agentkeychain
Securely stores and retrieves Cloudflare API keys with scope-based access control, enabling agents to use credentials for Cloudflare services.
Securely stores and retrieves OpenAI API keys with scope-based access control, enabling agents to use credentials for OpenAI services.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@agentkeychainstore my GitHub token with scope repo:read"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
agentkeychain
Agent-native zero-knowledge credential vault. CLI + MCP Server, single binary.
AI Agents need credentials. Users shouldn't be asked for API keys 50 times. agentkeychain treats agents as first-class identities with their own scopes, delegation, and tamper-evident audit — built on Argon2id, XChaCha20-Poly1305, and Ed25519.
For Humans (the only section you need)
You only need 4 commands. Everything else is for agents and power users.
agentkeychain init # One-time: set a master password (8+ chars, remember it!)
agentkeychain store # Add a new secret (it asks you: name? value? scope?)
agentkeychain get NAME # Retrieve a secret (prompts for master password)
agentkeychain list # See all stored secrets (metadata only, NEVER values)That's it. Everything below is optional.
Real-world usage
# Step 1: Initialize (do this ONCE per machine)
$ agentkeychain init
Master password (min 8 chars): ********
✓ vault initialized
# Step 2: Store your first secret (just follow the prompts)
$ agentkeychain store
Name: openai
Value: ***(paste your key, input is hidden in real terminals)
Scope: openai:chat
✓ encrypted and stored: openai
# Step 3: Retrieve it when you need it
$ agentkeychain get openai
Master password: ********
***your key appears here***
# Step 4: See what you have
$ agentkeychain list
NAME VERSION SCOPES UPDATED
openai 1 openai:chat 2026-07-06 04:56:24Talk to your agent instead
You don't even need to remember the commands. Just tell your agent:
"I want to save this OpenAI key" → agent runs
agentkeychain storefor you"Get my Cloudflare token" → agent runs
agentkeychain get cloudflare"Show me all my stored keys" → agent runs
agentkeychain list"Delete the old GitHub token" → agent runs
agentkeychain delete github
When the agent needs a credential to do work, it asks the vault, not you. You stay out of the loop.
What you NEVER do
❌ Paste API keys into chat messages, emails, READMEs, or
.envfiles you commit❌ Write keys in code comments
❌ Screenshot a key and send it
❌ Re-type the same key 50 times across different tools
If you find yourself pasting a key anywhere, stop and run agentkeychain store.
Related MCP server: API Locker
What it does
CLI |
|
MCP Server | 5 tools ( |
Cross-agent delegate | Ed25519-signed time-limited scope-bounded tokens |
Audit chain | Tamper-evident Ed25519 signature chain over every operation |
Zero-knowledge | Master password never persisted; KEK derived via Argon2id on demand |
Single binary |
|
5-Minute Quickstart
Install
# Option 1: download single binary (Linux x64)
curl -L https://github.com/linsipeng/agentkeychain/releases/latest/download/agentkeychain-linux-x64 -o akc
chmod +x akc
mv akc /usr/local/bin/agentkeychain
# Option 2: from source
git clone https://github.com/linsipeng/agentkeychain.git
cd agentkeychain
bun install
bun run build # produces bin/agentkeychain-binFirst-time setup
agentkeychain init
# Master password: ******** (≥8 chars, never stored)
# → vault initialized at ~/.agentkeychain/
# → default identity: ak_xxx ("default")
# → ✓ master password saved to OS keychain (you'll never be asked again)That's the only time you type the password. From now on, every
agentkeychain store / get / list / delete / audit command reads the password
transparently from your OS keychain. Zero prompts, forever.
Use the CLI
# Store an API key
agentkeychain store openai-key --value "sk-..." --scopes "openai:chat"
# Retrieve (decrypts on demand, prompted for master password)
agentkeychain get openai-key
# List (metadata only, never values)
agentkeychain list
# View audit log (Ed25519-signed entries, tamper-evident)
agentkeychain auditIssue a delegate token (cross-agent)
# Main agent issues a time-limited, scope-bounded token for a sub-agent
agentkeychain issue-token \
--sub ak_subagent_xxx \
--scopes "openai:read,cloudflare:read" \
--ttl 1h
# Output: base64url-encoded JSON to stdout — pass via env var or pipe to sub-agent
TOKEN=$(agentkeychain issue-token --sub ak_sub --scopes openai:read --ttl 30m)The sub-agent presents the token as the delegate_token argument when calling
MCP tools — verified offline against the issuer's Ed25519 public key without
touching the vault.
Use as MCP Server
Add to any MCP-compatible client (Claude Desktop, Hermes, Codex, IDE plugins):
{
"mcpServers": {
"agentkeychain": {
"command": "/usr/local/bin/agentkeychain",
"args": ["serve"]
}
}
}The server exposes 5 tools:
Tool | Description |
| Encrypt + persist a secret (returns id, never the value) |
| Decrypt + return a secret (scope-checked) |
| List secret names (no values) |
| Remove a secret |
| Read the audit log (no secret material) |
Example from an agent:
// Store
await callTool("akc_store", {
name: "openai-key",
value: "sk-...",
scope: ["openai:write"],
});
// Retrieve later (scope-checked)
const result = await callTool("akc_get", { name: "openai-key" });Commands
Command | Description |
| Initialize vault, set master password, create default identity |
| Encrypt and store a credential |
| Decrypt and return a credential |
| List all credentials (metadata only) |
| Soft-delete a credential |
| Show audit log |
| Start MCP server (stdio transport) |
| Issue a cross-agent delegate token |
| Print version |
Security model
Argon2id (memory=64 MB, iterations=3) derives a KEK from master password
XChaCha20-Poly1305 AEAD encrypts each secret independently
Ed25519 signs audit entries + delegate tokens (offline-verifiable)
Client-side only — server never sees plaintext; vault file is fully encrypted
Zero-knowledge — master password is never written to disk
See ARCHITECTURE.md for the full threat model and competitor comparison (vs 1Password / Bitwarden / Infisical agent-vault).
Development
bun install # install deps
bun test # run all tests (33 tests)
bun run lint # eslint
bun run build # single-binary compile to bin/agentkeychain-bin
bun run typecheck # tsc --noEmitCI runs on every push to main — see
.github/workflows/ci.yml.
Roadmap
Apply to MCP Registry (Claude Desktop / Hermes / Codex)
TPM-backed KEK unlock (hardware-bound master key)
agentkeychain shell— REPL for multi-command workflowsCloud sync (end-to-end encrypted, optional)
Team / enterprise: SSO + role delegation
License
MIT — see LICENSE.
Status
v0.1.0 — public alpha. Single binary works end-to-end. Breaking changes possible before v1.0.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/linsipeng/agentkeychain'
If you have feedback or need assistance with the MCP directory API, please join our Discord server