mxkey

Welcome

A bash CLI that puts dev secrets in macOS Keychain — designed so your agent can use them without ever seeing the value.

mxkey is a single bash script that stores dev secrets (API keys, tokens, 2FA recovery codes) in the macOS Keychain that ships with your Mac. Commands that need a secret get it injected as an environment variable; the value never touches .env files, shell history, or any chat conversation.

What's here

  • Install — install the CLI and the bundled agent skill
  • Quickstart — save a secret, run a command with it, all in three lines
  • CLI reference — every subcommand with its flags
  • Concepts — naming convention, project groups, how the Keychain wrapper actually works
  • Agent skill — how Claude Code, Cursor, and Codex use mxkey on your behalf
  • Security — what mxkey protects against and what it doesn't
  • Troubleshooting — common errors and fixes

At a glance

brew install bonnard-data/mxkey/mxkey   # install
mxkey set api.openai OPENAI_API_KEY     # save (hidden prompt)
mxkey run api.openai -- curl https://api.openai.com/v1/models    # use

Single bash script. Wraps /usr/bin/security. Zero dependencies beyond what ships with macOS.

Source

Releases

Install

Install the mxkey CLI on macOS, plus the bundled agent skill for Claude Code, Cursor, and Codex.

On this page

What's hereAt a glance