Is io.github.apilocker/apilocker safe to use?

io.github.apilocker/apilocker has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.apilocker/apilocker?

io.github.apilocker/apilocker can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with io.github.apilocker/apilocker?

io.github.apilocker/apilocker is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is io.github.apilocker/apilocker actively maintained?

io.github.apilocker/apilocker is recently maintained — last commit was 50 days ago.

io.github.apilocker/apilocker

Encrypted credential vault: LLM, service & OAuth keys. 21-tool MCP server for your AI agent.

0 tools GitHub

No known CVEs

No license

Maintained

Last commit 50d ago

Works with most clients

Transport: stdio

0 tools

Grade F

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-apilocker-apilocker": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-apilocker-apilocker)](https://mcppedia.org/s/io-github-apilocker-apilocker)

Read me

What io.github.apilocker/apilocker does

One vault, three types of credentials. Replace your .env file with one token.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

31/100across 5 weighted dimensions

How we score →

0255075100

−69

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.apilocker/apilocker safe to use?: io.github.apilocker/apilocker has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.apilocker/apilocker?: io.github.apilocker/apilocker can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.apilocker/apilocker?: io.github.apilocker/apilocker is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is io.github.apilocker/apilocker actively maintained?: io.github.apilocker/apilocker is recently maintained — last commit was 50 days ago.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

Mcpki Server92

mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).

MCP Security Weekly

Get CVE alerts and security updates for io.github.apilocker/apilocker and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-apilocker-apilocker": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-apilocker-apilocker)](https://mcppedia.org/s/io-github-apilocker-apilocker)

Read me

What io.github.apilocker/apilocker does

One vault, three types of credentials. Replace your .env file with one token.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

API Locker

One vault, three types of credentials. Replace your .env file with one token.

API Locker is an encrypted credential vault for developers. Store your LLM API keys, service API keys, and OAuth credentials in one place — then inject them into any command with apilocker run -- npm start. Your raw credentials never touch disk, never live in shell history, never get committed to git.

Free to use. Try it →

What it does

# Install
npm install -g apilocker

# One-click browser confirmation — no pasted tokens
apilocker register

# Store a credential (for any of 34 provider templates, plus "custom")
apilocker store --name OPENAI_API_KEY --provider openai --key sk-proj-...

# Run any command with your vault secrets injected as env vars
apilocker run -- npm start
#  ↑
#  process.env.OPENAI_API_KEY is populated for the lifetime of this command,
#  then gone. No .env file. Nothing on disk. Nothing in shell history.

That's the whole pitch. Everything else in this repo is making that flow work for every kind of credential a developer has to deal with.

One vault, three types of credentials

API Locker distinguishes three credential types because they're used differently:

🧠 LLM API Keys

Single opaque tokens for model APIs.

OpenAI, Anthropic, Gemini, Groq, Mistral.

apilocker store --name OPENAI_API_KEY \
  --provider openai \
  --key sk-proj-xxxxx

⚡ Service API Keys

Single tokens for everyday SaaS.

Stripe, Twilio, Resend, ElevenLabs, Cloudflare, GitHub, Clerk, Sentry, PostHog, Cloudinary, Mux, SendGrid, Vercel, Upstash, LemonSqueezy.

apilocker store --name STRIPE_SECRET_KEY \
  --provider stripe \
  --key sk_live_xxxxx

🔗 OAuth Credentials

Multi-field credentials for sign-in flows.

Google, GitHub, Slack, Microsoft, Notion, Spotify, Twitter/X, LinkedIn, Discord, Zoom, Dropbox, Salesforce, HubSpot.

apilocker store --oauth \
  --name google-oauth \
  --provider google-oauth \
  --client-id ... \
  --client-secret ...

Under the hood, LLM and Service credentials share the same single-string encrypted storage. OAuth is a multi-field encrypted JSON blob. Users experience three product surfaces; implementation shares one foundation.

Why not just use `.env` files?

Problem	`.env` file	API Locker
Secrets on disk	✅ (plaintext)	❌ (encrypted, AES-256-GCM)
Secrets in git history if misconfigured	✅	❌
Secrets in shell history when debugging	✅	❌
Sharing across machines	Manual copy-paste	✅ (one `apilocker register` per device)
Rotation	Manual edit in every copy	One dashboard click
Audit log of who accessed what	❌	✅ (every reveal + proxy call)
Revocation of a specific device	Nuke every local copy	One `apilocker devices revoke`
AI agent access (Claude, Cursor, etc.)	"Paste this into Cursor settings"	Native MCP integration

Features

Encrypted vault — AES-256-GCM on every stored credential. Keys never leave the vault in plaintext except when explicitly revealed to an authenticated master-token holder.
Runtime injection — apilocker run -- cmd injects your vault secrets as env vars for the duration of one command, then clears them.
Smart proxy — POST /v1/proxy/:keyId

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

31/100across 5 weighted dimensions

How we score →

0255075100

−69

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.apilocker/apilocker safe to use?: io.github.apilocker/apilocker has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.apilocker/apilocker?: io.github.apilocker/apilocker can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.apilocker/apilocker?: io.github.apilocker/apilocker is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is io.github.apilocker/apilocker actively maintained?: io.github.apilocker/apilocker is recently maintained — last commit was 50 days ago.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

Mcpki Server92

mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).

MCP Security Weekly

Get CVE alerts and security updates for io.github.apilocker/apilocker and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

io.github.apilocker/apilocker

Install in your client

What io.github.apilocker/apilocker does

Test This Server

Why this score

31/100across 5 weighted dimensions

Security

Reviews

Frequently Asked Questions

Similar servers

Discussion

io.github.apilocker/apilocker

Install in your client

What io.github.apilocker/apilocker does

Test This Server

API Locker

What it does

One vault, three types of credentials

🧠 LLM API Keys

⚡ Service API Keys

🔗 OAuth Credentials

Why not just use .env files?

Features

Why this score

31/100across 5 weighted dimensions

Security

Reviews

Frequently Asked Questions

Similar servers

Discussion

API Locker

What it does

One vault, three types of credentials

🧠 LLM API Keys

⚡ Service API Keys

🔗 OAuth Credentials

Why not just use .env files?

Features

Why not just use `.env` files?

Why not just use `.env` files?