Keygate — Zero-Trust Credential Gateway for AI Agents. Securely expose API credentials to AI through the MCP protocol and local proxy — passwords never enter the LLM context.
- 🔐 AES-256-GCM Encryption: Industry-grade encryption standard, keys stored in OS Keychain
- 🤖 MCP Server: Seamless integration with Claude Code and other AI Agents
- 🔄 Proxy Mode: Local reverse proxy automatically replaces credentials, AI only sees aliases
- 🖥️ CLI Tool: Complete command-line password management interface
- 🔌 Plugin System: Support for custom Provider plugins
- 📝 Audit Logs: Complete password access audit trail
curl -fsSL https://raw.githubusercontent.com/cm8421/keygate/main/scripts/install.sh | bashAfter installation, the service will start automatically and be configured for auto-start on boot.
# Install dependencies
npm install
# Build
npm run build
# Initialize vault
kg init
# Install auto-start service
kg service install
# Configure Providers
kg setup# Interactive wizard (recommended)
kg setup
# Or manual add
kg add deepseek.com --provider deepseek --alias "pm-deepseek" -p "sk-api-key"# Check status
kg status
# Start/stop service
kg service start
kg service stop
# View logs
kg service logs -f
# Upgrade
kg upgrade
Core Security Guarantee: AI Agent only holds the alias (e.g., pm-deepseek), real credentials are automatically replaced at the Proxy layer and never enter the LLM context.
Keygate acts as an MCP Server, collaborating with Claude Code and other AI Agents.
| Tool | Description | Sensitive |
|---|---|---|
list_passwords |
List password entries (metadata only) | No |
get_password |
Get proxy config (alias + proxy URL) | No |
Say to Claude Code:
"Help me call the DeepSeek API"
Claude Code automatically:
- Calls
list_passwordsto find entries - Calls
get_password({domain: "deepseek.com"}) - Receives response:
{ "success": true, "alias": "pm-deepseek", "proxyUrl": "http://localhost:3198/deepseek", "message": "Set SDK baseURL to proxy URL, apiKey to alias" } - Configure SDK:
const client = new DeepSeek({ baseURL: 'http://localhost:3198/deepseek', apiKey: 'pm-deepseek' });
- Proxy automatically replaces alias → real credential → forwards to DeepSeek API
In Claude Code's MCP configuration:
{
"mcpServers": {
"keygate": {
"command": "node",
"args": ["/path/to/keygate/dist/mcp/server.js"]
}
}
}Config file location: ~/.claude.json
kg init# Interactive input
kg add deepseek.com -n "DeepSeek" -u "user@example.com"
# Pass password directly
kg add deepseek.com -n "DeepSeek" -p "sk-api-key"
# Configure proxy mode
kg add deepseek.com \
--name "DeepSeek" \
--alias "pm-deepseek" \
--password "sk-api-key" \
--upstream "https://api.deepseek.com" \
--proxy-path "/deepseek"# List all
kg list
# Search
kg list -s "github"
# Filter by tag
kg list --tag "work"# Get password (hidden by default)
kg get deepseek.com
# Show password
kg get deepseek.com --show# Interactive confirmation
kg delete <entry-id>
# Force delete
kg delete <entry-id> -fkg proxy
# [proxy] credential proxy listening on http://127.0.0.1:3198kg proxy-logs
kg proxy-logs --tail 100
kg proxy-logs --filter "502"Built-in configurations for 9 mainstream AI providers, ready to use out of the box:
| Provider | Domain | Proxy Path |
|---|---|---|
| DeepSeek | deepseek.com | /deepseek |
| Zhipu GLM | open.bigmodel.cn | /zhipu, /zhipu-coding |
| Qwen | dashscope.aliyuncs.com | /qwen, /qwen-coding |
| Kimi | api.moonshot.ai | /moonshot, /moonshot-coding |
| Doubao | ark.cn-beijing.volces.com | /doubao |
| MiniMax | api.minimaxi.com | /minimax, /minimax-coding |
| StepFun | api.stepfun.com | /stepfun |
Support for custom Provider plugins. Create ~/.keygate/plugins/custom.mjs:
export default {
proxyPath: '/custom',
resolveUpstream(path) {
return 'https://api.custom-provider.com';
},
injectCredential(headers, credential) {
headers['X-API-Key'] = credential;
}
};| Component | What It Sees |
|---|---|
| AI Agent | alias (e.g., pm-deepseek) + proxy URL |
| Proxy Server | Real credential (in memory, not logged) |
| Upstream API | Real credential |
| LLM Context | alias (meaningless string) |
| Property | Value |
|---|---|
| Algorithm | AES-256-GCM |
| Key Source | 32 bytes random key |
| Key Storage | OS Keychain (keytar) |
| IV Length | 96 bits (12 bytes) |
| Auth Tag | 128 bits (16 bytes) |
- Window: 60 seconds
- Max failures: 10 per window
- Exceeded response: HTTP 429
All requests logged to SQLite:
- Timestamp
- Method/Path
- Alias
- Status code
- Routing layer (plugin/preset/database)
- Latency
npm test # Run all tests
npm run test:unit # Unit tests
npm run test:integration # Integration tests
npm run test:proxy # Proxy server tests
npm run test:mcp # MCP server testsnpm run typechecknpm run dev # Watch mode compilationsrc/
├── core/
│ ├── crypto.ts # AES-256-GCM encryption
│ ├── store.ts # SQLite storage
│ ├── vault.ts # Vault logic
│ ├── keychain.ts # OS Keychain wrapper
│ └── session.ts # Session Token management
├── mcp/
│ ├── server.ts # MCP server
│ └── tools/ # MCP tool implementations
├── proxy/
│ ├── server.ts # Proxy server
│ ├── plugin-loader.ts # Plugin loader
│ └── request-log.ts # Request logging
├── providers/
│ └── index.ts # Provider Presets
├── utils/
│ └── header-parser.ts # HTTP Header parsing
├── types/ # TypeScript type definitions
├── cli.ts # CLI entry
└── index.ts # Exports
| Document | Description |
|---|---|
| USER_GUIDE_EN.md | User Guide |
| API_REFERENCE_EN.md | API Reference |
| TROUBLESHOOTING_EN.md | Troubleshooting Guide |
| PLUGIN_DEVELOPMENT.md | Plugin Development Guide (AI Coding) |
MIT