keynv: Runtime Text-Surface Protection for AI Coding Workflows

Overview

keynv is a self-hosted, local-first tool designed to protect secrets in AI coding workflows. It addresses the critical issue of AI agents such as Claude Code and Cursor leaking sensitive credentials like API keys, database passwords, and tokens into transcripts, shell history, and terminal output. Unlike traditional secrets managers, keynv focuses on runtime text-surface protection, ensuring that secrets are never exposed to AI agents or stored in plain text on the developer's machine.

Benefits

keynv does not replace existing secrets management tools like Vault, Doppler, or 1Password. Instead, it complements them by adding a safety layer that prevents secrets from leaking during active development and AI agent sessions. Its primary goal is to ensure that while developers and AI agents can access necessary credentials, the actual values never appear in logs, history files, or AI transcripts. The tool uses an alias-first resolution system where developers and AI agents reference secrets using aliases rather than raw values. When a command is executed, keynv resolves the alias to the actual secret value within a privileged subprocess. This subprocess is isolated from the AI agent's process tree, ensuring the agent only sees the alias literal, not the real secret. The tool also monitors and cleans all text surfaces where secrets might leak, including shell history files, AI agent transcripts, editor logs, terminal output, and CI logs. It implements a five-row, project-scoped permission matrix with roles like Owner, Admin, Team Lead, Developer, and Reader to manage access control effectively.

Use Cases

keynv is ideal for developers and teams who use AI agents in their daily coding workflows. It can be used to scan the system for potential secret leaks without modifying any files using the keynv doctor command. Users can atomically rewrite files to remove detected secrets while creating backups before any changes using the keynv scrub command. The tool installs a shell hook for zsh, bash, or fish that scrubs secret-shaped substrings before they are written to shell history, preventing new leaks from occurring in the first place. It runs a daemon that monitors live AI agent sessions and editor logs in real time, scrubbing secrets as they appear. Developers can wrap commands with keynv exec to resolve aliases and execute them in an isolated subprocess, ensuring that even if the AI agent references a secret, the actual value is never exposed to it. The tool works with common AI agents like Claude Code and Cursor and development tools like npm, pytest, and Next.js.

Pricing

Pricing details are not available for keynv as it is currently in early development and designed for self-hosting.

Vibes

Public reception and reviews are not available as the project is in early development and pre-1.0 status.

Additional Information

keynv is currently in early development with unstable schemas and APIs. Versioning may change without backward compatibility. The project does not handle enterprise SSO, SCIM, federation, or compliance theater. It is not a replacement for secrets managers. Planned features include MCP capability tokens, first-class agent integrations, and a commercial cloud option with advanced modules like SSO, HSM, and SIEM. The CLI is built with Bun, while the server uses Node 20+. The tool uses TypeScript, Bun, Node 20+, Hono, SQLite, Drizzle, and libsodium for its stack. Encryption uses KEK/DEK split with libsodium primitives for secure storage. An audit trail logs every secret resolution and scrubbing event for compliance and debugging. A self-hosted server option may be available in the future.