{"id":45155682,"url":"https://github.com/opena2a-org/secretless-ai","last_synced_at":"2026-04-12T07:13:09.567Z","repository":{"id":337380733,"uuid":"1153346935","full_name":"opena2a-org/secretless-ai","owner":"opena2a-org","description":"One command to keep secrets out of AI (LLMs). Works with Claude Code, Cursor, Copilot, Windsurf, and any AI coding tool.","archived":false,"fork":false,"pushed_at":"2026-04-01T19:32:43.000Z","size":1341,"stargazers_count":21,"open_issues_count":0,"forks_count":4,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-03T06:49:23.138Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/opena2a-org.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-09T07:35:33.000Z","updated_at":"2026-04-02T15:06:22.000Z","dependencies_parsed_at":"2026-04-02T22:00:14.995Z","dependency_job_id":null,"html_url":"https://github.com/opena2a-org/secretless-ai","commit_stats":null,"previous_names":["opena2a-org/secretless","opena2a-org/secretless-ai"],"tags_count":28,"template":false,"template_full_name":null,"purl":"pkg:github/opena2a-org/secretless-ai","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opena2a-org%2Fsecretless-ai","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opena2a-org%2Fsecretless-ai/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opena2a-org%2Fsecretless-ai/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opena2a-org%2Fsecretless-ai/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/opena2a-org","download_url":"https://codeload.github.com/opena2a-org/secretless-ai/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/opena2a-org%2Fsecretless-ai/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31707122,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-12T06:22:27.080Z","status":"ssl_error","status_checked_at":"2026-04-12T06:21:52.710Z","response_time":58,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-02-20T04:04:37.358Z","updated_at":"2026-04-12T07:13:09.544Z","avatar_url":"https://github.com/opena2a-org.png","language":"TypeScript","funding_links":[],"categories":["Secrets Management \u0026 Isolation"],"sub_categories":[],"readme":"\u003e **[OpenA2A](https://github.com/opena2a-org/opena2a)**: [CLI](https://github.com/opena2a-org/opena2a) · [HackMyAgent](https://github.com/opena2a-org/hackmyagent) · [Secretless](https://github.com/opena2a-org/secretless-ai) · [AIM](https://github.com/opena2a-org/agent-identity-management) · [Browser Guard](https://github.com/opena2a-org/AI-BrowserGuard) · [DVAA](https://github.com/opena2a-org/damn-vulnerable-ai-agent)\n# secretless-ai\n\n[![npm version](https://img.shields.io/npm/v/secretless-ai.svg)](https://www.npmjs.com/package/secretless-ai)\n[![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n[![Tests](https://img.shields.io/badge/tests-809-brightgreen)](https://github.com/opena2a-org/secretless-ai)\n\nKeep API keys and secrets invisible to AI coding tools. Works with Claude Code, Cursor, GitHub Copilot, Windsurf, Cline, and Aider.\n\n## Quick Start\n\n```bash\nnpx secretless-ai init\n```\n\n```\n  Detected:  Claude Code, Cursor\n  Protected: .env, .aws/credentials, *.key, *.pem (21 file patterns)\n  Blocked:   49 credential patterns from AI context\n  Done.      Secrets are now invisible to AI tools.\n```\n\n![Secretless AI Demo](docs/secretless-ai-demo.gif)\n\nFor a full security dashboard covering credentials, shadow AI, config integrity, and more:\n\n```bash\nnpx opena2a-cli review\n```\n\n## MCP Server Protection\n\nEvery MCP server config has plaintext API keys in JSON files on your machine. The LLM sees them. Secretless encrypts them.\n\n```bash\nnpx secretless-ai protect-mcp\n```\n\n```\n  Scanned 1 client(s)\n\n  + claude-desktop/browserbase\n      BROWSERBASE_API_KEY (encrypted)\n  + claude-desktop/github\n      GITHUB_PERSONAL_ACCESS_TOKEN (encrypted)\n  + claude-desktop/stripe\n      STRIPE_SECRET_KEY (encrypted)\n\n  3 secret(s) encrypted across 3 server(s).\n  MCP servers start normally -- no workflow changes needed.\n```\n\nScans configs across Claude Desktop, Cursor, Claude Code, VS Code, and Windsurf. Secrets move to your configured backend. Non-secret env vars (URLs, regions) stay untouched.\n\n```bash\nnpx secretless-ai protect-mcp --backend 1password  # Store MCP secrets in 1Password\nnpx secretless-ai mcp-status                       # Show which servers are protected\nnpx secretless-ai mcp-unprotect                    # Restore original configs from backup\n```\n\n## How It Works\n\n1. **Scans** your project for hardcoded credentials in config files *and* source code (49 patterns across .js, .ts, .py, .go, .java, .rb, and more)\n2. **Migrates** them to secure storage (OS keychain, 1Password, Vault, GCP Secret Manager)\n3. **Blocks** AI tools from reading credential files (21 file patterns)\n4. **Brokers** access through environment variables -- secrets never enter AI context\n\n## Use Cases\n\nStep-by-step guides for common workflows: [docs/USE-CASES.md](docs/USE-CASES.md)\n\n- [Protect My Credentials](docs/use-cases/protect-my-credentials.md) -- Keep API keys out of AI tools (2 min)\n- [Secure MCP Configs](docs/use-cases/secure-mcp-configs.md) -- Encrypt MCP server credentials (3 min)\n- [Team Setup](docs/use-cases/team-setup.md) -- Shared backend, CI/CD, onboarding (5 min)\n- [Migrate from .env](docs/use-cases/migrate-from-dotenv.md) -- Move .env files to encrypted storage (3 min)\n\n## Supported Tools\n\n| Tool | Protection Method |\n|------|------------------|\n| Claude Code | PreToolUse hook (blocks reads before they happen) + deny rules + CLAUDE.md |\n| Cursor | `.cursorrules` instructions |\n| GitHub Copilot | `.github/copilot-instructions.md` instructions |\n| Windsurf | `.windsurfrules` instructions |\n| Cline | `.clinerules` instructions |\n| Aider | `.aiderignore` file patterns |\n\nClaude Code gets the strongest protection because it supports [hooks](https://docs.anthropic.com/en/docs/claude-code/hooks) -- a shell script runs *before* every file read and blocks access at the tool level.\n\n## Storage Backends\n\n| Backend | Storage | Best For |\n|---------|---------|----------|\n| `local` | AES-256-GCM encrypted file | Quick start, single machine |\n| `keychain` | macOS Keychain / Linux Secret Service | Native OS integration |\n| `1password` | 1Password vault | Teams, CI/CD, multi-device |\n| `vault` | HashiCorp Vault KV v2 | Enterprise, self-hosted |\n| `gcp-sm` | GCP Secret Manager | GCP-native workloads |\n\n```bash\nnpx secretless-ai backend set 1password              # Switch backend\nnpx secretless-ai migrate --from local --to 1password # Migrate existing secrets\n```\n\n## NanoMind Integration\n\nOptional integration with [NanoMind](https://github.com/opena2a-org/nanomind) for enhanced security analysis:\n\n```bash\nnpm install @nanomind/guard @nanomind/engine  # Optional\n```\n\n- **MCP injection screening**: `protect-mcp` screens env var values for prompt injection patterns and warns when suspicious content is detected\n- **Rich scan explanations**: `scan --explain` generates context-aware security explanations for each finding using NanoMind's local inference engine\n\nBoth features gracefully degrade when NanoMind packages are not installed.\n\n## Using with opena2a-cli\n\n[opena2a-cli](https://github.com/opena2a-org/opena2a) unifies all OpenA2A security tools:\n\n```bash\nnpm install -g opena2a-cli\nopena2a review          # Full security dashboard\nopena2a secrets init    # Initialize secretless protection\n```\n\n## Development\n\n```bash\nnpm run build \u0026\u0026 npm test    # 809 tests\n```\n\n## License\n\nApache-2.0\n\n---\n\nPart of the [OpenA2A](https://opena2a.org) ecosystem. Full reference: [opena2a.org/docs/secretless](https://opena2a.org/docs/secretless)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopena2a-org%2Fsecretless-ai","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopena2a-org%2Fsecretless-ai","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopena2a-org%2Fsecretless-ai/lists"}