Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| KEYWAY_API_URL | No | Override API URL (default: https://api.keyway.sh) | https://api.keyway.sh |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| keyway_list_secrets | List all secret names in the Keyway vault for the current repository. Returns only the keys, not the values. |
| keyway_set_secret | Create or update a secret in the Keyway vault. The key must be uppercase with underscores (e.g., DATABASE_URL). |
| keyway_inject_run | Run a command with Keyway secrets injected as environment variables. Secrets are only available to this command. |
| keyway_list_environments | List available environments for the current repository vault. |
| keyway_scan | Scan the codebase for potential secret leaks. Detects AWS keys, GitHub tokens, Stripe keys, private keys, and more. |
| keyway_diff | Compare secrets between two environments to find differences. |
| keyway_generate | Generate a secure secret and store it directly in the vault. The value is never exposed in the conversation. |
| keyway_validate | Validate that required secrets exist in an environment. Useful for pre-deployment checks. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |