PAL - Project API Locker

PAL - Project API Locker

Enables secure API key management for development projects by storing keys in OS keychains, auto-generating .env files and SDK client code, and providing AI-assisted key management through Claude Code integration.

Category
访问服务器

README

PAL - Project API Locker

Cross-platform API key management for developers. Secure, local, integrated with Claude Code.

PAL manages your API keys securely using your OS keychain, auto-generates .env files, creates SDK client code, and integrates with Claude Code via MCP.

Features

  • Secure Storage: Keys stored in OS keychain (macOS Keychain, Windows Credential Manager) or AES-256-GCM encrypted fallback
  • Zero Plain Text: API keys never stored in plain text files
  • Auto Generation: Creates .env files and SDK client code
  • Framework Detection: Automatically detects Next.js, Express, TypeScript, etc.
  • Claude Code Integration: MCP server for AI-assisted key management
  • Multi-Provider: OpenAI, Anthropic, Stripe, Twilio, SendGrid, Supabase, Firebase, AWS, and custom

Quick Start

# Install globally
npm install -g @pal/cli

# Initialize in your project
cd your-project
pal init

# Add an API (securely stores the key)
pal add-api openai

# Generate .env and client code
pal generate

# Check health
pal doctor

Commands

pal init

Initialize PAL in your project. Detects framework, creates pal.config.json.

pal init

pal add-api [provider]

Add an API service. Securely stores the key in your OS keychain.

pal add-api openai
pal add-api stripe --env-var STRIPE_KEY
pal add-api anthropic --id claude-api

Supported Providers:

  • openai - OpenAI API
  • anthropic - Anthropic Claude API
  • stripe - Stripe payments
  • twilio - Twilio SMS/Voice
  • sendgrid - SendGrid email
  • resend - Resend email
  • supabase - Supabase backend
  • firebase - Firebase/Google Cloud
  • aws - AWS services
  • custom - Any custom API

pal generate

Generate .env file and SDK client code from stored keys.

pal generate
pal generate --dry-run  # Preview without writing

pal scan

Scan project for API usage and suggest missing configurations.

pal scan

pal doctor

Health check for PAL configuration.

pal doctor

MCP Server (Claude Code Integration)

PAL includes an MCP server for integration with Claude Code.

Setup

Add to your Claude Code MCP config:

{
  "mcpServers": {
    "pal": {
      "command": "npx",
      "args": ["@pal/mcp-server"]
    }
  }
}

MCP Tools

Tool Description
list_projects List all PAL-registered projects
inspect_project Get project details, services, env status
add_api_to_project Add API service programmatically
generate_client_snippets Get integration code for services
summarize_env_state Health check for env/keystore

Example Usage in Claude Code

"Add OpenAI to my current project with this API key: sk-..."
"Show me the status of API keys in /path/to/project"
"Generate the client code for Stripe in my project"

Security

Key Storage Priority

  1. OS Keychain (recommended): Uses keytar for native keychain access

    • macOS: Keychain Access
    • Windows: Credential Manager
    • Linux: libsecret

  2. Encrypted File (fallback): AES-256-GCM encrypted JSON file

    • Location: ~/.pal/keystore.enc
    • Encryption key derived from machine-specific data

Best Practices

  • Never commit .env files (PAL auto-adds to .gitignore)
  • Use OS keychain when available (install keytar)
  • Run pal doctor to verify security setup
  • Rotate keys periodically

Configuration

pal.config.json

{
  "projectName": "my-app",
  "language": "node",
  "framework": "nextjs",
  "envFile": ".env.local",
  "services": [
    {
      "id": "openai",
      "provider": "openai",
      "envVarKey": "OPENAI_API_KEY",
      "scopes": ["chat", "embeddings"]
    }
  ]
}

Framework Detection

PAL automatically detects:

  • Next.js: Uses .env.local
  • Express: Standard .env
  • TypeScript: Generates .ts files
  • Package Manager: npm, yarn, pnpm, bun

Packages

Package Description
@pal/core Core library (types, keystore, codegen)
@pal/cli Command-line interface
@pal/mcp-server MCP server for Claude Code

Development

# Clone the repo
git clone https://github.com/your-username/pal-mcp.git
cd pal-mcp

# Install dependencies
pnpm install

# Build all packages
pnpm build

# Run CLI locally
pnpm --filter @pal/cli start -- init

Examples

See the examples/ directory:

  • basic-node-openai/ - Simple Node.js + OpenAI example

License

MIT

Built for developers who value security and speed.

推荐服务器

Baidu Map

Baidu Map

百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。

官方
精选
JavaScript
Playwright MCP Server

Playwright MCP Server

一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。

官方
精选
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。

官方
精选
本地
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。

官方
精选
本地
TypeScript
VeyraX

VeyraX

一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。

官方
精选
本地
graphlit-mcp-server

graphlit-mcp-server

模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。

官方
精选
TypeScript
Kagi MCP Server

Kagi MCP Server

一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。

官方
精选
Python
e2b-mcp-server

e2b-mcp-server

使用 MCP 通过 e2b 运行代码。

官方
精选
Neon MCP Server

Neon MCP Server

用于与 Neon 管理 API 和数据库交互的 MCP 服务器

官方
精选
Exa MCP Server

Exa MCP Server

模型上下文协议(MCP)服务器允许像 Claude 这样的 AI 助手使用 Exa AI 搜索 API 进行网络搜索。这种设置允许 AI 模型以安全和受控的方式获取实时的网络信息。

官方
精选