw credentials never touch disk, never live in shell history, never get committed to git.

Free to use. Try it →


What it does

# Install
npm install -g apilocker

# One-click browser confirmation — no pasted tokens
apilocker register

# Store a credential (for any of 34 provider templates, plus "custom")
apilocker store --name OPENAI_API_KEY --provider openai --key sk-proj-...

# Run any command with your vault secrets injected as env vars
apilocker run -- npm start
#  ↑
#  process.env.OPENAI_API_KEY is populated for the lifetime of this command,
#  then gone. No .env file. Nothing on disk. Nothing in shell history.

That's the whole pitch. Everything else in this repo is making that flow work for every kind of credential a developer has to deal with.

One vault, three types of credentials

API Locker distinguishes three credential types because they're used differently:

<table> <tr> <td width="33%" valign="top">

🧠 LLM API Keys

Single opaque tokens for model APIs.

OpenAI, Anthropic, Gemini, Groq, Mistral.

apilocker store --name OPENAI_API_KEY \
  --provider openai \
  --key sk-proj-xxxxx

</td> <td width="33%" valign="top">

⚡ Service API Keys

Single tokens for everyday SaaS.

Stripe, Twilio, Resend, ElevenLabs, Cloudflare, GitHub, Clerk, Sentry, PostHog, Cloudinary, Mux, SendGrid, Vercel, Upstash, LemonSqueezy.

apilocker store --name STRIPE_SECRET_KEY \
  --provider stripe \
  --key sk_live_xxxxx

</td> <td width="33%" valign="top">

🔗 OAuth Credentials

Multi-field credentials for sign-in flows.

Google, GitHub, Slack, Microsoft, Notion, Spotify, Twitter/X, LinkedIn, Discord, Zoom, Dropbox, Salesforce, HubSpot.

apilocker store --oauth \
  --name google-oauth \
  --provider google-oauth \
  --client-id ... \
  --client-secret ...

</td> </tr> </table>

Under the hood, LLM and Service credentials share the same single-string encrypted storage. OAuth is a multi-field encrypted JSON blob. Users experience three product surfaces; implementation shares one foundation.

Why not just use .env files?

Problem .env file API Locker
Secrets on disk ✅ (plaintext) ❌ (encrypted, AES-256-GCM)
Secrets in git history if misconfigured
Secrets in shell history when debugging
Sharing across machines Manual copy-paste ✅ (one apilocker register per device)
Rotation Manual edit in every copy One dashboard click
Audit log of who accessed what ✅ (every reveal + proxy call)
Revocation of a specific device Nuke every local copy One apilocker devices revoke
AI agent access (Claude, Cursor, etc.) "Paste this into Cursor settings" Native MCP integration

Features

  • Encrypted vault — AES-256-GCM on every stored credential. Keys never leave the vault in plaintext except when explicitly revealed to an authenticated master-token holder.
  • Runtime injectionapilocker run -- cmd injects your vault secrets as env vars for the duration of one command, then clears them.
  • Smart proxyPOST /v1/proxy/:keyId forwards authenticated calls upstream (Stripe, OpenAI, etc.) with the raw key injected server-side. Your app code never sees the secret.
  • Scoped tokens with rotation — OAuth2 refresh-token flow with reuse detection. Static, hourly, daily, weekly, monthly rotation cadences. Scoped tokens can only call a pre-approved subset of keys.
  • Per-device master tokens — RFC 8628 device authorization flow. Each machine gets its own token; revoke one without affecting others.
  • Lossless rename — Renaming a credential never breaks existing .apilockerrc files. Old aliases transparently resolve via a previous_names fallback.
  • Pause / resume — Freeze proxy access without losing the credential. Useful for incident response.
  • Audit logs — Every reveal, every proxy call, every rotation, every rename logged with source IP, country, and timestamp. Stream live with apilocker activity --follow.
  • Vault health checkapilocker doctor surfaces stale rotations, unused keys, expiring tokens, and local config permission issues.
  • Import from .envapilocker import .env migrates an existing project into the vault in one command.
  • First-class MCP server — Works with Claude Code, Claude Desktop, Cursor, Zed, Continue, and any other MCP-compatible client. 21 tools give your AI agent the same surface as the CLI.

Connect your AI assistant (MCP)

API Locker exposes a full Model Context Protocol server so AI agents can read and manage your vault directly.

Claude Code (one command):

claude mcp add apilocker -- apilocker mcp

Claude Desktop, Cursor, Zed, Continue — use the apilocker mcp stdio bridge in your client's config:

{
  "mcpServers": {
    "apilocker": {
      "command": "apilocker",
      "args": ["mcp"]
    }
  }
}

Full MCP docs with the 21-tool catalog and per-client setup instructions: apilocker.app/docs/mcp

Repository layout

This is a monorepo. The three surfaces are kept together because they share types, provider templates, and product conventions.

apilocker/
├── cli/         # The `apilocker` npm package (published as apilocker)
├── api/         # Cloudflare Worker backend (api.apilocker.app)
├── site/        # Marketing site + dashboard + docs (www.apilocker.app)
└── README.md    # You are here
  • cli/ — The published apilocker npm package. Built with Node 18+ and Commander. See cli/README.md for the full command reference.
  • api/ — The Cloudflare Worker that powers everything: D1 for metadata, KV for encrypted blobs, a Durable Object for rate limiting, and a fully-featured MCP server at /v1/mcp.
  • site/ — The static marketing site, the dashboard, the /docs/mcp integration guide, and a hidden admin analytics page.

How it works (one minute)

  1. You register a device. apilocker register opens your browser, you click Authorize once, the CLI writes a per-device master token to ~/.apilocker/config.json (mode 0600).
  2. You store credentials via the CLI or dashboard. Each credential is encrypted with AES-256-GCM and the ciphertext lives in Cloudflare KV. Only metadata (name, provider, tags, rotation status) lives in D1.
  3. Your app uses credentials in one of three ways:
    • Runtime injection: apilocker run -- npm start reveals the needed credentials for one command and exports them as env vars.
    • Proxy: Your app holds a scoped token, calls POST /v1/proxy/:keyId, and the API Locker Worker injects the raw key into the upstream call server-side. Your app never sees the secret.
    • AI agent: An MCP-compatible client (Claude Code, Cursor, etc.) connects through the apilocker mcp stdio bridge and gets the same 21-tool surface as the CLI.
  4. Rotation, rename, pause, revoke are all one-click. Credentials in use stay in use — scoped tokens are unaffected by rotation, .apilockerrc files are unaffected by rename, and revoking a device never touches any other device.

Security posture

  • Per-credential AES-256-GCM encryption with a unique IV per blob
  • Encryption key lives as a Worker secret, never in source
  • Session cookies: HttpOnly, Secure, SameSite=Lax, domain-scoped to .apilocker.app
  • CSRF protection on all OAuth flows via single-use state tokens (10-minute TTL in KV)
  • RFC 8628 device authorization flow for CLI sign-in — no pasted master tokens
  • Per-device master tokens with independent revocation
  • Audit log on every access — reveal, rotate, rename, pause, resume, proxy, MCP call
  • Rate limiting via Cloudflare Durable Objects (TrafficMonitor)
  • Worker self-hosts its own OAuth secrets in its own vault — vault is the source of truth even for the app's own sign-in credentials (meta-dogfooding)

Status

Free plan available. Unlimited keys, unlimited tokens, unlimited proxy calls. Early adopters get grandfathered into free Pro permanently when paid plans launch.

Contributing

Issues and PRs welcome. The repo is intentionally kept as a monorepo so a single PR can touch the CLI, API, and site in coordinated steps.

Contact

The right address depends on what you want to talk about:

License

MIT

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured