{"slug": "keyblind-encrypted-secrets-vault-that-hides-api-keys-from-ai-agents", "title": "Keyblind – encrypted secrets vault that hides API keys from AI agents", "summary": "Keyblind launched an encrypted secrets vault that prevents AI agents from exposing API keys, passwords, and tokens during coding sessions. The tool resolves secrets at runtime so plaintext values never appear in LLM conversation transcripts, addressing the 100,000+ leaked credentials found indexed by search engines in 2025. Keyblind integrates with any MCP-compatible editor including Claude Code, Cursor, and Copilot, and supports local SQLite, 1Password, and Bitwarden backends with zero network traffic.", "body_md": "**Encrypted secrets vault with MCP for AI agents. Secrets resolved at runtime, never leaked to LLM conversations.**\n\nDevelopers regularly leak API keys, passwords, and tokens to AI coding tools. 100,000+ LLM conversations with exposed secrets were found indexed by search engines in 2025.\n\nAI agents read your `.env`\n\nfiles. They copy-paste secrets into conversations. They commit them accidentally. Keyblind stops this by keeping secrets encrypted at rest and resolving them *at runtime* — the plaintext value never touches the LLM transcript.\n\n```\n┌──────────┐ ┌────────────────┐ ┌─────────────────┐\n│ AI Agent │ ──→ │ Keyblind MCP │ ──→ │ Encrypted │\n│ (Claude) │ │ Server │ │ SQLite Vault │\n│ │ ←── │ (6 tools) │ ←── │ (AES-256-GCM) │\n└──────────┘ └────────────────┘ └─────────────────┘\n ↑ │\n │ secret value never appears │ secrets never\n │ in conversation transcript │ stored in plaintext\n# Install\nnpm i -g keyblind\n\n# Initialize your vault\nkeyblind init\n\n# Store secrets\necho \"sk-proj-abc123\" | keyblind set OPENAI_API_KEY\nkeyblind set DATABASE_URL - # prompts securely\n\n# Sandbox your .env (AI agents see fakes)\nkeyblind sandbox\n\n# Resolve a secret\nkeyblind get OPENAI_API_KEY\n\n# Run commands with secrets injected as env vars\nkeyblind run -- npm start\n\n# List all secrets (names only)\nkeyblind list\n```\n\nKeyblind is **MCP-first** — it works with every AI tool that speaks the Model Context Protocol:\n\n**Claude Code** — add to `.mcp.json`\n\n:\n\n```\n{\n \"mcpServers\": {\n \"keyblind\": {\n \"command\": \"npx\",\n \"args\": [\"keyblind\", \"start\"]\n }\n }\n}\n```\n\n**Cursor, Windsurf, Copilot, Cline, Zed** — any MCP-compatible editor.\n\n| Tool | Description |\n|---|---|\n`resolve_secret` |\nResolve a secret at runtime (value hidden from transcript) |\n`store_secret` |\nEncrypt and store a secret |\n`list_secrets` |\nList secret names (values never revealed) |\n`sandbox_env` |\nReplace `.env` values with deterministic fakes |\n`unsandbox_env` |\nRestore real `.env` values from vault |\n`delete_secret` |\nDelete a secret |\n\nKeyblind supports multiple secret backends:\n\n```\nkeyblind backends # List available backends\nkeyblind backend 1password # Switch to 1Password\nkeyblind backend bitwarden # Switch to Bitwarden\n```\n\n| Backend | Read | Write | Requires |\n|---|---|---|---|\nlocal (default) |\n✓ | ✓ | Nothing |\n1password |\n✓ | ✓ | `op` CLI |\nbitwarden |\n✓ | — | `bw` CLI |\nenv |\n✓ | — | Nothing |\n\n| Keyblind | Cloak | |\n|---|---|---|\nProtocol |\nMCP (all editors) | VS Code extension only |\nStorage |\nAES-256-GCM SQLite | AES-256-GCM file |\nBackends |\nLocal, 1Password, Bitwarden, Env | Local only |\nSandbox |\nDeterministic HMAC fakes | AES-256-GCM encrypted |\nTouch ID |\n✓ (macOS biometric gate) | ✓ |\nCI/CD |\n`keyblind run` for env injection |\n— |\nNetwork |\nZero (fully local) | Zero |\nLicense |\nMIT | Proprietary |\n\n**AES-256-GCM** encryption with PBKDF2 key derivation (600K iterations)**Machine-identity-bound key**— encryption key XOR-wrapped with machine fingerprint** Zero network, zero telemetry**— no cloud, no accounts, no analytics** Vault stored at**with`~/.keyblind/`\n\n`0700`\n\npermissions**Deterministic sandbox fakes** using HMAC-SHA256 per project + key name\n\n```\nkeyblind init Initialize the encrypted vault\nkeyblind set Store a secret (value from stdin)\nkeyblind set - Store a secret (prompts securely)\nkeyblind get Resolve and print a secret\nkeyblind list List all stored secrets\nkeyblind delete Delete a secret\nkeyblind sandbox [.env] Replace .env with deterministic fakes\nkeyblind unsandbox [.env] Restore real .env values\nkeyblind run Run command with secrets as env vars\nkeyblind start Start MCP server (for AI agents)\nkeyblind backends List available backends\nkeyblind backend Switch backend\ngit clone https://github.com/aarifmms/keyblind.git\ncd keyblind\nnpm install\nnpm run build # Compile TypeScript\nnpm test # Run tests\nnpm run dev # Watch mode\n```\n\nMIT", "url": "https://wpnews.pro/news/keyblind-encrypted-secrets-vault-that-hides-api-keys-from-ai-agents", "canonical_source": "https://github.com/aarifmms/keyblind", "published_at": "2026-05-26 22:47:33+00:00", "updated_at": "2026-05-26 23:08:01.843521+00:00", "lang": "en", "topics": ["ai-safety", "ai-tools", "ai-agents", "ai-infrastructure", "ai-products"], "entities": ["Keyblind", "Claude", "MCP", "SQLite", "AES-256-GCM"], "alternates": {"html": "https://wpnews.pro/news/keyblind-encrypted-secrets-vault-that-hides-api-keys-from-ai-agents", "markdown": "https://wpnews.pro/news/keyblind-encrypted-secrets-vault-that-hides-api-keys-from-ai-agents.md", "text": "https://wpnews.pro/news/keyblind-encrypted-secrets-vault-that-hides-api-keys-from-ai-agents.txt", "jsonld": "https://wpnews.pro/news/keyblind-encrypted-secrets-vault-that-hides-api-keys-from-ai-agents.jsonld"}}