Your API keys stay in the macOS Keychain. AI agents ask for them through MCP and get the values loaded as env vars — no copy-paste, no .env files, no secrets in the context window.
Developers work with dozens of secrets across projects. The current workflow is broken.
Pasting secrets into AI chats, Slack messages, or terminal prompts. Once it's in the context, you can't take it back.
Scattered .env files across projects. Copy-pasting between them. Accidentally committing one to git. Forgetting which key goes where.
An API key expires. You find out when production breaks. No warnings, no tracking, no organization. Just surprises.
Everything you need to manage credentials without friction, and without exposing them.
Every secret retrieval requires biometric authentication. No master passwords. No unlocked vaults sitting open on your desktop.
Claude Code, Cursor, and any MCP-aware agent can call noxkey_get, noxkey_set, noxkey_show, and noxkey_scan. Values load as env vars — never into the conversation.
Press Cmd+Shift+K from any app. A floating panel appears near your cursor. Search, Touch ID, copied. Under 2 seconds.
Name credentials as org/project/KEY and they group automatically. Filter instantly. No more hunting through .env files.
Store API keys, login pairs, recovery codes, and plain secrets. Each with a dedicated form and type badge.
Set expiry dates on credentials. Get automatic warnings before they expire. Never find out from a production outage again.
Unlock a project prefix once with Touch ID. Access all credentials in that group without repeated prompts during your work session.
Copied secrets are automatically cleared from your clipboard after 30 seconds. No stale credentials in your paste buffer.
No proprietary vault. No sync servers. Everything lives in the macOS Keychain, encrypted by Apple's Secure Enclave.
Built for AI agents first, with first-class surfaces for humans too.
Claude Code and other MCP clients call noxkey_get. The value is handed over as an env var. It never enters the model's context, never hits stdout, never gets copy-pasted.
Click the menu bar icon or hit Cmd+Shift+K for the Quick Access panel. Search, authenticate with Touch ID, and the value is on your clipboard — cleared 30 seconds later.
Installs with the app. noxkey get, noxkey set, noxkey ls — for when you're already in the shell and reaching for the mouse feels wrong.
NoxKey ships with a Model Context Protocol server. Claude Code, Cursor, and any MCP-aware agent can ask for a secret — and get it — without the value ever touching the conversation.
noxkey_get, noxkey_set, noxkey_show, noxkey_scan, noxkey_admin — enough for agents to read, write, and organize secrets without ever shelling out.
The agent sources a short-lived temp file to load the value as an env var. The value is never returned in a tool result, never hits stdout, never lands in the model's context window.
The app walks the requesting process tree and knows when the caller is an agent (Claude, Cursor, Codex). Agent-mode locks down raw-value flags and enforces the handoff pattern.
One Touch ID unlocks a whole org/project prefix for the session. Long-running agent work doesn't need re-auth on every secret.
NoxKey integrates with the tools you already use, without requiring any changes.
Use in shell substitution, build scripts, and CI pipelines. Values flow to commands without appearing in logs.
Encrypted share command designed for AI. Agents get access to secrets without the raw value entering their context window.
Consistent naming conventions across your organization. Everyone uses the same paths, so scripts just work.
Yes. NoxKey is completely free. No accounts, no subscriptions, no telemetry.
No. The app has zero outbound network connections — enforced by macOS App Sandbox at the kernel level. Updates come from the Mac App Store, so NoxKey itself never phones home. Verify the isolation anytime with codesign -d --entitlements - /Applications/NoxKey.app.
Your secrets stay in the macOS Keychain. You can access them through Keychain Access or reinstall NoxKey anytime. Nothing is lost.
NoxKey requires macOS 14.0 or later with Touch ID. On Macs without Touch ID, the system falls back to your device passcode.
No. Agents receive encrypted temp files that auto-delete in 60 seconds. The raw value never enters the AI context. Commands like --raw and load are hard-blocked for agent callers.
NoxKey is built for developers and AI workflows, not browser autofill. No sync servers, no master password, no subscription. Everything stays local in the macOS Keychain.
47 .env files, duplicated keys, expired tokens, forgotten repos. I replaced them all with the macOS Keychain. Here's what changed.
Read article March 15, 2026Why we built a credential manager that lives in the macOS Keychain, protected by Touch ID, with zero outbound connections.
Read article March 7, 2026Walk up the process tree from the requesting process, identify Claude/Cursor/Codex by binary name, and switch to encrypted handoff mode.
Read articleNoxKey is live on the Mac App Store. Free, AGPL-3.0, zero outbound network.
Requires macOS 14.0 or later with Touch ID.