Vault unlocked

Welcome back, friend.

Here's what's in your vault today.

Stored keys
0
Active tokens
0
Devices
0
Calls (recent)
0

Your keys

Encrypted credentials stored in your vault.

No keys yet

Store your first credential — an OpenAI API key, an OAuth client secret, a database password — anything you'd normally drop into a .env file.

Scoped tokens

Per-app tokens that authorize proxy access without exposing the underlying credentials.

No tokens issued

Once you store a key, issue a scoped token to let an app or AI agent call it through the proxy — without ever seeing the raw credential.

Recent activity

Every proxied request, logged in real time.

Quiet so far

Once your keys start handling traffic, you'll see every request, response code, and latency right here.

Devices

Every machine where you've signed into the CLI. Revoke any you no longer use.

No devices registered

Run apilocker register on any machine to sign in the CLI and it'll show up here.

Vault health

Rotation hygiene, unused keys, stale devices, and security warnings — refreshed on every visit.

Running checks…

MCP server

Let AI assistants (Claude Desktop, Cursor, Zed, etc.) read and manage your vault via the Model Context Protocol.

MCP server is active
https://api.apilocker.app/v1/mcp

Connect your AI tool

Pick your client below. Copy the config, paste it into your client, done.

Paste this into your Claude Desktop config file. On macOS that's ~/Library/Application Support/Claude/claude_desktop_config.json. Restart Claude Desktop after saving.

{
  "mcpServers": {
    "apilocker": {
      "command": "apilocker",
      "args": ["mcp"]
    }
  }
}

Once Claude Desktop restarts, all 21 API Locker tools become available in the tool picker — list_keys, reveal_key, run_doctor, proxy_request, and more.

Run this command in any terminal (Claude Code is the CLI you're already using for this conversation):

claude mcp add apilocker -- apilocker mcp

Verify with claude mcp list. The server appears in the next Claude Code session automatically.

Open Cursor Settings → Features → Model Context Protocol → Add Server, and paste this config:

{
  "mcpServers": {
    "apilocker": {
      "command": "apilocker",
      "args": ["mcp"]
    }
  }
}

Restart Cursor. The agent gets the full API Locker toolset inside your IDE.

Continue (VS Code extension) reads ~/.continue/config.json. Add an mcpServers section with this entry:

{
  "mcpServers": {
    "apilocker": {
      "command": "apilocker",
      "args": ["mcp"]
    }
  }
}

Reload VS Code after saving.

Zed uses context_servers in its settings.json. Add this entry:

{
  "context_servers": {
    "apilocker": {
      "command": {
        "path": "apilocker",
        "args": ["mcp"],
        "env": {}
      }
    }
  }
}

Reload Zed after saving.

Is it working?

Recent reveal and proxy calls show up here the moment a connected MCP client uses your vault.

No activity yet. Connect a client and ask it to list your keys.
Prerequisite: every config above uses the apilocker CLI to bridge MCP over stdio. Make sure the CLI is installed globally (npm install -g apilocker) and registered (apilocker register) on the same machine as your MCP client. The bridge reads your master token from ~/.apilocker/config.json automatically.

Stop using .env files

Your keys live here; your code can use them directly. Install the CLI, then apilocker run -- npm start injects your secrets as environment variables for the duration of a single command. No .env file, no shell history, no leaks.

$ npm install -g apilocker
$ apilocker register
$ cd ~/your-project && apilocker init
$ apilocker run -- npm start