Secret Safe Env

Name: Secret Safe Env
Author: irrenwill

irrenwill/secret-safe-env

Let a human type API keys into .env through a masked Windows dialog so the agent never sees or logs the secret.

Overview

secret-safe-env is a MCP server for the Ship phase that writes secrets into .env via a masked Windows dialog so the agent never receives the plaintext value.

What is this MCP server?

Writes .env entries without exposing values to the LLM
Windows masked input dialog with Traditional Chinese (繁中) UI
stdio npm package secret-safe-env v0.1.2
Reduces paste-in-chat leakage for local agent development
Package version 0.1.2; npm identifier secret-safe-env
Documented behavior: agent does not receive secret values—human-only masked entry

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Pasting secrets into agent chats risks leaks in history, support exports, and shared sessions when you only wanted a local .env line.

Who is it for?

Windows-based solo builders using MCP who configure many third-party API keys during Ship and security hardening.

Skip if: macOS/Linux-only workflows, team-wide vault rotation, or production KMS-style secret management.

What do I get? / Deliverables

After installing secret-safe-env, you fill keys through the masked dialog and your agent can reference env var names without ever reading the secret.

Updated .env entries written without agent-visible plaintext
Repeatable MCP workflow for rotating keys locally
Lower risk of accidental secret exposure in chat logs

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Canonical shelf is Ship because the problem is safe credential handling right before and during release-oriented local setup. Security subphase fits secret injection that keeps keys out of chat logs and agent context.

How it compares

Local masked .env writer MCP, not a hosted secrets platform or generic code-review skill.

Common Questions / FAQ

Who is secret-safe-env for?

Solo developers on Windows who use AI coding agents and want API keys in .env without exposing values to the model.

When should I use secret-safe-env?

Use it during Ship/security setup whenever you add or rotate keys and want to avoid typing secrets directly into the agent conversation.

How do I add secret-safe-env to my agent?

Install the npm package secret-safe-env, add it as a stdio MCP server in Claude Code or Cursor, and invoke its tools so the masked dialog writes your .env entries.

Secret Safe Env

irrenwill/secret-safe-env

Let a human type API keys into .env through a masked Windows dialog so the agent never sees or logs the secret.

Overview

secret-safe-env is a MCP server for the Ship phase that writes secrets into .env via a masked Windows dialog so the agent never receives the plaintext value.

What is this MCP server?

Writes .env entries without exposing values to the LLM
Windows masked input dialog with Traditional Chinese (繁中) UI
stdio npm package secret-safe-env v0.1.2
Reduces paste-in-chat leakage for local agent development
Package version 0.1.2; npm identifier secret-safe-env
Documented behavior: agent does not receive secret values—human-only masked entry

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Pasting secrets into agent chats risks leaks in history, support exports, and shared sessions when you only wanted a local .env line.

Who is it for?

Windows-based solo builders using MCP who configure many third-party API keys during Ship and security hardening.

Skip if: macOS/Linux-only workflows, team-wide vault rotation, or production KMS-style secret management.

What do I get? / Deliverables

After installing secret-safe-env, you fill keys through the masked dialog and your agent can reference env var names without ever reading the secret.

Updated .env entries written without agent-visible plaintext
Repeatable MCP workflow for rotating keys locally
Lower risk of accidental secret exposure in chat logs

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

Local masked .env writer MCP, not a hosted secrets platform or generic code-review skill.

Common Questions / FAQ

Who is secret-safe-env for?

Solo developers on Windows who use AI coding agents and want API keys in .env without exposing values to the model.

When should I use secret-safe-env?

Use it during Ship/security setup whenever you add or rotate keys and want to avoid typing secrets directly into the agent conversation.

How do I add secret-safe-env to my agent?

Install the npm package secret-safe-env, add it as a stdio MCP server in Claude Code or Cursor, and invoke its tools so the masked dialog writes your .env entries.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is secret-safe-env for?

When should I use secret-safe-env?

How do I add secret-safe-env to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is secret-safe-env for?

When should I use secret-safe-env?

How do I add secret-safe-env to my agent?