PAL - Project API Locker
Enables secure API key management for development projects by storing keys in OS keychains, auto-generating .env files and SDK client code, and providing AI-assisted key management through Claude Code integration.
README
PAL - Project API Locker
Cross-platform API key management for developers. Secure, local, integrated with Claude Code.
PAL manages your API keys securely using your OS keychain, auto-generates .env files, creates SDK client code, and integrates with Claude Code via MCP.
Features
- Secure Storage: Keys stored in OS keychain (macOS Keychain, Windows Credential Manager) or AES-256-GCM encrypted fallback
- Zero Plain Text: API keys never stored in plain text files
- Auto Generation: Creates
.envfiles and SDK client code - Framework Detection: Automatically detects Next.js, Express, TypeScript, etc.
- Claude Code Integration: MCP server for AI-assisted key management
- Multi-Provider: OpenAI, Anthropic, Stripe, Twilio, SendGrid, Supabase, Firebase, AWS, and custom
Quick Start
# Install globally
npm install -g @pal/cli
# Initialize in your project
cd your-project
pal init
# Add an API (securely stores the key)
pal add-api openai
# Generate .env and client code
pal generate
# Check health
pal doctor
Commands
pal init
Initialize PAL in your project. Detects framework, creates pal.config.json.
pal init
pal add-api [provider]
Add an API service. Securely stores the key in your OS keychain.
pal add-api openai
pal add-api stripe --env-var STRIPE_KEY
pal add-api anthropic --id claude-api
Supported Providers:
openai- OpenAI APIanthropic- Anthropic Claude APIstripe- Stripe paymentstwilio- Twilio SMS/Voicesendgrid- SendGrid emailresend- Resend emailsupabase- Supabase backendfirebase- Firebase/Google Cloudaws- AWS servicescustom- Any custom API
pal generate
Generate .env file and SDK client code from stored keys.
pal generate
pal generate --dry-run # Preview without writing
pal scan
Scan project for API usage and suggest missing configurations.
pal scan
pal doctor
Health check for PAL configuration.
pal doctor
MCP Server (Claude Code Integration)
PAL includes an MCP server for integration with Claude Code.
Setup
Add to your Claude Code MCP config:
{
"mcpServers": {
"pal": {
"command": "npx",
"args": ["@pal/mcp-server"]
}
}
}
MCP Tools
| Tool | Description |
|---|---|
list_projects |
List all PAL-registered projects |
inspect_project |
Get project details, services, env status |
add_api_to_project |
Add API service programmatically |
generate_client_snippets |
Get integration code for services |
summarize_env_state |
Health check for env/keystore |
Example Usage in Claude Code
"Add OpenAI to my current project with this API key: sk-..."
"Show me the status of API keys in /path/to/project"
"Generate the client code for Stripe in my project"
Security
Key Storage Priority
-
OS Keychain (recommended): Uses
keytarfor native keychain access- macOS: Keychain Access
- Windows: Credential Manager
- Linux: libsecret
-
Encrypted File (fallback): AES-256-GCM encrypted JSON file
- Location:
~/.pal/keystore.enc - Encryption key derived from machine-specific data
- Location:
Best Practices
- Never commit
.envfiles (PAL auto-adds to.gitignore) - Use OS keychain when available (install
keytar) - Run
pal doctorto verify security setup - Rotate keys periodically
Configuration
pal.config.json
{
"projectName": "my-app",
"language": "node",
"framework": "nextjs",
"envFile": ".env.local",
"services": [
{
"id": "openai",
"provider": "openai",
"envVarKey": "OPENAI_API_KEY",
"scopes": ["chat", "embeddings"]
}
]
}
Framework Detection
PAL automatically detects:
- Next.js: Uses
.env.local - Express: Standard
.env - TypeScript: Generates
.tsfiles - Package Manager: npm, yarn, pnpm, bun
Packages
| Package | Description |
|---|---|
@pal/core |
Core library (types, keystore, codegen) |
@pal/cli |
Command-line interface |
@pal/mcp-server |
MCP server for Claude Code |
Development
# Clone the repo
git clone https://github.com/your-username/pal-mcp.git
cd pal-mcp
# Install dependencies
pnpm install
# Build all packages
pnpm build
# Run CLI locally
pnpm --filter @pal/cli start -- init
Examples
See the examples/ directory:
basic-node-openai/- Simple Node.js + OpenAI example
License
MIT
Built for developers who value security and speed.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.