You've probably leaked an API key to an LLM at some point. This stops that by encrypting secrets in a local SQLite vault and only resolving them at runtime through MCP tools, so the plaintext never hits the conversation transcript. The 16 tools cover the full lifecycle: store, resolve, list, delete, plus sandbox mode that swaps your .env for deterministic fakes before AI agents can read it. It also handles TOTP codes, encrypted share links, and can gate access behind Touch ID. Works with Claude, Cursor, Windsurf, and anything else that speaks MCP. Free tier gives you 5 secrets locally, Pro unlocks unlimited plus team vaults and audit logs.
claude mcp add --transport stdio aarifmms-keyblind uvx keyblind