<div align="center">

Keyway MCP Server

Let AI manage your secrets securely

Keyway is a GitHub-native secrets manager. This MCP server lets AI assistants like Claude securely access your secrets without ever exposing them in conversation.

Installation · Tools · Security · Development

</div>

---

Why Keyway MCP?

Traditional secret management with AI is risky: copying secrets into chat exposes them in logs and context. Keyway MCP solves this:

Without Keyway	With Keyway MCP
Copy secrets into chat	Secrets stay in vault
Visible in conversation history	Never exposed to AI
Manual secret creation	Generate securely, never exposed
Hope AI doesn't leak them	Cryptographically protected

Key features:

• Zero exposure — Generate, validate, and use secrets without the AI ever seeing them
• Pre-deployment validation — Check all required secrets exist before shipping
• Secret scanning — Detect leaked credentials in your codebase
• Environment diffing — Compare secrets across dev/staging/prod

---

Quick Install

Prerequisites

First, authenticate with Keyway CLI:

npx @keywaysh/cli login

Claude Code

claude mcp add keyway -- npx @keywaysh/mcp

VS Code / Cursor

code --add-mcp '{"name":"keyway","command":"npx","args":["-y","@keywaysh/mcp"]}'

Or click: Install in VS Code

Other IDEs

<details> <summary><b>Windsurf</b></summary>

Add to your MCP config:

{
  "mcpServers": {
    "keyway": {
      "command": "npx",
      "args": ["-y", "@keywaysh/mcp"]
    }
  }
}

</details>

<details> <summary><b>Warp</b></summary>

Settings → AI → Manage MCP Servers → Add:

{
  "mcpServers": {
    "keyway": {
      "command": "npx",
      "args": ["-y", "@keywaysh/mcp"]
    }
  }
}

</details>

<details> <summary><b>GitHub Copilot</b></summary>

/mcp add

Then enter npx -y @keywaysh/mcp when prompted. </details>

<details> <summary><b>Goose</b></summary>

Advanced settings → Extensions → Add custom extension

Select STDIO type, command: npx -y @keywaysh/mcp </details>

---

Available Tools

keyway_generate

Generate secure secrets and store them directly in the vault. The value is never exposed to the AI.

"Generate a new JWT secret for production"

{
  "name": "JWT_SECRET",
  "type": "jwt-secret",
  "environment": "production"
}

Types: password | uuid | api-key | jwt-secret | hex | base64

Response:

{
  "success": true,
  "action": "created",
  "name": "JWT_SECRET",
  "type": "jwt-secret",
  "length": 43,
  "preview": "eyJh**********************************MDkz",
  "message": "Secret created. The actual value was never exposed in this conversation."
}

---

keyway_validate

Validate required secrets exist before deployment. Supports auto-detection from code.

"Check if production has all required secrets"

{
  "environment": "production",
  "required": ["DATABASE_URL", "STRIPE_SECRET_KEY", "JWT_SECRET"]
}

Or auto-detect from your codebase:

{
  "environment": "production",
  "autoDetect": true
}

Response:

{
  "valid": false,
  "missing": ["STRIPE_SECRET_KEY"],
  "present": ["DATABASE_URL", "JWT_SECRET"],
  "stats": {
    "requiredCount": 3,
    "presentCount": 2,
    "coverage": "66.7%"
  },
  "message": "✗ Missing 1 required secret in production: STRIPE_SECRET_KEY"
}

---

keyway_scan

Scan your codebase for leaked secrets. Detects 18+ secret types.

"Scan the codebase for leaked credentials"

{
  "path": "./src"
}

Detects: AWS keys, GitHub tokens, Stripe keys, Slack webhooks, private keys, and more.

Response:

{
  "filesScanned": 142,
  "findingsCount": 2,
  "findings": [
    {
      "file": "src/config.ts",
      "line": 23,
      "type": "GitHub PAT",
      "preview": "ghp_********************************xyz"
    }
  ]
}

---

keyway_diff

Compare secrets between environments.

"What's different between staging and production?"

{
  "env1": "staging",
  "env2": "production"
}

Response:

{
  "onlyInEnv1": ["DEBUG_MODE"],
  "onlyInEnv2": ["REDIS_CLUSTER_URL"],
  "different": [
    {
      "key": "DATABASE_URL",
      "preview1": "**st (45 chars)",
      "preview2": "**db (52 chars)"
    }
  ],
  "same": ["API_KEY", "JWT_SECRET"],
  "stats": {
    "totalEnv1": 10,
    "totalEnv2": 11,
    "different": 1
  }
}

---

keyway_inject_run

Run commands with secrets injected as environment variables.

"Run the test suite with production secrets"

{
  "command": "npm",
  "args": ["test"],
  "environment": "production"
}

Secrets are injected into the command's environment and masked in any output.

---

keyway_list_secrets

List secret names (not values) in an environment.

{
  "environment": "production"
}

---

keyway_set_secret

Create or update a secret manually.

{
  "name": "WEBHOOK_URL",
  "value": "https://hooks.example.com/abc123",
  "environment": "production"
}

---

keyway_list_environments

List available environments for the repository.

---

Security

Keyway MCP is designed with security as the primary concern:

Feature	How it works
Token encryption	Uses AES-256-GCM, same as Keyway CLI
No secret logging	Values never appear in logs or output
Output masking	inject_run redacts secrets from stdout/stderr
Shell injection prevention	Commands run with shell: false
File permissions	Validates ~/.keyway/.key is 0600
Generate, don't expose	keyway_generate creates secrets without revealing them

What the AI can see

Tool	AI sees value?
keyway_generate	No — only masked preview
keyway_validate	No — only key names
keyway_scan	No — only masked previews
keyway_diff	No — only masked previews
keyway_inject_run	No — values masked in output
keyway_list_secrets	No — only key names
keyway_set_secret	Yes — value provided by user

---

Development

# Install dependencies
pnpm install

# Run in development
pnpm dev

# Build
pnpm build

# Run tests
pnpm test

# Lint & format
pnpm lint
pnpm format

Environment Variables

Variable	Description
KEYWAY_API_URL	Override API URL (default: https://api.keyway.sh)

---

License

MIT — see LICENSE

---

<div align="center">

keyway.sh · Built for developers who care about security

</div>