loading…
Search for a command to run...
loading…
Secrets vault for Claude Code with audit logs, MCP access rules, and AES-256 encryption. Secrets are injected to local files so the AI never sees raw values. In
Secrets vault for Claude Code with audit logs, MCP access rules, and AES-256 encryption. Secrets are injected to local files so the AI never sees raw values. Includes session lock, device approval, and per-model access policies.
MCP Server for SecureCodeHQ. Lets Claude Code access your secrets securely without ever seeing them.
claude mcp add securecode -- npx -y @securecode/mcp-server
Then tell Claude Code:
Set up SecureCode in this project
The onboard tool walks you through account creation, secret import, and configuration. Takes about 2 minutes.
Your secrets (API keys, tokens, passwords) are encrypted with AES-256 and stored in SecureCode. Claude Code accesses them via MCP, but the actual values never appear in the chat.
When Claude reads a secret, the value is written to a local file on your machine. The AI gets the file path but never sees the raw value. This is inject mode, the default.
| Tool | What it does |
|---|---|
onboard |
Guided setup: signup, import, API key, config, SDK |
get-secret |
Get a secret (injected to file by default, reveal: true to show to AI) |
list-secrets |
List all secrets with tags and expiry status |
create-secret |
Create a new secret |
update-secret |
Update value, description, or tags |
delete-secret |
Delete a secret |
renew-secret |
Renew expired secrets or change TTL |
import-env |
Import .env via secure web window (values never pass through AI) |
export-env |
Export secrets as .env or CSV |
get-status |
Check plan, usage, and MCP server version |
wake-session |
Unlock session with optional scope and auto-sleep timer |
sleep-session |
Lock session and clean injected files |
session-status |
Check session state and time remaining |
byebye |
Lock session + clean all secrets from disk |
get-active-rules |
List active MCP access rules (read-only) |
security-check |
Post-setup security hardening checks |
help |
Docs: tools, SDK, sessions, rules, troubleshooting |
Control how AI agents access your secrets with tag-based policies. Created from the dashboard, enforced server-side.
| Action | Effect |
|---|---|
| Block Always | Secret only accessible from the dashboard |
| Require Confirmation | Agent must acknowledge before accessing |
| Require Session | Requires active session (wake-session) |
| Block Models | Only allows specific AI models |
| Notify | Sends email on access (non-blocking) |
You: "Wake my session for acme staging"
Claude: Session unlocked. Only acme/staging secrets accessible.
You: "byebye"
Claude: Session locked & secrets cleaned from disk.
Sessions auto-sleep after configurable inactivity (default: 2 hours).
reveal: true returns value to AI (audited)The companion SDK lets your app load secrets at runtime:
npm install @securecode/sdk
import { loadEnv } from '@securecode/sdk';
await loadEnv(); // all secrets loaded into process.env
MIT
Добавь это в claude_desktop_config.json и перезапусти Claude Desktop.
{
"mcpServers": {
"juanisidoro-securecode-mcp": {
"command": "npx",
"args": []
}
}
}