logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

SecureCredentialVault-macOS

A dedicated utility for safeguarding API access tokens within the secure enclave of macOS Keychain, offering a uniform retrieval mechanism via MCP calls. It centralizes sensitive credential management across disparate development contexts, enabling key fetching using conversational queries.

Author

SecureCredentialVault-macOS logo

Jktfe

No License

Quick Info

GitHub GitHub Stars 21
NPM Weekly Downloads 0
Tools 1
Last Updated 2026-02-19

Actions

GitHub View on GitHub

Tags

apisapijktfeapi keysjktfe servemyapirequests jktfe

SecureCredentialVault-macOS

smithery badge

This is a specialized Model Context Protocol (MCP) server implementation designed exclusively for the Apple macOS ecosystem. It persists confidential API credentials within the native Keychain Access utility and facilitates secure lookups through a standardized MCP interface.

CRITICAL NOTE: This utility is strictly constrained to macOS environments; compatibility with Windows or Linux operating systems is explicitly absent. Refer to the Security Considerations section for further deployment specifics.

Conceptual Overview

SecureCredentialVault-macOS empowers developers to shelter sensitive API secrets within the macOS Keychain, providing a unified protocol layer for subsequent retrieval. Key benefits include:

  • Fortified Storage: Secrets are never persisted in plain text within configuration files (e.g., .env).
  • Ubiquitous Access: Retrieve identical credentials across an organization's various software projects.
  • Natural Language Interface: Facilitates key access and inscription via intuitive, human-like commands (highly advantageous when coupled with generative models like Claude).
  • AI Provisioning: Enables direct, secure injection of necessary credentials into autonomous AI agents when service interaction is required.

Rationale: Preferring Vault Over Environment Files

Adopting this vault mechanism addresses several systemic shortcomings associated with conventional .ENV variable usage:

  1. Version Control Friction:
  2. .ENV files must be explicitly excluded from Git tracking for security hygiene (via .gitignore).
  3. This exclusion introduces an opacity layer, rendering crucial configuration inaccessible to collaborators and automated systems (LLMs).

  4. Onboarding new team members often involves debugging environment setup errors.

  5. Intelligent System Barriers:

  6. AI frameworks like Claude face inherent security restrictions preventing direct access to local file systems like .ENV.
  7. Tasks requiring external API access often mandate cumbersome manual credential passing.

  8. SecureCredentialVault-macOS permits the assistant to solicit necessary tokens via conversational prompts.

  9. Configuration Drift Management:

  10. Using .ENV typically necessitates duplicating secret values across numerous project directories.
  11. Key rotation demands synchronous modification across all these dispersed files.
  12. This tool establishes a singular, authoritative storage locus accessible universally.

This methodology synthesizes robust credential sequestration with unimpeded, intelligent access for associated tooling.

Capabilities

  • Utilization of the native macOS Keychain for cryptographic storage of secrets.
  • Provision of straightforward MCP verbs for inscription, retrieval, inventory listing, and erasure of stored credentials.
  • Inclusion of a convenient command-line interface (CLI) for direct terminal management.
  • Support for both standard I/O streams and HTTP/Server-Sent Events (SSE) communication channels.
  • Full interoperability with any client adhering to the MCP specification (e.g., Claude Desktop).

Deployment Guide

# Obtain the source repository
git clone https://github.com/yourusername/servemyapi.git
cd servemyapi

# Install dependencies
npm install

# Compile the application assets
npm run build

Operational Usage

Command Line Interface

The included CLI facilitates rapid credential administration directly within the terminal environment:

# Install the CLI tool globally
npm run build
npm link

# Display inventory of all secured tokens
api-key list

# Fetch a specific credential by its identifier
api-key get github_token

# Commit a novel credential to storage
api-key store github_token ghp_123456789abcdefg

# Purge a credential from the vault
api-key delete github_token

# Access command reference
api-key help

Activation as a Stdio Server

This method is optimal for integration with clients supporting direct process communication, such as Claude Desktop:

npm start

Activation as an HTTP Service Endpoint

For environments demanding standard network communication protocols:

node dist/server.js

This initiates the service, typically binding to port 3000 (or an alternative port defined via the PORT environment variable).

Utilizing Smithery Hosting

This functionality is also accessible as a managed endpoint via Smithery.

import { createTransport } from "@smithery/sdk/transport.js"

const transport = createTransport("https://server.smithery.ai/@Jktfe/servemyapi")

// Initialize MCP client instance
import { Client } from "@modelcontextprotocol/sdk/client/index.js"

const client = new Client({
    name: "Test client",
    version: "1.0.0"
})
await client.connect(transport)

// Engage with the server's exposed functionalities
const tools = await client.listTools()
console.log(`Discovered tools: ${tools.map(t => t.name).join(", ")}`)

For comprehensive details on interacting with the remote service, consult the Smithery API Documentation.

Configuring MCP Consumers

SecureCredentialVault-macOS functions seamlessly with any client compliant with the Model Context Protocol specification. Illustrative configuration artifacts are located within the examples subdirectory.

Integration with Claude Desktop

To enable communication with Claude Desktop:

  1. Locate or construct the Claude Desktop configuration manifest:

  2. macOS: ~/Library/Application Support/Claude/claude_desktop_config.json

  3. Inject the vault reference into the mcpServers section (refer to examples/claude_desktop_config.json for structure): json { "mcpServers": { "SecureCredentialVault": { "command": "node", "args": [ "/ABSOLUTE/PATH/TO/servemyapi/dist/index.js" ] } } }

  4. Substitute /ABSOLUTE/PATH/TO/servemyapi with the actual filesystem path to your installation.

  5. Initiate a restart of the Claude Desktop application.

Integration with Windsurf

To integrate with Windsurf:

  1. Access the Windsurf editor settings panel.
  2. Add the vault configuration mirroring the structure in examples/windsurf_config.json.
  3. Adjust path references to match your local deployment location.

Exposed MCP Operations

SecureCredentialVault-macOS furnishes the following discrete operational tools:

store-api-key

Persists a cryptographic token into the local Keychain.

Parameters: - name: The unique identifier or alias assigned to the credential. - key: The actual sensitive string value to be stored.

Example (via conversational input):

Using SecureCredentialVault, commit my API secret ABC123XYZ under the alias "Primary GitHub Access"

get-api-key

Retrieves an associated credential from secure storage.

Parameters: - name: The designated identifier for the token sought.

Example (via conversational input):

Using SecureCredentialVault, fetch the key identified as "Primary GitHub Access"

delete-api-key

Removes a specified credential from the Keychain record.

Parameters: - name: The identifier corresponding to the token targeted for removal.

Example (via conversational input):

Using SecureCredentialVault, erase the credential labeled "Primary GitHub Access"

list-api-keys

Generates an enumeration of every credential currently held in storage.

Requires zero input parameters.

Example (via conversational input):

Using SecureCredentialVault, display all my registered secrets

Security Postulations

  • All stored secrets are protected via the robust security mechanisms inherent to the macOS Keychain.
  • Access privileges are strictly scoped to the invoking user account.
  • Keychain access mandates prior user authentication confirmation.
  • No secrets are committed to plain text logs or persistent unencrypted storage.

Evolving Architecture (Roadmap)

Prospective enhancements include:

  • Source Code Analysis Module: A prospective utility capable of traversing codebases to automatically identify API endpoints, sensitive URLs, and configuration markers, subsequently suggesting appropriate Keychain aliases for registration. This would permit developers to maintain traditional .ENV workflows while ensuring credentials are simultaneously discoverable by LLMs and other authorized systems.

  • Platform Portability: Exploration into secure credential management paradigms applicable to Windows and Linux platforms to broaden the tool's usability.

  • Framework Interfacing: Development of direct integration modules for prevalent frameworks (e.g., Next.js, Express).

  • Graphical Administration Panel: Creation of a lightweight web interface for intuitive management of stored credentials.

We actively welcome feature proposals or contributions to this roadmap via issue tracking or pull requests.

Development Lifecycle

# Execute in development mode with live reloading enabled
npm run dev

# Test the CLI during active development
npm run cli list

# Run static analysis and formatting checks
npm run lint

# Compile optimized assets for production deployment
npm run build

Licensing

MIT

See Also

Accessible
Accessible PNG Icons
Man Pages
credential Man Pages
Macos
Macos PNG Icons
Claude
Claude PNG Icons
MCP
Securecredentialvault-macos Mcp
MCP
Client Mcp
Keychain
Keychain PNG Icons
Desktop
Desktop PNG Icons
Man Pages
Storage Man Pages
← Back to Apis And Http Requests🙏  Credits & Acknowledgments
`