Keep Secrets Out of AI.
Store Them Securely.

Block credentials from AI context windows. Store secrets in encrypted backends. Protect MCP server configs. One command to set up, zero dependencies.

View on GitHub View on npm

terminal

$ npx secretless-ai init

  Secretless v0.8.0
  Keeping secrets out of AI

  Detected:
    + Claude Code
    + Cursor

  Configured:
    * Claude Code
    * Cursor

  Created:
    + .claude/hooks/secretless-guard.sh
    + CLAUDE.md

  Modified:
    ~ .claude/settings.json
    ~ .cursorrules

  Done. Secrets are now blocked from AI context.

The Problem

Without Secretless

AI reads .env files with API keys
Credentials sent to remote AI APIs
SSH keys, cloud creds exposed in context
AI suggests hardcoded secrets in code

With Secretless

Secret files blocked before AI reads them
Credentials never enter the context window
Bash commands that dump secrets are blocked
AI uses environment variable references instead

How It Works

Secretless auto-detects your AI tools, blocks secret access, stores credentials in encrypted backends, and injects them at runtime.

Detect

Scans your project for AI tool config files. Finds .claude/, .cursorrules, .aider.conf.yml, and more.

Configure

Installs tool-specific protections. Hooks for Claude Code, instruction files for Cursor and Copilot, ignore patterns for Aider.

Store

Secrets go into encrypted backends: local AES-256-GCM, OS keychain, or 1Password. Never in .env files or shell profiles.

Inject

At runtime, secrets are injected into process memory as environment variables. AI sees the output but never the secret values.

Secret Storage Backends

Choose where secrets are stored. All backends encrypt at rest. Secrets exist only in the backend and get injected into process memory at runtime.

Local

Default

AES-256-GCM encrypted file on disk. No external dependencies. Works everywhere Node.js runs.

Zero setup

Single machine

Filesystem auth

OS Keychain

macOS + Linux

macOS Keychain or Linux Secret Service. Hardware-backed encryption on Apple Silicon. OS login auth.

OS-level encryption

Device-local sync

OS login auth

1Password

Recommended for teams

Dedicated vault via the op CLI. Biometric unlock (Touch ID). Service accounts for CI/CD. Cross-device sync.

Biometric auth

Cross-device sync

CI/CD via service accounts

terminal

$ npx secretless-ai backend set 1password

  Backend set to 1password

$ npx secretless-ai migrate --from local --to 1password

  Migrating 4 secrets from local to 1password...
  Done. All secrets migrated.

Secret Management

Store, list, and inject secrets without exposing them to AI tools. Import from .env files or set them individually.

Store and list secrets

$ npx secretless-ai secret set STRIPE_KEY=sk_live_...
  Stored STRIPE_KEY

$ npx secretless-ai secret list
  ANTHROPIC_API_KEY
  OPENAI_API_KEY
  STRIPE_KEY
  DATABASE_URL

Inject at runtime

# Inject all secrets into a command
$ npx secretless-ai run -- npm test

# Inject only specific keys
$ npx secretless-ai run --only STRIPE_KEY -- npm start

# Import from existing .env files
$ npx secretless-ai import --detect
  Found .env (4 secrets)
  Found .env.local (2 secrets)
  Imported 6 secrets.

MCP Secret Protection

Every MCP server config has plaintext API keys in JSON files. The LLM sees them. Secretless encrypts them.

Encrypt MCP secrets

$ npx secretless-ai protect-mcp

  Secretless MCP Protection

  Scanned 1 client(s)

  + claude-desktop/browserbase
      BROWSERBASE_API_KEY (encrypted)
  + claude-desktop/github
      GITHUB_PERSONAL_ACCESS_TOKEN (encrypted)
  + claude-desktop/stripe
      STRIPE_SECRET_KEY (encrypted)

  3 secret(s) encrypted across 3 server(s).

Before: plaintext keys in JSON

{
  "mcpServers": {
    "stripe": {
      "command": "npx",
      "args": ["-y", "@stripe/mcp"],
      "env": {
        "STRIPE_SECRET_KEY": "sk_live_51Hx..."
      }
    }
  }
}

After: encrypted, injected at runtime

{
  "mcpServers": {
    "stripe": {
      "command": "secretless-mcp",
      "args": ["npx", "-y", "@stripe/mcp"],
      "env": {}
    }
  }
}

AI-Safe Guard

When an AI tool tries to read a secret value, secretless detects the non-interactive context and blocks output.

AI tool runs this command

$ npx secretless-ai secret get STRIPE_KEY

  secretless: Blocked
  Secret values cannot be read in non-interactive contexts.
  AI tools capture stdout, which would expose the
  secret in their context.

  To inject secrets into a command:
    npx secretless-ai run -- <command>

Direct terminal access (human) works normally. The guard detects non-interactive execution — which is how AI tools run commands — and refuses to output secret values.

Supported AI Tools

Tool	Protection Method	Strength
Claude Code	`PreToolUse hook + deny rules + instructions`	Strongest
Cursor	`.cursorrules instructions`	Good
GitHub Copilot	`.github/copilot-instructions.md`	Good
Windsurf	`.windsurfrules instructions`	Good
Cline	`.clinerules instructions`	Good
Aider	`.aiderignore patterns`	Good

Claude Code gets the strongest protection because it supports hooks — a shell script runs before every file read and blocks access at the tool level.

What Gets Blocked

File Patterns (20+)

Environment files

.env, .env.*, .env.local, .env.production

Private keys

*.key, *.pem, *.p12, *.pfx, *.crt

Cloud credentials

.aws/credentials, .ssh/*, .docker/config.json

Package auth

.npmrc, .pypirc, .git-credentials

Infrastructure

*.tfstate, *.tfvars

Secret directories

secrets/, credentials/

Credential Patterns (49)

Anthropic API keys

OpenAI keys (project + legacy)

AWS access keys + secret keys

GitHub PATs (classic + fine-grained)

Slack tokens (bot, user, webhook)

Google API keys + OAuth secrets

Stripe live + test keys

SendGrid keys

Supabase service + anon keys

Azure keys + connection strings

GitLab tokens (personal, project, group)

Twilio account SID + auth token

Mailgun API keys

MongoDB connection URIs

JWTs and bearer tokens

And 34 more patterns...

Git Protection

Pre-commit hook scans staged files for secrets before they enter git history. Catches what .gitignore misses.

terminal

$ npx secretless-ai hook install
  Installed pre-commit hook.

$ npx secretless-ai hook status
  Pre-commit hook: installed
  Patterns: 49 credential patterns active

Runtime dependencies

461

Tests

Credential patterns

Storage backends

AI tools supported

Get started in 10 seconds

npx secretless-ai init

GitHub npm

Keep Secrets Out of AI.Store Them Securely.

The Problem

Without Secretless

With Secretless

How It Works

Detect

Configure

Store

Inject

Secret Storage Backends

Local

OS Keychain

1Password

Secret Management

Store and list secrets

Inject at runtime

MCP Secret Protection

Encrypt MCP secrets

Before: plaintext keys in JSON

After: encrypted, injected at runtime

AI-Safe Guard

Supported AI Tools

What Gets Blocked

File Patterns (20+)

Credential Patterns (49)

Git Protection

Get started in 10 seconds

Keep Secrets Out of AI.
Store Them Securely.