Carl Tashian contributor

Tsm

tashian/tsm·1 plugin

Store API keys and tokens where Claude Code can fetch them only after macOS Touch ID approval instead of plain-text env files.

Overview

tsm is a plugin marketplace for the Operate phase that adds a Touch-ID-gated macOS secrets manager for AI coding agents.

What is this marketplace?

  • Touch-ID-gated unlock before agents read secrets on macOS
  • Purpose-built for AI coding agents (Claude Code ecosystem)
  • Single-plugin marketplace (tsm 0.1.0) from Carl Tashian
  • Reduces accidental secret exposure in prompts and terminal history
  • Local-first secrets manager pattern, not a hosted KMS
  • Marketplace bundles 1 plugin: tsm v0.1.0
  • Metadata describes Touch-ID-gated secrets manager for AI coding agents on macOS

Compatible agents: Claude Code, Cursor, any compatible agent

Community signal: 9 GitHub stars.

What problem does it solve?

Agents and terminals make it too easy to blast API keys into logs, repos, and chat when secrets live in plain .env files.

Who is it for?

Solo macOS builders using Claude Code who want local, biometric-gated secret access for agent workflows.

Skip if: Linux or Windows-only shops, teams needing centralized KMS/HSM, or anyone who cannot use Touch ID on their Mac.

What do I get? / Deliverables

After you add tsm, agents can pull credentials through a Touch-ID-gated local vault instead of scraping unprotected environment variables.

  • Touch-ID-gated secret retrieval path for agent tooling
  • Installed tsm plugin (v0.1.0) from the marketplace catalog
  • Reduced exposure of raw credentials in agent sessions

Plugins in this marketplace

1 plugin — install individually after you add the marketplace.

PluginVersion
TsmTouch-ID-gated secrets manager for AI coding agents on macOS.0.1.0

Recommended Marketplaces

AuthZed
Authzed Marketplaceauthzed/authzed-marketplace
AuthZed Marketplace is the vendor-maintained Claude Code catalog for SpiceDB and AuthZed authorization work. Indie SaaS 2 stars
Chainguard
Chainguard Pluginschainguard-demo/claude-plugins
chainguard-plugins is Anthropic’s official Chainguard plugin marketplace for Claude Code, bundling documentation access 7 stars
Empathic
Clashempathic/clash
Clash is a Claude Code plugin marketplace from Empathic that adds permission enforcement for agent tool usage. Solo buil30 stars
Anthropic
Claude For Legalanthropics/claude-for-legal
claude-for-legal is Anthropic’s official Claude Code plugin marketplace bundling thirteen legal-focused plugins for team8.2k stars
Anthropic
Claude For Legalgtgspot/clegal
claude-for-legal (market id gtgspot/clegal) is a thirteen-plugin Claude marketplace framed with Anthropic’s marketplace
trumb
Claude Nginx Hardeningtrumb/claude-nginx-hardening
claude-nginx-hardening is a Claude Code plugin marketplace by trumb that packages one development-category plugin for op1 stars

Journey fit

Idea
Validate
Build
Ship
Launch
Grow
Operate
Primary fit
OperateInfrastructure & cost

Credential hygiene belongs in Operate because leaked secrets in production repos and agent logs are an ongoing runtime risk, not a one-time ship checklist item. Infra is the right shelf for local secret vaults, keychains, and agent-side credential plumbing on a developer machine.

How it compares

macOS Touch-ID secret vault plugin marketplace, not a generic password manager skill or hosted secrets SaaS.

Common Questions / FAQ

Who is Tsm for?

Tsm is for macOS developers running AI coding agents who want Touch-ID approval before secrets leave a local manager.

When should I use Tsm?

Use Tsm when you are operating agent-heavy workflows and need to stop storing production API keys in plain .env files.

How do I add Tsm to my agent?

Install the Tsm plugin marketplace in Claude Code from the tashian/Tsm catalog entry and enable the Tsm plugin from ./plugin per marketplace.json.

This week for builders

Five minutes, every Monday — the tools, releases and tactics for shipping solo.

unsubscribe anytime.