Proxykey
@neostorm112-boop
About Proxykey
proxykey is a credential proxy and vault for API keys. Your real keys (OpenAI, Anthropic, Telegram, Stripe and 25+ providers) are encrypted with AES-256-GCM and never leave the server. Apps and AI agents authenticate with revocable "passes" (vlt_...) that carry per-pass IP bindin
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"proxykey": {
"url": "https://mcp.proxykey.org/mcp",
"headers": {
"Authorization": "Bearer mcp_YOUR_TOKEN"
}
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Proxykey?
Proxykey is a credential proxy and vault for API keys. It encrypts real keys (OpenAI, Anthropic, Telegram, Stripe and 25+ providers) with AES-256-GCM, keeping them on the server. Apps and AI agents authenticate using revocable "passes" (vlt_...) with per-pass IP binding, rate limits, and full request logs. The server provides 13 tools for managing those passes.
How to use Proxykey?
Connect via Streamable HTTP to the hosted endpoint https://mcp.proxykey.org/mcp. Authenticate with a Bearer mcp_... token minted in the panel at https://app.proxykey.org. No local installation is required.
Key features of Proxykey
- 13 tools to manage passes (list, create, update, revoke, delete, etc.)
- Real API keys encrypted with AES-256-GCM, never exposed to agents
- Revocable passes with per-pass IP binding and rate limits
- Full request logs and pass statistics
- Supports 25+ providers (OpenAI, Anthropic, Telegram, Stripe, etc.)
- No "read the real key" tool exists — only humans can view keys in the panel
Use cases of Proxykey
- AI agents use temporary, scoped passes to access API keys without seeing the originals
- Revoke a leaked pass instantly without affecting the underlying API key
- Enforce strict rate limits and IP restrictions per agent or application
- Audit all credential usage through detailed pass logs and stats
- Manage team credentials centrally with minimal trust exposure
FAQ from Proxykey
How does authentication work for the MCP server?
Authentication uses a Bearer mcp_... token generated in the panel at https://app.proxykey.org. This token is passed with each MCP request to the hosted endpoint.
What happens if a pass is leaked?
A leaked pass is a non-event: the wrong IP is denied, rate limits cap abuse, and revocation is one click without touching the original API key.
Can an agent read the real API key through this server?
No. The toolset does not include any "read the real key" operation — only a human can view the original key in the panel.
Which providers are supported?
Proxykey supports 25+ providers including OpenAI, Anthropic, Telegram, Stripe, and many others. The list_providers tool shows all available providers.
Where are the encrypted keys stored?
Keys are encrypted with AES-256-GCM and never leave the server. They are stored securely in the Proxykey vault, accessible only via the panel or through pass-based MCP tools.
More Developer Tools MCP servers
mcp-excalidraw
yctimlinMCP server and Claude Code skill for Excalidraw — programmatic canvas toolkit to create, edit, and export diagrams via AI agents with real-time canvas sync.
MCP-Scan: An MCP Security Scanner
invariantlabs-aiSecurity scanner for AI agents, MCP servers and agent skills.
Hello World MCP Server (Reference Extension)
anthropicsDesktop Extensions: One-click local MCP server installation in desktop apps
test
cloudwegoThe ultimate LLM/AI application development framework in Go.
Code Index MCP
johnhuang316A Model Context Protocol (MCP) server that helps large language models index, search, and analyze code repositories with minimal setup
Comments