GhostKey
MCP-native credential vault that enables AI agents to authenticate with external services without exposing secrets, supporting bearer, basic, OAuth2, and other auth patterns via MCP tools.
README
GhostKey
MCP-native credential vault — AI agents authenticate without holding secrets.
What is GhostKey?
GhostKey is an MCP server that manages credentials on behalf of AI agents.
Agents never see raw secrets — they call MCP tools like ghostkey_request or
ghostkey_connect, and GhostKey injects the right authentication transparently.
- Zero secret exposure — agents authenticate without holding API keys, passwords, or tokens
- 7 auth patterns — bearer, basic, API key header, custom header, XML-RPC, OAuth2, query parameter
- Persistent connections — managed PostgreSQL and XML-RPC/Odoo sessions
- Works with any MCP client — Claude Code, Claude Desktop, Cursor, VS Code, Gemini CLI, and more
Tiers
| Feature | Local (Free) | Cloud Backup (Free) | Pro ($10/mo) | Enterprise |
|---|---|---|---|---|
| Encrypted local vault | ✓ | ✓ | ✓ | ✓ |
| MCP stdio transport | ✓ | ✓ | ✓ | ✓ |
| Midnight cloud backup | — | ✓ | ✓ | ✓ |
| HTTP relay (remote agents) | — | — | ✓ | ✓ |
| Included ops/month | — | — | 5,000 | Unlimited |
| Cardano NFT ownership | — | — | ✓ | ✓ |
| Own wallet mode | — | — | ✓ | ✓ |
| Self-hosted proof server | — | — | — | ✓ |
| SSO / RBAC | — | — | — | ✓ |
Install
npm install -g ghostkey
Or run without installing:
npx ghostkey
Quick Start
# 1. Create a vault
ghostkey init
# 2. Register a credential
ghostkey register --id stripe --type bearer --base-url https://api.stripe.com
# 3. Configure your AI client
ghostkey setup
# 4. Agents use MCP tools — no secrets exposed
# ghostkey_request { credential_id: "stripe", method: "GET", url: "/v1/charges" }
MCP Client Configuration
Add GhostKey to your MCP client config:
{
"mcpServers": {
"ghostkey": {
"command": "npx",
"args": ["-y", "ghostkey"]
}
}
}
Config file locations:
| Client | Config Path |
|---|---|
| Claude Desktop | ~/Library/Application Support/Claude/claude_desktop_config.json |
| Claude Code | ~/.claude.json |
| Cursor | .cursor/mcp.json in your project |
| VS Code (Copilot) | .vscode/mcp.json in your project |
MCP Tools
| Tool | Description |
|---|---|
ghostkey_list |
List stored credentials, optionally filtered by tag, scope, or description |
ghostkey_status |
System status or detailed credential info with expiry warnings |
ghostkey_request |
Authenticated HTTP request using a stored credential |
ghostkey_connect |
Open a persistent connection (PostgreSQL or XML-RPC/Odoo) |
ghostkey_query |
Execute a query on an existing managed connection |
Auth Patterns
| Type | Use Case |
|---|---|
bearer |
REST APIs with Bearer tokens (Stripe, GitHub, etc.) |
basic |
HTTP Basic authentication (username:password) |
api_key_header |
APIs that use a custom header for the key (e.g., X-API-Key) |
custom_header |
Arbitrary header with a {{secret}} template |
xmlrpc |
XML-RPC services (Odoo execute_kw pattern) |
oauth2 |
OAuth2 client credentials with automatic token refresh |
query_param |
Secret injected as a URL query parameter |
Security
GhostKey is designed with defense-in-depth:
- Argon2id key derivation (password to 256-bit AES key)
- AES-256-GCM authenticated encryption for all stored credentials
- SSRF prevention — domain whitelisting per credential, private IP blocking
- CRLF injection — rejected in all header values
- Error sanitization — credentials never leak in error messages or MCP responses
- Buffer zeroing — best-effort secret wipe on shutdown
- File permissions — vault directory 700, credential file 600
Privacy
- No telemetry — GhostKey collects zero usage data
- No network calls — in local vault mode, nothing leaves your machine
- No cloud dependency — works fully offline with local vault storage
- Credentials never logged — secrets are excluded from all error messages, MCP responses, and debug output
- Your vault, your data — vault files are standard AES-256-GCM encrypted files on your filesystem
CLI Reference
| Command | Description |
|---|---|
ghostkey init |
Create a new credential vault |
ghostkey register |
Add a new credential to the vault |
ghostkey list |
List credential metadata |
ghostkey status |
Show vault health status |
ghostkey rotate |
Update a credential secret |
ghostkey revoke |
Deactivate a credential |
ghostkey start |
Launch MCP server with stdio transport |
ghostkey setup |
Configure LLM clients to use GhostKey |
Supported Clients
GhostKey auto-detects and configures itself for these MCP clients:
| Client | Auto-Setup | Transport |
|---|---|---|
| Claude Desktop | ghostkey setup |
stdio |
| Claude Code | ghostkey setup |
stdio |
| Cursor | ghostkey setup |
stdio |
| VS Code (Copilot) | ghostkey setup |
stdio |
| Windsurf | ghostkey setup |
stdio |
| Gemini CLI | Manual | stdio |
| Continue | Manual | stdio |
| Custom | Manual | stdio/SSE |
License
MIT. Copyright (c) 2026 Loomworks Solutions LLC. See LICENSE.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.