Stop accidentally committing API keys to git. Store them in macOS Keychain, populate .env files on demand.
You're building an app. You need API keys. So you do what everyone does:
# .env file
OPENAI_API_KEY=sk-abc123...
STRIPE_SECRET_KEY=sk_live_...
DATABASE_URL=postgres://user:password@...Then one day:
- You forget
.envisn't in.gitignore - You
git add .and push - Your keys are now public
- Bots scrape GitHub constantly — they find your key in minutes
- You wake up to a $10,000 AWS bill
- Or your OpenAI account is drained
- Or your database is wiped
This happens every single day to developers.
Even if you're careful:
- Keys are visible when you paste them
- Keys sit in your clipboard (easy to accidentally paste in Slack)
- Keys are stored in plain text files
- Screen sharing? Recording? Your keys are exposed.
Don't create .env files manually. Let this tool do it.
The .env file itself is standard — plain text keys, just like always. But the process of creating it is where things go wrong:
- You forget to add
.envto.gitignore - You paste keys while screen sharing
- Keys sit in your clipboard and get pasted in Slack
- You copy keys between projects and lose track
Human error is the real risk. This tool removes the opportunities to mess up:
- Keys stored in Keychain (encrypted, one source of truth)
- Keys entered with invisible paste (nothing on screen)
- Clipboard auto-cleared after storing
.envgenerated on demand and auto-added to.gitignore- Unsafe commands automatically blocked
One Keychain. Every project. Fewer ways to screw up.
A Terminal window opens with a secure prompt:
====================================
SECURE API KEY INPUT
====================================
Paste your key below (it will be invisible)
Then press ENTER
OPENAI_API_KEY: █
[SUCCESS] OPENAI_API_KEY stored in Keychain
[SUCCESS] Clipboard cleared
What happens:
- You paste your key — nothing appears on screen
- Key is encrypted and stored in macOS Keychain
- Your clipboard is cleared (can't accidentally paste elsewhere)
- The variable is cleared from memory
You never see the key. It never touches a file. It's encrypted immediately.
When you start a project that needs environment variables:
# The skill reads .env.example and pulls from Keychain
[OK] OPENAI_API_KEY
[OK] ANTHROPIC_API_KEY
[OK] DATABASE_URL
[MISSING] STRIPE_KEY # Not in Keychain yet - prompts to add
Done. .env created with secure permissions (600).The .env file is:
- Created with owner-only permissions (
chmod 600) - Automatically added to
.gitignore - Never committed to git
Your code works exactly the same:
Python:
from dotenv import load_dotenv
import os
load_dotenv()
api_key = os.environ['OPENAI_API_KEY']Node.js:
require('dotenv').config()
const apiKey = process.env.OPENAI_API_KEYThe difference: You didn't manually paste keys into a file where you might forget to gitignore it.
Every layer is protected:
| Attack Vector | Protection |
|---|---|
| Visible on screen | read -s — silent input, nothing displayed |
| Stays in memory | unset — variable cleared immediately |
| Left in clipboard | pbcopy < /dev/null — clipboard auto-cleared |
| Stored in plain text | macOS Keychain — AES-256 encryption |
| Readable by others | chmod 600 — owner-only file permissions |
| Committed to git | Auto-adds .env to .gitignore |
| In terminal history | Key never part of a command string |
| MCP server config | Direct file edit — never echoed to terminal |
WARNING: Anthropic's claude mcp add command exposes your API key!
The native claude mcp add command has a security flaw - it echoes your API key to the terminal:
# DANGEROUS - This prints your key to the terminal!
claude mcp add --transport http tally https://api.tally.so/mcp \
--header "Authorization: Bearer $TALLY_API_KEY"
# Output includes: "Authorization": "Bearer sk-actual-key-here" <-- EXPOSED!This skill fixes that. After installation:
- The unsafe command is automatically blocked by a security hook
- You use
/secretsor/add-mcpinstead - Keys are pulled from Keychain silently and written directly to config
- Keys are never echoed anywhere
> /secrets
> "Add MCP server securely"
> MCP name: tally
> MCP URL: https://api.tally.so/mcp
> Key name in Keychain: TALLY_API_KEY
> Target: claude
[SUCCESS] Added tally MCP to Claude Code
[SUCCESS] Key retrieved from Keychain (never displayed)
npm install -g no-more-leaked-keysThen run:
no-more-leaked-keysThat's it. You're protected.
git clone https://github.com/Vibe-Marketer/no-more-leaked-keys.git && cd no-more-leaked-keys && ./install.shThis installs:
- The skill (
/secrets) - The commands (
/add-mcp) - A security hook that blocks unsafe
claude mcp addcommands
Then restart Claude Code.
After installation, if anyone (you or Claude) tries to run claude mcp add with authentication headers, it gets automatically blocked:
BLOCKED: claude mcp add with auth headers exposes your API key in terminal output!
Use /secrets or /add-mcp instead - these pull keys from Keychain securely
without exposing them.
This protects you even if you forget and try to use the unsafe command.
If you prefer to install manually:
git clone https://github.com/Vibe-Marketer/no-more-leaked-keys.git
cd no-more-leaked-keys
# Install skill and commands
mkdir -p ~/.claude/skills ~/.claude/commands ~/.claude/hooks
cp -r keychain-secrets ~/.claude/skills/
cp commands/*.md ~/.claude/commands/
cp hooks/*.sh ~/.claude/hooks/
chmod +x ~/.claude/hooks/*.sh
# Then manually add the hook to ~/.claude/settings.json (see install.sh for details)Usage:
- Type
/secretsin Claude Code - Or just say "add my API key" or "set up .env"
You don't need Claude Code. Use these commands directly:
Add a key to Keychain:
echo -n "Paste API key: " && read -s K && \
security add-generic-password -a "$USER" -s "OPENAI_API_KEY" -w "$K" && \
unset K && pbcopy < /dev/null && echo -e "\nStored!"Retrieve a key:
security find-generic-password -a "$USER" -s "OPENAI_API_KEY" -wGenerate .env from Keychain:
echo "OPENAI_API_KEY=$(security find-generic-password -a "$USER" -s "OPENAI_API_KEY" -w)" > .env
chmod 600 .env
echo ".env" >> .gitignore| Method | Problem |
|---|---|
.env files |
Can be committed to git, stored in plain text |
Shell config (~/.zshrc) |
Visible in dotfiles, often synced to cloud |
| Password managers (1Password, etc.) | Requires manual copy/paste every time |
| Environment variables in CI/CD | Great for prod, but doesn't help local dev |
| macOS Keychain | Encrypted, local, scriptable, automatic |
Yes. macOS Keychain uses AES-256 encryption, the same standard used by banks and governments. Your keys are encrypted at rest and protected by your macOS login password.
If someone has your Mac AND your login password, they can access your Keychain. But at that point, they can also access everything else. Keychain is as secure as your Mac login.
Yes. Keychain integrates with biometric authentication. You may be prompted the first time an app accesses a key.
Not directly — this uses macOS Keychain. However:
- Linux: You could adapt this to use
gnome-keyringorpass - Windows: You could use Windows Credential Manager
PRs welcome for cross-platform support!
This is for local development security. For team/production secrets, use:
- 1Password / Bitwarden shared vaults
- AWS Secrets Manager
- HashiCorp Vault
- Doppler
No. You add each key once. After that, populating .env for any project takes seconds.
It's gone. Keychain doesn't have a recycle bin. You'll need to get the key again from wherever you originally got it (OpenAI dashboard, Stripe dashboard, etc.).
Yes. The .env file contains your keys in plain text — that's the industry standard and how apps read them. Every developer has plain text keys in .env files.
What this tool actually protects against:
- Accidentally committing
.envto git (auto-adds to.gitignore) - Exposing keys in terminal history (blocks unsafe commands)
- Showing keys while screen sharing (invisible paste)
- Keys visible in clipboard (auto-cleared)
What this tool does NOT do:
- Make the
.envfile encrypted or unreadable
Keychain is the secure source of truth. The .env file is just the delivery mechanism that apps expect.
no-more-leaked-keys/
├── README.md # You're reading this
├── LICENSE # Usage terms
├── install.sh # One-command installer
├── keychain-secrets/ # Claude Code skill
│ ├── SKILL.md
│ ├── workflows/
│ │ ├── add-key.md # Store keys in Keychain
│ │ ├── add-mcp.md # Securely add MCP servers
│ │ ├── list-keys.md
│ │ ├── populate-env.md
│ │ └── remove-key.md
│ └── references/
│ ├── keychain-commands.md
│ └── env-file-patterns.md
├── commands/
│ ├── secrets.md # /secrets slash command
│ └── add-mcp.md # /add-mcp slash command
├── hooks/
│ └── block-unsafe-mcp-add.sh # Security hook (blocks unsafe commands)
└── test-project/ # Example project for testing
├── .env.example
├── test-node.js
└── test-python.py
- macOS (uses Keychain and
securityCLI) - Claude Code (optional, for the skill — or use manual commands)
PRs welcome! Please ensure no actual secrets are committed (obviously).
Built by Andrew Naegele
- Community: skool.com/vibe-marketing
- Website: callvaultai.com
- X/Twitter: @andrewnaegele
- LinkedIn: linkedin.com/in/andrewnaegele
- Instagram: @andrew.naegele
- Facebook: facebook.com/andrewnaegele
See LICENSE for full terms.
TL;DR: Free to use for personal and commercial projects. Not for resale. Give credit. Star the repo.
Stop leaking keys. Start using Keychain.
If this saved you from a $10,000 mistake, consider:
- Starring this repo
- Joining the community at skool.com/vibe-marketing
- Sharing with a developer friend who needs this