alban

keychains.dev - Give AI access to 6754+ APIs with zero credentials exposed

by
Keychains.dev is a secure credential proxy for AI agents. Use "keychains curl" as a drop-in for curl — just replace hard-coded credentials with template variables like {{GITHUB_TOKEN}}. Keychains injects real credentials server-side. Your agent never sees raw secrets — immune to prompt injection by design. Users approve each permission with one click and can revoke access anytime. Full audit trail. Works with 11,000+ API providers (OAuth, API keys, basic auth).

Add a comment

Replies

Best
alban
Hunter
📌
Hey Product Hunt! Happy to be hunting Keychains.dev today. **Clawbot** and **OpenClaw** are incredible tools for giving AI agents real-world capabilities. But they both share the same concern: **"Wait, the agent has my raw API keys?"** Prompt injection, leaked context windows, malicious plugins — once your credentials are in an agent's memory, you've lost control. A lot of people hold back from adopting agentic workflows because of this. **Keychains.dev** solves exactly this problem with an elegant approach: Your agent uses `keychains curl` instead of `curl`. Instead of hard-coding secrets, you use template variables like `{{GITHUB_TOKEN}}`. Keychains injects the real credentials **server-side** — the agent never sees them. If you've been building with AI agents but felt uneasy about the security side, this is the missing piece. It's the kind of trust layer that makes the whole agentic ecosystem viable. Give it a try — would love to hear what you think!
Elior

Huge congrats on launch! Love the secure proxy model and zero‑secret agent design.

Severin Marcombes

Thanks @elior_1 !

Curious Kitty
How do you think about trust and privacy tradeoffs in the proxy layer—what data must you see to inject auth and provide an audit trail, and what design choices let teams keep request/response bodies out of your infrastructure?
Severin Marcombes

@curiouskitty That's a great question. Got the same feedback from a few users past Wednesday. What I did for now is that I split the credentials pipeline from the data pipeline and open sourced the proxy so you can deploy your own proxy as a user. I called it "Satellite proxy" --> you host your own copy of our proxy on Vercel, it's the only one seeing request bodies and response data, and it calls keychains.dev only to resolve credentials.

I imagine I could do the same kind of trick to let you store your own API keys (except OAuth) so they never touch our servers.
If you have better ideas on this I'd love to implement them!

Baptiste

good luck with your launch ! @severin__

Severin Marcombes

Thank you @baptiste1 !

Jade D

Nice product ! Keep building

Severin Marcombes

@dagher_jade Thanks!

Brian Cohen

This is a great idea. Have you thought about expanding it to also support traditional website passwords, so agents couldn’t access those either? Curious whether you see this eventually replacing tools like 1Password, or staying focused purely on developer/API secrets.

Severin Marcombes

@bricohen I'd love to do websites passwords. A bit more tricky though.
IMHO the next step could be to offer website owners a SDK as simple to use as Clerk (and if possible, compatible) to offer safe agent-oriented login in browser --> would love to work on that!

Severin Marcombes

Thanks @albn !

I've made keychains.dev to be able to use the limitless power of AI agents like OpenClaw, without having afterthoughts about if it's properly keeping my passwords and credentials safe.

Feels more safer now.
@community I'd love your feedback on it. Let's make agents safe!