# Keychains.dev

> Secure credential delegation for AI agents, letting them access APIs without exposing sensitive credentials while users maintain control.

Keychains.dev provides secure credential delegation for AI agents, enabling them to access thousands of APIs without exposing sensitive credentials. The platform acts as a proxy layer that injects credentials server-side, ensuring that AI agents never see raw secrets, protecting against prompt injection attacks and credential leakage. Users maintain full control with transparent permission management and instant revocation capabilities.

- **Drop-in curl replacement** - Use `keychains curl` as a replacement for standard curl commands, replacing hard-coded credentials with template variables like `{{OAUTH2_ACCESS_TOKEN}}` or `{{STRIPE_PRIVATE_KEY}}` for seamless integration.

- **Server-side credential injection** - Credentials are injected server-side, making them invisible to the agent and protecting against prompt injection attacks that could exfiltrate secrets from context windows.

- **User consent flows** - When a new API scope is needed, users see exactly what the agent wants to do and approve with one click, ensuring informed consent for every permission granted.

- **SSH key identity** - Every machine authenticates via SSH keypairs with no passwords or API keys in the agent's environment, providing strong cryptographic identity verification.

- **Stateful fingerprinting** - Machines exchange fingerprints with every call, automatically invalidating leaked keys on first use for enhanced security.

- **Instant revocation** - Revoke any machine's access with one click from the dashboard with no waiting or grace periods.

- **Multi-protocol support** - Handles OAuth 2.0 with PKCE, API keys, and basic auth, working with 6754+ API providers including GitHub, Google, Slack, Stripe, Notion, Linear, and more.

- **Sub-agent delegation** - Create scoped delegate tokens for sub-agents with only the permissions they need, or create blank tokens that require fresh user approval for each task.

- **Full audit trail** - Users see every permission granted, every agent, and every task with complete transparency and accountability.

To get started, install the keychains CLI and use it as a drop-in replacement for curl. Replace your hard-coded credentials with template variables, and the platform handles authentication, token refresh, and secure credential injection automatically.

## Features
- Secure credential delegation for AI agents
- Server-side credential injection
- SSH key identity authentication
- Stateful fingerprinting for leaked key detection
- User consent flows for permission approval
- Instant access revocation
- OAuth 2.0 with PKCE support
- Auto token refresh
- API key scoped injection
- Basic auth support
- Scoped delegate tokens for sub-agents
- Blank tokens for fresh user approval
- Full audit trail
- Support for 6754+ API providers
- Drop-in curl replacement

## Integrations
GitHub, Google, Slack, Stripe, Notion, Linear, Spotify, Uber, Airtable, Shopify, Twilio, OpenAI

## Platforms
WEB, API

## Pricing
Freemium — Free tier available with paid upgrades

## Links
- Website: https://keychains.dev
- Documentation: https://keychains.dev/docs
- EveryDev.ai: https://www.everydev.ai/tools/keychains-dev