Stop pasting API keys into AI chat. kv encrypts secrets with ChaCha20-Poly1305 and lets your AI editor use them safely through MCP — without ever seeing the values.
$ pip install kv-secrets $ kv init kv — initialized Master key .secrets/key (DO NOT COMMIT) $ kv set API_KEY=sk-live-abc123 set API_KEY (dev) [encrypted] $ kv setup cursor MCP configured for Cursor Your AI agent can now run code with secrets — without seeing them.
pip install kv-secrets
kv init
Create encrypted store
kv set KEY=VALUE
Encrypt a secret
kv setup cursor
Connect to your AI editor
One command connects kv to Cursor, Claude Code, or VS Code. Your AI agent runs code with secrets injected — without ever seeing the values.
ChaCha20-Poly1305 AEAD with 256-bit keys. The same cipher trusted by WireGuard and TLS 1.3. Authenticated encryption detects any tampering.
Control what your AI can do. Safe: list + run. Mutate: store secrets. Reveal: read values. You decide the permissions.
Encrypted .enc files live in git. Key names and values are both encrypted. Only the master key stays local.
dev, staging, prod — each with isolated derived keys via BLAKE2b. Switch environments in one command.
Zero-knowledge cloud sync. Role-based access. Scoped CI/CD tokens. Audit logs. Share one key, everyone syncs.
Store secrets encrypted. Only you hold the key.
$ kv set API_KEY=sk_live_abc123 set API_KEY (dev) [encrypted] $ kv set DB_URL=postgres://... set DB_URL (dev) [encrypted]
One command configures MCP for your editor.
$ kv setup cursor MCP configured for Cursor $ kv setup claude-code MCP configured for Claude Code
AI agent runs your code. Secrets injected at runtime. Never in chat.
AI: "Running your tests..." → kv_run(["pytest"]) → exit code: 0 Secrets never appear in chat.
Free for individuals. One flat price for teams.