MCP.so
Sign In
P

Proxykey

@neostorm112-boop

About Proxykey

proxykey is a credential proxy and vault for API keys. Your real keys (OpenAI, Anthropic, Telegram, Stripe and 25+ providers) are encrypted with AES-256-GCM and never leave the server. Apps and AI agents authenticate with revocable "passes" (vlt_...) that carry per-pass IP bindin

Basic information

Category

Developer Tools

Transports

stdio

Publisher

neostorm112-boop

Submitted by

neostorm112-boop

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "proxykey": {
      "url": "https://mcp.proxykey.org/mcp",
      "headers": {
        "Authorization": "Bearer mcp_YOUR_TOKEN"
      }
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is Proxykey?

Proxykey is a credential proxy and vault for API keys. It encrypts real keys (OpenAI, Anthropic, Telegram, Stripe and 25+ providers) with AES-256-GCM, keeping them on the server. Apps and AI agents authenticate using revocable "passes" (vlt_...) with per-pass IP binding, rate limits, and full request logs. The server provides 13 tools for managing those passes.

How to use Proxykey?

Connect via Streamable HTTP to the hosted endpoint https://mcp.proxykey.org/mcp. Authenticate with a Bearer mcp_... token minted in the panel at https://app.proxykey.org. No local installation is required.

Key features of Proxykey

  • 13 tools to manage passes (list, create, update, revoke, delete, etc.)
  • Real API keys encrypted with AES-256-GCM, never exposed to agents
  • Revocable passes with per-pass IP binding and rate limits
  • Full request logs and pass statistics
  • Supports 25+ providers (OpenAI, Anthropic, Telegram, Stripe, etc.)
  • No "read the real key" tool exists — only humans can view keys in the panel

Use cases of Proxykey

  • AI agents use temporary, scoped passes to access API keys without seeing the originals
  • Revoke a leaked pass instantly without affecting the underlying API key
  • Enforce strict rate limits and IP restrictions per agent or application
  • Audit all credential usage through detailed pass logs and stats
  • Manage team credentials centrally with minimal trust exposure

FAQ from Proxykey

How does authentication work for the MCP server?

Authentication uses a Bearer mcp_... token generated in the panel at https://app.proxykey.org. This token is passed with each MCP request to the hosted endpoint.

What happens if a pass is leaked?

A leaked pass is a non-event: the wrong IP is denied, rate limits cap abuse, and revocation is one click without touching the original API key.

Can an agent read the real API key through this server?

No. The toolset does not include any "read the real key" operation — only a human can view the original key in the panel.

Which providers are supported?

Proxykey supports 25+ providers including OpenAI, Anthropic, Telegram, Stripe, and many others. The list_providers tool shows all available providers.

Where are the encrypted keys stored?

Keys are encrypted with AES-256-GCM and never leave the server. They are stored securely in the Proxykey vault, accessible only via the panel or through pass-based MCP tools.

Comments

More Developer Tools MCP servers