Phantom gives Claude and other AI coding tools a secrets vault that refuses to expose real API keys. The MCP server lets agents list, rotate, and check secrets without ever seeing plaintext values. Real keys live in your OS keychain, agents see worthless phm_ tokens, and a local proxy swaps them at the network layer when your code makes actual API calls. You get phantom_doctor for diagnostics, phantom_rotate for key rotation, and phantom_sync for encrypted cloud backup. Setup writes the right config file for Claude Code, Cursor, Windsurf, or Codex. All mutating operations require an explicit confirm parameter so prompt injection can't silently delete your Stripe key. Use it when you want to hand Claude your entire codebase without also handing it your production credentials.
claude mcp add --transport stdio io.github.ashlrai-phantom-secrets-mcp uvx phantom-secrets-mcp