Keygate — Zero-Trust Credential Gateway for AI Agents. Securely expose API credentials to AI through the MCP protocol and local proxy — passwords never enter the LLM context.
- 🔐 AES-256-GCM Encryption: Industry-grade encryption standard, keys stored in OS Keychain
- 🤖 MCP Server: Seamless integration with Claude Code and other AI Agents
- 🔄 Proxy Mode: Local reverse proxy automatically replaces credentials, AI only sees aliases
- 🖥️ CLI Tool: Complete command-line password management interface
- 🔌 Plugin System: Support for custom Provider plugins
- 📝 Audit Logs: Complete password access audit trail
curl -fsSL https://raw.githubusercontent.com/cm8421/keygate/main/scripts/install.sh | bashAfter installation, the service will start automatically and be configured for auto-start on boot.
# Install dependencies npm install # Build npm run build # Initialize vault kg init # Install auto-start service kg service install # Configure Providers kg setup
# Interactive wizard (recommended) kg setup # Or manual add kg add deepseek.com --provider deepseek --alias "pm-deepseek" -p "sk-api-key"
# Check status kg status # Start/stop service kg service start kg service stop # View logs kg service logs -f # Upgrade kg upgrade
Core Security Guarantee: AI Agent only holds the alias (e.g., pm-deepseek), real credentials are automatically replaced at the Proxy layer and never enter the LLM context.
Keygate acts as an MCP Server, collaborating with Claude Code and other AI Agents.
| Tool | Description | Sensitive |
|---|---|---|
list_passwords |
List password entries (metadata only) | No |
get_password |
Get proxy config (alias + proxy URL) | No |
Say to Claude Code:
"Help me call the DeepSeek API"
Claude Code automatically:
- Calls
list_passwordsto find entries - Calls
get_password({domain: "deepseek.com"}) - Receives response:
{ "success": true, "alias": "pm-deepseek", "proxyUrl": "http://localhost:3198/deepseek", "message": "Set SDK baseURL to proxy URL, apiKey to alias" } - Configure SDK:
const client = new DeepSeek({ baseURL: 'http://localhost:3198/deepseek', apiKey: 'pm-deepseek' });
- Proxy automatically replaces alias → real credential → forwards to DeepSeek API
In Claude Code's MCP configuration:
{
"mcpServers": {
"keygate": {
"command": "node",
"args": ["/path/to/keygate/dist/mcp/server.js"]
}
}
}Config file location: ~/.claude.json
kg init
# Interactive input kg add deepseek.com -n "DeepSeek" -u "user@example.com" # Pass password directly kg add deepseek.com -n "DeepSeek" -p "sk-api-key" # Configure proxy mode kg add deepseek.com \ --name "DeepSeek" \ --alias "pm-deepseek" \ --password "sk-api-key" \ --upstream "https://api.deepseek.com" \ --proxy-path "/deepseek"
# List all kg list # Search kg list -s "github" # Filter by tag kg list --tag "work"
# Get password (hidden by default) kg get deepseek.com # Show password kg get deepseek.com --show
# Interactive confirmation kg delete <entry-id> # Force delete kg delete <entry-id> -f
kg proxy
# [proxy] credential proxy listening on http://127.0.0.1:3198kg proxy-logs
kg proxy-logs --tail 100
kg proxy-logs --filter "502"Built-in configurations for 9 mainstream AI providers, ready to use out of the box:
| Provider | Domain | Proxy Path |
|---|---|---|
| DeepSeek | deepseek.com | /deepseek |
| Zhipu GLM | open.bigmodel.cn | /zhipu, /zhipu-coding |
| Qwen | dashscope.aliyuncs.com | /qwen, /qwen-coding |
| Kimi | api.moonshot.ai | /moonshot, /moonshot-coding |
| Doubao | ark.cn-beijing.volces.com | /doubao |
| MiniMax | api.minimaxi.com | /minimax, /minimax-coding |
| StepFun | api.stepfun.com | /stepfun |
Support for custom Provider plugins. Create ~/.keygate/plugins/custom.mjs:
export default { proxyPath: '/custom', resolveUpstream(path) { return 'https://api.custom-provider.com'; }, injectCredential(headers, credential) { headers['X-API-Key'] = credential; } };
| Component | What It Sees |
|---|---|
| AI Agent | alias (e.g., pm-deepseek) + proxy URL |
| Proxy Server | Real credential (in memory, not logged) |
| Upstream API | Real credential |
| LLM Context | alias (meaningless string) |
| Property | Value |
|---|---|
| Algorithm | AES-256-GCM |
| Key Source | 32 bytes random key |
| Key Storage | OS Keychain (keytar) |
| IV Length | 96 bits (12 bytes) |
| Auth Tag | 128 bits (16 bytes) |
- Window: 60 seconds
- Max failures: 10 per window
- Exceeded response: HTTP 429
All requests logged to SQLite:
- Timestamp
- Method/Path
- Alias
- Status code
- Routing layer (plugin/preset/database)
- Latency
npm test # Run all tests npm run test:unit # Unit tests npm run test:integration # Integration tests npm run test:proxy # Proxy server tests npm run test:mcp # MCP server tests
npm run typecheck
npm run dev # Watch mode compilationsrc/
├── core/
│ ├── crypto.ts # AES-256-GCM encryption
│ ├── store.ts # SQLite storage
│ ├── vault.ts # Vault logic
│ ├── keychain.ts # OS Keychain wrapper
│ └── session.ts # Session Token management
├── mcp/
│ ├── server.ts # MCP server
│ └── tools/ # MCP tool implementations
├── proxy/
│ ├── server.ts # Proxy server
│ ├── plugin-loader.ts # Plugin loader
│ └── request-log.ts # Request logging
├── providers/
│ └── index.ts # Provider Presets
├── utils/
│ └── header-parser.ts # HTTP Header parsing
├── types/ # TypeScript type definitions
├── cli.ts # CLI entry
└── index.ts # Exports
| Document | Description |
|---|---|
| USER_GUIDE_EN.md | User Guide |
| API_REFERENCE_EN.md | API Reference |
| TROUBLESHOOTING_EN.md | Troubleshooting Guide |
| PLUGIN_DEVELOPMENT.md | Plugin Development Guide (AI Coding) |
MIT