# Keyblind – encrypted secrets vault that hides API keys from AI agents > Source: > Published: 2026-05-26 22:47:33+00:00 **Encrypted secrets vault with MCP for AI agents. Secrets resolved at runtime, never leaked to LLM conversations.** Developers regularly leak API keys, passwords, and tokens to AI coding tools. 100,000+ LLM conversations with exposed secrets were found indexed by search engines in 2025. AI agents read your `.env` files. They copy-paste secrets into conversations. They commit them accidentally. Keyblind stops this by keeping secrets encrypted at rest and resolving them *at runtime* — the plaintext value never touches the LLM transcript. ``` ┌──────────┐ ┌────────────────┐ ┌─────────────────┐ │ AI Agent │ ──→ │ Keyblind MCP │ ──→ │ Encrypted │ │ (Claude) │ │ Server │ │ SQLite Vault │ │ │ ←── │ (6 tools) │ ←── │ (AES-256-GCM) │ └──────────┘ └────────────────┘ └─────────────────┘ ↑ │ │ secret value never appears │ secrets never │ in conversation transcript │ stored in plaintext # Install npm i -g keyblind # Initialize your vault keyblind init # Store secrets echo "sk-proj-abc123" | keyblind set OPENAI_API_KEY keyblind set DATABASE_URL - # prompts securely # Sandbox your .env (AI agents see fakes) keyblind sandbox # Resolve a secret keyblind get OPENAI_API_KEY # Run commands with secrets injected as env vars keyblind run -- npm start # List all secrets (names only) keyblind list ``` Keyblind is **MCP-first** — it works with every AI tool that speaks the Model Context Protocol: **Claude Code** — add to `.mcp.json` : ``` { "mcpServers": { "keyblind": { "command": "npx", "args": ["keyblind", "start"] } } } ``` **Cursor, Windsurf, Copilot, Cline, Zed** — any MCP-compatible editor. | Tool | Description | |---|---| `resolve_secret` | Resolve a secret at runtime (value hidden from transcript) | `store_secret` | Encrypt and store a secret | `list_secrets` | List secret names (values never revealed) | `sandbox_env` | Replace `.env` values with deterministic fakes | `unsandbox_env` | Restore real `.env` values from vault | `delete_secret` | Delete a secret | Keyblind supports multiple secret backends: ``` keyblind backends # List available backends keyblind backend 1password # Switch to 1Password keyblind backend bitwarden # Switch to Bitwarden ``` | Backend | Read | Write | Requires | |---|---|---|---| local (default) | ✓ | ✓ | Nothing | 1password | ✓ | ✓ | `op` CLI | bitwarden | ✓ | — | `bw` CLI | env | ✓ | — | Nothing | | Keyblind | Cloak | | |---|---|---| Protocol | MCP (all editors) | VS Code extension only | Storage | AES-256-GCM SQLite | AES-256-GCM file | Backends | Local, 1Password, Bitwarden, Env | Local only | Sandbox | Deterministic HMAC fakes | AES-256-GCM encrypted | Touch ID | ✓ (macOS biometric gate) | ✓ | CI/CD | `keyblind run` for env injection | — | Network | Zero (fully local) | Zero | License | MIT | Proprietary | **AES-256-GCM** encryption with PBKDF2 key derivation (600K iterations)**Machine-identity-bound key**— encryption key XOR-wrapped with machine fingerprint** Zero network, zero telemetry**— no cloud, no accounts, no analytics** Vault stored at**with`~/.keyblind/` `0700` permissions**Deterministic sandbox fakes** using HMAC-SHA256 per project + key name ``` keyblind init Initialize the encrypted vault keyblind set Store a secret (value from stdin) keyblind set - Store a secret (prompts securely) keyblind get Resolve and print a secret keyblind list List all stored secrets keyblind delete Delete a secret keyblind sandbox [.env] Replace .env with deterministic fakes keyblind unsandbox [.env] Restore real .env values keyblind run Run command with secrets as env vars keyblind start Start MCP server (for AI agents) keyblind backends List available backends keyblind backend Switch backend git clone https://github.com/aarifmms/keyblind.git cd keyblind npm install npm run build # Compile TypeScript npm test # Run tests npm run dev # Watch mode ``` MIT