Give AI access to 6754+ APIs with zero credentials exposed
Keychains.dev is a secure credential proxy for AI agents. Use "keychains curl" as a drop-in for curl — just replace hard-coded credentials with template variables like {{GITHUB_TOKEN}}. Keychains injects real credentials server-side. Your agent never sees raw secrets — immune to prompt injection by design. Users approve each permission with one click and can revoke access anytime. Full audit trail. Works with 11,000+ API providers (OAuth, API keys, basic auth).
Keychains supports scoped delegate tokens that give sub-agents only the APIs they need for their specific task, or blank tokens that require fresh user approval for any new access. Parent agents retain full control over delegated permissions.
Keychains injects credentials server-side so agents never see raw secrets, making them invisible to prompt injection attacks and context window exfiltration. Credentials are replaced with template variables like {{GITHUB_TOKEN}}, eliminating the need to embed secrets in agent prompts or environment files.
Keychains uses SSH keypair authentication for every machine with stateful fingerprinting. Leaked keys are invalidated on first use, and machines exchange fingerprints with every call, preventing replay attacks and unauthorized access.
Keychains handles OAuth 2.0 with PKCE, API keys, basic auth, and custom headers automatically. Agents use the same keychains curl interface regardless of provider, and Keychains manages token refresh and scope injection transparently.
Keychains provides per-agent permission scoping, user consent flows, and full audit trails. Users approve each new API scope with one click and see exactly what permissions each agent has. Access can be revoked instantly from the dashboard without rotating secrets.