Proxykey
@neostorm112-boop
About Proxykey
proxykey is a credential proxy and vault for API keys. Your real keys (OpenAI, Anthropic, Telegram, Stripe and 25+ providers) are encrypted with AES-256-GCM and never leave the server. Apps and AI agents authenticate with revocable "passes" (vlt_...) that carry per-pass IP bindin
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"proxykey": {
"url": "https://mcp.proxykey.org/mcp",
"headers": {
"Authorization": "Bearer mcp_YOUR_TOKEN"
}
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Proxykey?
Proxykey is a credential proxy and vault for API keys. It encrypts real keys (OpenAI, Anthropic, Telegram, Stripe and 25+ providers) with AES-256-GCM, keeping them on the server. Apps and AI agents authenticate using revocable "passes" (vlt_...) with per-pass IP binding, rate limits, and full request logs. The server provides 13 tools for managing those passes.
How to use Proxykey?
Connect via Streamable HTTP to the hosted endpoint https://mcp.proxykey.org/mcp. Authenticate with a Bearer mcp_... token minted in the panel at https://app.proxykey.org. No local installation is required.
Key features of Proxykey
- 13 tools to manage passes (list, create, update, revoke, delete, etc.)
- Real API keys encrypted with AES-256-GCM, never exposed to agents
- Revocable passes with per-pass IP binding and rate limits
- Full request logs and pass statistics
- Supports 25+ providers (OpenAI, Anthropic, Telegram, Stripe, etc.)
- No "read the real key" tool exists — only humans can view keys in the panel
Use cases of Proxykey
- AI agents use temporary, scoped passes to access API keys without seeing the originals
- Revoke a leaked pass instantly without affecting the underlying API key
- Enforce strict rate limits and IP restrictions per agent or application
- Audit all credential usage through detailed pass logs and stats
- Manage team credentials centrally with minimal trust exposure
FAQ from Proxykey
How does authentication work for the MCP server?
Authentication uses a Bearer mcp_... token generated in the panel at https://app.proxykey.org. This token is passed with each MCP request to the hosted endpoint.
What happens if a pass is leaked?
A leaked pass is a non-event: the wrong IP is denied, rate limits cap abuse, and revocation is one click without touching the original API key.
Can an agent read the real API key through this server?
No. The toolset does not include any "read the real key" operation — only a human can view the original key in the panel.
Which providers are supported?
Proxykey supports 25+ providers including OpenAI, Anthropic, Telegram, Stripe, and many others. The list_providers tool shows all available providers.
Where are the encrypted keys stored?
Keys are encrypted with AES-256-GCM and never leave the server. They are stored securely in the Proxykey vault, accessible only via the panel or through pass-based MCP tools.
More Developer Tools MCP servers
JetBrains MCP Proxy Server
JetBrainsA model context protocol server to work with JetBrains IDEs: IntelliJ, PyCharm, WebStorm, etc. Also, works with Android Studio
Serena
oraiosA powerful MCP toolkit for coding, providing semantic retrieval and editing capabilities - the IDE for your agent
MCP Inspector
modelcontextprotocolVisual testing tool for MCP servers
MCP Containers
metorialConnect any AI model to 1200+ integrations (MCP, CLI, API)
FastAPI-MCP
tadata-orgExpose your FastAPI endpoints as Model Context Protocol (MCP) tools, with Auth!
Comments