mcp-keyward

mcp-keyward

Local encrypted vault for API keys. LLMs never see your real keys ā€” the server injects them transparently into HTTP requests.

Category
Visit Server

README

šŸ” mcp-keyguard

Your AI agent should never see your API keys. Now it won't.

mcp-keyguard is a local MCP server that acts as a secure proxy between your AI agent (Claude, Cursor, Windsurf...) and any external API.

Instead of pasting your OpenAI, Stripe or GitHub keys into the chat context, you store them encrypted on your machine. The agent calls mcp-keyguard, which injects the real key server-side and returns the result.

The key never leaves your machine. The agent never sees it.

Why this matters

In 2025, a vulnerability in a popular MCP hosting platform exposed thousands of API keys from over 3,000 servers. The root cause? Keys passed through infrastructure the user didn't control.

mcp-keyguard is the opposite: fully local, zero external dependencies, your keys encrypted at rest with AES-128.

How it works

Your prompt ā†’ Claude ā†’ mcp-keyguard ā†’ [injects real key] ā†’ External API
                           ā†‘
                    Key never leaves here

Installation

Requirements: Python 3.10+

pip install mcp httpx cryptography
git clone https://github.com/ggc180820/mcp-keyguard.git
cd mcp-keyguard

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "mcp-keyguard": {
      "command": "python",
      "args": ["/path/to/mcp-keyguard/main.py"]
    }
  }
}

Restart Claude Desktop. Done.

Usage

1. Store a key (you do this once per key)

"Use add_key to store my OpenAI key with alias 'openai',
header_name 'Authorization', header_prefix 'Bearer '"

2. Make authenticated requests (Claude does this automatically)

"Use make_request with alias 'openai' to call
https://api.openai.com/v1/models"

3. Check what's stored

"Use list_keys"
ā†’ Shows aliases and headers. Never the real values.

Tools

Tool What it does
add_key Store an API key encrypted in the vault
list_keys List stored aliases ā€” values are never shown
make_request Make an authenticated HTTP request, key injected server-side
delete_key Remove a key from the vault

Security model

  • Keys are encrypted with Fernet (AES-128-CBC + HMAC-SHA256)
  • The encryption key lives in vault.key on your machine only
  • All HTTP requests are made locally with a 30s timeout
  • Never commit vault.key or vault.json to git (already in .gitignore)

mcp-keyguard Pro

Need more control? Pro adds:

Feature Free Pro
Encrypted local vault āœ… āœ…
Unlimited keys āœ… āœ…
Multiple vaults (per project/client) āŒ āœ…
Audit log (who used which key, when, where) āŒ āœ…
Key rotation alerts āŒ āœ…

šŸ‘‰ Get Pro ā€” 5ā‚¬/month

License

MIT ā€” free forever for personal use.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured