Enigmagent Mcp

Name: Enigmagent Mcp
Author: Agnuxo1

Agnuxo1/enigmagent-mcp

Give agents named secret handles so real API keys never enter the model context or chat logs.

Overview

EnigmAgent MCP is an MCP server for the Ship phase that stores agent API secrets in a local AES-256-GCM vault so LLMs never see plaintext keys.

What is this MCP server?

Local vault.json with AES-256-GCM encryption and Argon2id-derived keys
npm package enigmagent-mcp v1.0.2 over stdio MCP transport
VAULT_PASSWORD master secret and optional VAULT_PATH for vault file location
Designed so agents reference secrets locally while LLMs never receive real API keys
Fits Claude Code and Cursor workflows that otherwise paste keys into MCP env blocks
npm package version 1.0.2 (registryType npm)
AES-256-GCM encryption with Argon2id-derived master key
Default vault path ./vault.json unless VAULT_PATH is set

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Community signal: 2 GitHub stars.

What problem does it solve?

Agent workflows tempt you to paste API keys into MCP env vars or chats, which is an easy leak path right when you are trying to ship.

Who is it for?

Solo builders running multiple MCP servers who want one encrypted local vault and password-gated access from the agent.

Skip if: Teams needing centralized cloud KMS, HSM compliance, or shared rotation without a local master password on each machine.

What do I get? / Deliverables

After install, secrets live in an encrypted local vault unlocked by VAULT_PASSWORD while tools fetch values without exposing them to the model.

Encrypted local vault.json for agent-retrieved secrets
MCP access pattern that keeps plaintext keys out of LLM context

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Shipping agent-powered products is when leaked keys in prompts become catastrophic; secret hygiene belongs on the Ship security shelf before and during release. Secrets subphase covers vaulting and least-exposure patterns; EnigmAgent is explicitly a local vault so LLMs never see plaintext credentials.

How it compares

Local encrypted secret vault MCP, not a cloud secrets manager integration or penetration-testing skill.

Common Questions / FAQ

Who is EnigmAgent MCP for?

Indie developers and agent builders on Claude Code or Cursor who store several API keys and refuse to put plaintext secrets in prompts.

When should I use EnigmAgent MCP?

Use it during Ship security setup whenever you wire MCP tools that need credentials and you want encryption at rest on your own machine.

How do I add EnigmAgent MCP to my agent?

Install the npm package enigmagent-mcp, configure stdio in your MCP manifest, set VAULT_PASSWORD (and VAULT_PATH if not ./vault.json), then initialize or unlock your vault per the GitHub repo.

Enigmagent Mcp

Agnuxo1/enigmagent-mcp

Give agents named secret handles so real API keys never enter the model context or chat logs.

Overview

EnigmAgent MCP is an MCP server for the Ship phase that stores agent API secrets in a local AES-256-GCM vault so LLMs never see plaintext keys.

What is this MCP server?

Local vault.json with AES-256-GCM encryption and Argon2id-derived keys
npm package enigmagent-mcp v1.0.2 over stdio MCP transport
VAULT_PASSWORD master secret and optional VAULT_PATH for vault file location
Designed so agents reference secrets locally while LLMs never receive real API keys
Fits Claude Code and Cursor workflows that otherwise paste keys into MCP env blocks
npm package version 1.0.2 (registryType npm)
AES-256-GCM encryption with Argon2id-derived master key
Default vault path ./vault.json unless VAULT_PATH is set

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Community signal: 2 GitHub stars.

What problem does it solve?

Agent workflows tempt you to paste API keys into MCP env vars or chats, which is an easy leak path right when you are trying to ship.

Who is it for?

Solo builders running multiple MCP servers who want one encrypted local vault and password-gated access from the agent.

Skip if: Teams needing centralized cloud KMS, HSM compliance, or shared rotation without a local master password on each machine.

What do I get? / Deliverables

After install, secrets live in an encrypted local vault unlocked by VAULT_PASSWORD while tools fetch values without exposing them to the model.

Encrypted local vault.json for agent-retrieved secrets
MCP access pattern that keeps plaintext keys out of LLM context

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

Local encrypted secret vault MCP, not a cloud secrets manager integration or penetration-testing skill.

Common Questions / FAQ

Who is EnigmAgent MCP for?

Indie developers and agent builders on Claude Code or Cursor who store several API keys and refuse to put plaintext secrets in prompts.

When should I use EnigmAgent MCP?

Use it during Ship security setup whenever you wire MCP tools that need credentials and you want encryption at rest on your own machine.

How do I add EnigmAgent MCP to my agent?

Install the npm package enigmagent-mcp, configure stdio in your MCP manifest, set VAULT_PASSWORD (and VAULT_PATH if not ./vault.json), then initialize or unlock your vault per the GitHub repo.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is EnigmAgent MCP for?

When should I use EnigmAgent MCP?

How do I add EnigmAgent MCP to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is EnigmAgent MCP for?

When should I use EnigmAgent MCP?

How do I add EnigmAgent MCP to my agent?