README.md
Secure secrets management for LLMs to execute CLI commands with credentials.
A secure secrets management server that enables LLMs to execute CLI commands using injected credentials while protecting sensitive data through output redaction and user-approved session permissions. It features an encrypted vault, secret capture from command outputs, and a macOS menu bar app for native notifications and dialogs.
Tools (3)
execute_commandExecute a CLI command with injected credentials and output redaction.store_secretStore a sensitive value in the encrypted vault.list_secretsList the names of all stored secrets in the vault.Configuration
claude_desktop_config.json
{"mcpServers":{"mcp-secrets":{"command":"npx","args":["-y","@henghonglee/mcp-secrets"],"env":{}}}}Try it
→Store my AWS_SECRET_ACCESS_KEY in the vault.
→Run the 'aws s3 ls' command using my stored AWS credentials.
→List all the secret keys currently stored in my encrypted vault.
→Execute a shell script that requires my database password without exposing it in the logs.