Cross-platform API key management for developers. Secure, local, integrated with Claude Code.
PAL manages your API keys securely using your OS keychain, auto-generates .env files, creates SDK client code, and integrates with Claude Code via MCP.
- Secure Storage: Keys stored in OS keychain (macOS Keychain, Windows Credential Manager) or AES-256-GCM encrypted fallback
- Zero Plain Text: API keys never stored in plain text files
- Auto Generation: Creates
.envfiles and SDK client code - Framework Detection: Automatically detects Next.js, Express, TypeScript, etc.
- Claude Code Integration: MCP server for AI-assisted key management
- Multi-Provider: OpenAI, Anthropic, Stripe, Twilio, SendGrid, Supabase, Firebase, AWS, and custom
# Install globally npm install -g @pal/cli # Initialize in your project cd your-project pal init # Add an API (securely stores the key) pal add-api openai # Generate .env and client code pal generate # Check health pal doctor
Initialize PAL in your project. Detects framework, creates pal.config.json.
pal init
Add an API service. Securely stores the key in your OS keychain.
pal add-api openai pal add-api stripe --env-var STRIPE_KEY pal add-api anthropic --id claude-api
Supported Providers:
openai- OpenAI APIanthropic- Anthropic Claude APIstripe- Stripe paymentstwilio- Twilio SMS/Voicesendgrid- SendGrid emailresend- Resend emailsupabase- Supabase backendfirebase- Firebase/Google Cloudaws- AWS servicescustom- Any custom API
Generate .env file and SDK client code from stored keys.
pal generate
pal generate --dry-run # Preview without writingScan project for API usage and suggest missing configurations.
pal scan
Health check for PAL configuration.
pal doctor
PAL includes an MCP server for integration with Claude Code.
Add to your Claude Code MCP config:
{
"mcpServers": {
"pal": {
"command": "npx",
"args": ["@pal/mcp-server"]
}
}
}| Tool | Description |
|---|---|
list_projects |
List all PAL-registered projects |
inspect_project |
Get project details, services, env status |
add_api_to_project |
Add API service programmatically |
generate_client_snippets |
Get integration code for services |
summarize_env_state |
Health check for env/keystore |
"Add OpenAI to my current project with this API key: sk-..."
"Show me the status of API keys in /path/to/project"
"Generate the client code for Stripe in my project"
-
OS Keychain (recommended): Uses
keytarfor native keychain access- macOS: Keychain Access
- Windows: Credential Manager
- Linux: libsecret
-
Encrypted File (fallback): AES-256-GCM encrypted JSON file
- Location:
~/.pal/keystore.enc - Encryption key derived from machine-specific data
- Location:
- Never commit
.envfiles (PAL auto-adds to.gitignore) - Use OS keychain when available (install
keytar) - Run
pal doctorto verify security setup - Rotate keys periodically
{
"projectName": "my-app",
"language": "node",
"framework": "nextjs",
"envFile": ".env.local",
"services": [
{
"id": "openai",
"provider": "openai",
"envVarKey": "OPENAI_API_KEY",
"scopes": ["chat", "embeddings"]
}
]
}PAL automatically detects:
- Next.js: Uses
.env.local - Express: Standard
.env - TypeScript: Generates
.tsfiles - Package Manager: npm, yarn, pnpm, bun
| Package | Description |
|---|---|
@pal/core |
Core library (types, keystore, codegen) |
@pal/cli |
Command-line interface |
@pal/mcp-server |
MCP server for Claude Code |
# Clone the repo git clone https://github.com/your-username/pal-mcp.git cd pal-mcp # Install dependencies pnpm install # Build all packages pnpm build # Run CLI locally pnpm --filter @pal/cli start -- init
See the examples/ directory:
basic-node-openai/- Simple Node.js + OpenAI example
MIT
Built for developers who value security and speed.