A secrets vault that keeps API keys and credentials out of Claude's context window. Instead of pasting secrets into chat, Claude fetches them through MCP and they're injected into local files on your machine, never appearing in the conversation. You get tag-based access rules enforced server-side, session locks that auto-expire after inactivity, and audit logs for every access showing which model touched what and when. The onboard tool walks you through account setup and secret import in a couple minutes. Secrets are encrypted with AES-256-GCM using envelope encryption. There's a companion SDK for runtime loading in your actual applications. Useful if you're pair programming with Claude on projects that touch production systems and want granular control over what gets accessed when.
claude mcp add --transport stdio io.github.juanisidoro-securecode uvx securecode