aarifmms/keyblind
Keyblind — Blind AI to Your Keys
Encrypted secrets vault with MCP for AI agents. Secrets resolved at runtime, never leaked to LLM conversations.
Why
Developers regularly leak API keys, passwords, and tokens to AI coding tools. 100,000+ LLM conversations with exposed secrets were found indexed by search engines in 2025.
AI agents read your .env files. They copy-paste secrets into conversations. They commit them accidentally. Keyblind stops this by keeping secrets encrypted at rest and resolving them at runtime — the plaintext value never touches the LLM transcript.
How It Works
┌──────────┐ ┌────────────────┐ ┌─────────────────┐
│ AI Agent │ ──→ │ Keyblind MCP │ ──→ │ Encrypted │
│ (Claude) │ │ Server │ │ SQLite Vault │
│ │ ←── │ (6 tools) │ ←── │ (AES-256-GCM) │
└──────────┘ └────────────────┘ └─────────────────┘
↑ │
│ secret value never appears │ secrets never
│ in conversation transcript │ stored in plaintextQuick Start
# Install
npm i -g keyblind
# Initialize your vault
keyblind init
# Store secrets
echo "sk-proj-abc123" | keyblind set OPENAI_API_KEY
keyblind set DATABASE_URL - # prompts securely
# Sandbox your .env (AI agents see fakes)
keyblind sandbox
# Resolve a secret
keyblind get OPENAI_API_KEY
# Run commands with secrets injected as env vars
keyblind run -- npm start
# List all secrets (names only)
keyblind listMCP Server
Keyblind is MCP-first — it works with every AI tool that speaks the Model Context Protocol:
Claude Code — add to .mcp.json:
{
"mcpServers": {
"keyblind": {
"command": "npx",
"args": ["keyblind", "start"]
}
}
}Cursor, Windsurf, Copilot, Cline, Zed — any MCP-compatible editor.
MCP Tools
Tool | Description |
| Resolve a secret at runtime (value hidden from transcript) |
| Encrypt and store a secret |
| List secret names (values never revealed) |
| Replace |
| Restore real |
| Delete a secret |
Backends
Keyblind supports multiple secret backends:
keyblind backends # List available backends
keyblind backend 1password # Switch to 1Password
keyblind backend bitwarden # Switch to BitwardenBackend | Read | Write | Requires |
local (default) | ✓ | ✓ | Nothing |
1password | ✓ | ✓ |
|
bitwarden | ✓ | — |
|
env | ✓ | — | Nothing |
Keyblind vs Cloak
Keyblind | Cloak | |
Protocol | MCP (all editors) | VS Code extension only |
Storage | AES-256-GCM SQLite | AES-256-GCM file |
Backends | Local, 1Password, Bitwarden, Env | Local only |
Sandbox | Deterministic HMAC fakes | AES-256-GCM encrypted |
Touch ID | ✓ (macOS biometric gate) | ✓ |
CI/CD |
| — |
Network | Zero (fully local) | Zero |
License | MIT | Proprietary |
Security
AES-256-GCM encryption with PBKDF2 key derivation (600K iterations)
Machine-identity-bound key — encryption key XOR-wrapped with machine fingerprint
Zero network, zero telemetry — no cloud, no accounts, no analytics
Vault stored at
~/.keyblind/with0700permissionsDeterministic sandbox fakes using HMAC-SHA256 per project + key name
CLI Reference
keyblind init Initialize the encrypted vault
keyblind set <name> Store a secret (value from stdin)
keyblind set <name> - Store a secret (prompts securely)
keyblind get <name> Resolve and print a secret
keyblind list List all stored secrets
keyblind delete <name> Delete a secret
keyblind sandbox [.env] Replace .env with deterministic fakes
keyblind unsandbox [.env] Restore real .env values
keyblind run <command...> Run command with secrets as env vars
keyblind start Start MCP server (for AI agents)
keyblind backends List available backends
keyblind backend <name> Switch backendDevelopment
git clone https://github.com/aarifmms/keyblind.git
cd keyblind
npm install
npm run build # Compile TypeScript
npm test # Run tests
npm run dev # Watch modeLicense
MIT
Maintenance
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/aarifmms/keyblind'
If you have feedback or need assistance with the MCP directory API, please join our Discord server