API Locker
Encrypted credential vault with a 21-tool MCP server. Store and manage LLM API keys, service API keys, and OAuth credentials — then let your AI agent list, reveal, rotate, rename, pause, and proxy calls through them.
README
<div align="center">
<img src="https://www.apilocker.app/brand/logo-256.png?v=2" alt="API Locker mascot" width="180" height="180" />
API Locker
One vault, three types of credentials. Replace your .env file with one token.
</div>
API Locker is an encrypted credential vault for developers. Store your LLM API keys, service API keys, and OAuth credentials in one place — then inject them into any command with apilocker run -- npm start. Your raw credentials never touch disk, never live in shell history, never get committed to git.
Free to use. Try it →
What it does
# Install
npm install -g apilocker
# One-click browser confirmation — no pasted tokens
apilocker register
# Store a credential (for any of 34 provider templates, plus "custom")
apilocker store --name OPENAI_API_KEY --provider openai --key sk-proj-...
# Run any command with your vault secrets injected as env vars
apilocker run -- npm start
# ↑
# process.env.OPENAI_API_KEY is populated for the lifetime of this command,
# then gone. No .env file. Nothing on disk. Nothing in shell history.
That's the whole pitch. Everything else in this repo is making that flow work for every kind of credential a developer has to deal with.
One vault, three types of credentials
API Locker distinguishes three credential types because they're used differently:
<table> <tr> <td width="33%" valign="top">
🧠 LLM API Keys
Single opaque tokens for model APIs.
OpenAI, Anthropic, Gemini, Groq, Mistral.
apilocker store --name OPENAI_API_KEY \
--provider openai \
--key sk-proj-xxxxx
</td> <td width="33%" valign="top">
⚡ Service API Keys
Single tokens for everyday SaaS.
Stripe, Twilio, Resend, ElevenLabs, Cloudflare, GitHub, Clerk, Sentry, PostHog, Cloudinary, Mux, SendGrid, Vercel, Upstash, LemonSqueezy.
apilocker store --name STRIPE_SECRET_KEY \
--provider stripe \
--key sk_live_xxxxx
</td> <td width="33%" valign="top">
🔗 OAuth Credentials
Multi-field credentials for sign-in flows.
Google, GitHub, Slack, Microsoft, Notion, Spotify, Twitter/X, LinkedIn, Discord, Zoom, Dropbox, Salesforce, HubSpot.
apilocker store --oauth \
--name google-oauth \
--provider google-oauth \
--client-id ... \
--client-secret ...
</td> </tr> </table>
Under the hood, LLM and Service credentials share the same single-string encrypted storage. OAuth is a multi-field encrypted JSON blob. Users experience three product surfaces; implementation shares one foundation.
Why not just use .env files?
| Problem | .env file |
API Locker |
|---|---|---|
| Secrets on disk | ✅ (plaintext) | ❌ (encrypted, AES-256-GCM) |
| Secrets in git history if misconfigured | ✅ | ❌ |
| Secrets in shell history when debugging | ✅ | ❌ |
| Sharing across machines | Manual copy-paste | ✅ (one apilocker register per device) |
| Rotation | Manual edit in every copy | One dashboard click |
| Audit log of who accessed what | ❌ | ✅ (every reveal + proxy call) |
| Revocation of a specific device | Nuke every local copy | One apilocker devices revoke |
| AI agent access (Claude, Cursor, etc.) | "Paste this into Cursor settings" | Native MCP integration |
Features
- Encrypted vault — AES-256-GCM on every stored credential. Keys never leave the vault in plaintext except when explicitly revealed to an authenticated master-token holder.
- Runtime injection —
apilocker run -- cmdinjects your vault secrets as env vars for the duration of one command, then clears them. - Smart proxy —
POST /v1/proxy/:keyIdforwards authenticated calls upstream (Stripe, OpenAI, etc.) with the raw key injected server-side. Your app code never sees the secret. - Scoped tokens with rotation — OAuth2 refresh-token flow with reuse detection. Static, hourly, daily, weekly, monthly rotation cadences. Scoped tokens can only call a pre-approved subset of keys.
- Per-device master tokens — RFC 8628 device authorization flow. Each machine gets its own token; revoke one without affecting others.
- Lossless rename — Renaming a credential never breaks existing
.apilockerrcfiles. Old aliases transparently resolve via aprevious_namesfallback. - Pause / resume — Freeze proxy access without losing the credential. Useful for incident response.
- Audit logs — Every reveal, every proxy call, every rotation, every rename logged with source IP, country, and timestamp. Stream live with
apilocker activity --follow. - Vault health check —
apilocker doctorsurfaces stale rotations, unused keys, expiring tokens, and local config permission issues. - Import from
.env—apilocker import .envmigrates an existing project into the vault in one command. - First-class MCP server — Works with Claude Code, Claude Desktop, Cursor, Zed, Continue, and any other MCP-compatible client. 21 tools give your AI agent the same surface as the CLI.
Connect your AI assistant (MCP)
API Locker exposes a full Model Context Protocol server so AI agents can read and manage your vault directly.
Claude Code (one command):
claude mcp add apilocker -- apilocker mcp
Claude Desktop, Cursor, Zed, Continue — use the apilocker mcp stdio bridge in your client's config:
{
"mcpServers": {
"apilocker": {
"command": "apilocker",
"args": ["mcp"]
}
}
}
Full MCP docs with the 21-tool catalog and per-client setup instructions: apilocker.app/docs/mcp
Repository layout
This is a monorepo. The three surfaces are kept together because they share types, provider templates, and product conventions.
apilocker/
├── cli/ # The `apilocker` npm package (published as apilocker)
├── api/ # Cloudflare Worker backend (api.apilocker.app)
├── site/ # Marketing site + dashboard + docs (www.apilocker.app)
└── README.md # You are here
cli/— The publishedapilockernpm package. Built with Node 18+ and Commander. Seecli/README.mdfor the full command reference.api/— The Cloudflare Worker that powers everything: D1 for metadata, KV for encrypted blobs, a Durable Object for rate limiting, and a fully-featured MCP server at/v1/mcp.site/— The static marketing site, the dashboard, the/docs/mcpintegration guide, and a hidden admin analytics page.
How it works (one minute)
- You register a device.
apilocker registeropens your browser, you click Authorize once, the CLI writes a per-device master token to~/.apilocker/config.json(mode 0600). - You store credentials via the CLI or dashboard. Each credential is encrypted with AES-256-GCM and the ciphertext lives in Cloudflare KV. Only metadata (name, provider, tags, rotation status) lives in D1.
- Your app uses credentials in one of three ways:
- Runtime injection:
apilocker run -- npm startreveals the needed credentials for one command and exports them as env vars. - Proxy: Your app holds a scoped token, calls
POST /v1/proxy/:keyId, and the API Locker Worker injects the raw key into the upstream call server-side. Your app never sees the secret. - AI agent: An MCP-compatible client (Claude Code, Cursor, etc.) connects through the
apilocker mcpstdio bridge and gets the same 21-tool surface as the CLI.
- Runtime injection:
- Rotation, rename, pause, revoke are all one-click. Credentials in use stay in use — scoped tokens are unaffected by rotation,
.apilockerrcfiles are unaffected by rename, and revoking a device never touches any other device.
Security posture
- Per-credential AES-256-GCM encryption with a unique IV per blob
- Encryption key lives as a Worker secret, never in source
- Session cookies: HttpOnly, Secure, SameSite=Lax, domain-scoped to
.apilocker.app - CSRF protection on all OAuth flows via single-use state tokens (10-minute TTL in KV)
- RFC 8628 device authorization flow for CLI sign-in — no pasted master tokens
- Per-device master tokens with independent revocation
- Audit log on every access — reveal, rotate, rename, pause, resume, proxy, MCP call
- Rate limiting via Cloudflare Durable Objects (TrafficMonitor)
- Worker self-hosts its own OAuth secrets in its own vault — vault is the source of truth even for the app's own sign-in credentials (meta-dogfooding)
Status
Free plan available. Unlimited keys, unlimited tokens, unlimited proxy calls. Early adopters get grandfathered into free Pro permanently when paid plans launch.
- CLI: v1.0.2 on npm
- API: live at
api.apilocker.app - Dashboard: live at
www.apilocker.app/dashboard - Docs:
/docs/mcp - MCP Registry:
io.github.apilocker/apilocker
Contributing
Issues and PRs welcome. The repo is intentionally kept as a monorepo so a single PR can touch the CLI, API, and site in coordinated steps.
Contact
The right address depends on what you want to talk about:
- Bugs & reproducible issues: open a GitHub issue
- Feature requests, ideas, advice, what's missing: feedback@apilocker.app
- General support, account questions: support@apilocker.app
- Security disclosures: security@apilocker.app — please don't open public issues for security findings
- Privacy questions: privacy@apilocker.app
License
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.