Keyway

Provides a secure MCP interface for AI to access Keyway secrets without exposing values, with pre-deployment checks and secret scanning.
  • typescript

0

GitHub Stars

typescript

Language

3 months ago

First Indexed

3 weeks ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "keywaysh-keyway-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "@keywaysh/mcp"
      ]
    }
  }
}

Keyway MCP Server provides a secure bridge for AI assistants to access secrets stored in Keyway without exposing them in conversations. It enables zero-exposure generation and validation of secrets, pre-deployment checks, secret scanning, and environment comparison, helping you keep secrets safe while integrating AI workflows.

How to use

Use this MCP server to connect your AI assistant to Keyway vaults. It runs locally as a standard MCP service and interacts with your secret vault while ensuring that secret values never appear in AI prompts, logs, or outputs. You can generate secrets, validate that required secrets exist before deployment, scan code for leaked credentials, compare secrets across environments, and inject secrets into commands for automated workflows.

How to install

Prerequisites: you should have Node.js and npm installed on your computer.

  1. Authenticate with the Keyway CLI.

  2. Install and run the MCP server as part of your AI tooling setup.

Security

Keyway MCP emphasizes secrecy by encrypting tokens with AES-256-GCM, masking outputs, and preventing shell injection. Secrets are stored securely in the vault and are never exposed to AI during normal operation.

Development

For development, install dependencies, run the development server, build, and test as you would with any Node.js project. Follow standard practices for linting and formatting to keep the codebase healthy.

Available tools

keyway_generate

Generate a new secret of a specified type (password, uuid, api-key, jwt-secret, hex, or base64) and store it securely in the vault. The value is never exposed to the AI.

keyway_validate

Check that all required secrets exist for a given environment, with optional auto-detection from code to determine needed secrets.

keyway_scan

Scan the codebase to detect leaked credentials across multiple secret types and report findings without exposing secret values.

keyway_diff

Compare secrets between two environments to identify differences and common keys.

keyway_inject_run

Run commands with secrets injected into the environment. Secrets are masked in command output.

keyway_list_secrets

List secret names for a given environment without revealing their values.

keyway_set_secret

Create or update a secret manually for a specific environment.

keyway_list_environments

List all available environments for the repository.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational