Launching today

Keyblind

Launching today

Encrypted secrets vault that blinds AI agents toyour APIkeys

5 followers

Encrypted secrets vault that blinds AI agents toyour APIkeys

5 followers

Visit website

AI coding tools read yourenv file — and secrets leak into transcripts. Keyblind encrypts API keys into a local AES-256-GCM vault and replaces them with deterministic fakes. Secrets resolve at runtime. Your AI never sees them. MCP-native, works everywhere. Encrypted secrets vault with MCP for AI agents. Secrets resolved at runtime, never leaked to LLM conversations.

Free Options

Launch tags:Open Source•Developer Tools•Security

Launch Team / Built With

Prospecting by ClarifySource leads, send outbound, grow pipeline. All in your CRM.

Promoted

Maker

📌

Hey Product Hunt! I built Keyblind after getting paranoid about AI coding tools reading my .env files. The problem: Every AI editor (Claude Code, Cursor, Copilot) reads your project files. When they read .env, your API keys end up in conversation transcripts. Researchers found 100,000+ exposed secrets in LLM logs last year. That's terrifying. Keyblind is my answer: 1. Store secrets encrypted — AES-256-GCM, key bound to your machine 2. Sandbox your .env — deterministic fakes replace real values 3. Run with confidence — `keyblind run -- npm start` injects real secrets The fakes are deterministic (HMAC-SHA256) so your git diffs stay clean. Same fake every time for the same key. Tech stack: TypeScript, SQLite (better-sqlite3), Node.js crypto. MCP protocol over stdio. Zero network, zero telemetry, zero accounts. MIT. It works with Claude Code, Cursor, Copilot, Windsurf, Cline, Zed — any editor that speaks MCP. That's the key differentiator from editor-specific alternatives. Pricing: Free tier (5 secrets, all backends). Pro ($79/year — unlimited secrets, team vaults, audit log, secret rotation, CI/CD integration, biometric gate). I launched 2 days ago and already have production users. Would love feedback from the PH community — especially on what Pro features you'd prioritize and whether you'd trust an MCP server with your secrets. Ask me anything!

Report

5d ago

Forum Threads

p/keyblind

•

10h ago

Kyblind Launched

Hi All,
***Keyblind launches in 2 hours.***
An open-source MCP server that blinds AI agents to your API keys.
Your .env file is the most dangerous file on your machine. AI coding tools read it. Those secrets end up in transcripts. 100,000+ have already been found indexed.
Keyblind encrypts your secrets (AES-256-GCM) and resolves them at runtime the AI never sees the real values.
Works with every AI editor: Claude Code, Cursor, Copilot, Windsurf, Cline, Zed.
2-minute demo dropping at launch. Here's what it covers:
- Encrypted vault setup
- .env sandbox with deterministic fakes
- AI agent sees only sandbox values
- TOTP 2FA, secret sharing, dead man's switch
- CLI pairing to web dashboard
MIT licensed. Zero network. Zero telemetry.
2 hours.
https://lnkd.in/eq82gwSY
hashtag#opensource hashtag#developers hashtag#security hashtag#mcp hashtag#devtools hashtag#launch hashtag#claudecode hashtag#cursor hashtag#copilot hashtag#windsurf hashtag#cline hashtag#zed
https://lnkd.in/eVSV-nQZ

View all