Claude Secrets

A secure secrets management plugin for Claude Code and MCP clients. Enables AI assistants to safely handle credentials with user approval, automatic redaction, and secret capture from command output.

Features

• Secret Injection - Use {{SECRET_NAME}} placeholders in commands to inject secrets

• Session-Based Permissions - User approves secret access per-session with time-based expiry

• Output Redaction - Automatically redacts known secrets and common patterns from output

• Secret Capture - Extract secrets from command output (e.g., AWS session tokens) and store for future use

• LLM-Friendly Metadata - Descriptions help future LLMs discover and use the right secrets

• macOS Menu Bar App - Native notifications and dialogs for secret requests

• Encrypted Vault - Secrets stored with Fernet encryption

Installation

One-Line Install (Recommended)

This automatically:

• Installs the package via pipx

• Creates the encrypted vault

• Installs the Claude Code plugin

• Starts the menu bar app

• Enables auto-start on login

Manual Installation

From Source

Quick Start

The init command automatically:

• Creates the encrypted vault

• Installs the Claude Code plugin (via marketplace)

• Starts the menu bar app

• Enables auto-start on login (macOS)

Plugin-Only Install (if claude-secrets is already installed)

Claude Code Commands

When installed as a plugin:

MCP Configuration (Non-Plugin)

For Claude Desktop or other MCP clients, add to your configuration:

MCP Tools

run_command

Execute a CLI command with secret injection and output redaction.

Parameters:

• command - Command with {{SECRET_NAME}} placeholders

• timeout - Timeout in seconds (default: 60)

• capture - Extract secrets from JSON output:

  • path - JSONPath expression (e.g., $.Credentials.SecretAccessKey)

  • name - Name for the captured secret

  • description - LLM-friendly description

  • expires_at - ISO 8601 expiration timestamp

• redact_patterns - Additional regex patterns to redact

• skip_builtin_patterns - Skip built-in redaction patterns

list_secrets

List available secrets with their descriptions.

Returns:

request_secret

Request the user to add a missing secret via the menu bar app.

The menu bar app will show a native macOS dialog prompting the user to enter the secret value.

get_permissions

Get current session permission status for secrets.

How It Works

1. Client LLM calls to discover available secrets

2. LLM constructs command with {{SECRET_NAME}} placeholders

3. User approves secret access when prompted (cached for session)

4. Server injects secrets and executes command

5. Output is redacted before returning to LLM

6. Captured secrets are stored with LLM-provided descriptions for future use

Menu Bar App (macOS)

The menu bar app provides:

• Server status indicator

• List of stored secrets with expiry times

• Native dialogs for secret requests

• Notifications when secrets are captured or expiring

Start with:

Security Model

• Encrypted storage - Vault encrypted with Fernet (AES-128-CBC)

• Permission prompts - User must approve each secret's use

• Session expiry - Permissions auto-expire (default: 1 hour)

• Output redaction - Secrets automatically removed from command output

• Audit logging - All secret access logged to ~/.claude-secrets/audit.log

Uninstalling

One-Line Uninstall

Manual Uninstall

Delete Everything (including secrets)

Your secrets are preserved by default in ~/.claude-secrets/ so you can reinstall later without losing them.

Plugin Structure

Configuration

Configuration stored at ~/.claude-secrets/config.json:

Set values with:

Development

License

MIT