A scope-locked vault that runs on your machine. Secrets resolve only for their intended destination. Exfiltration is blocked. Output is redacted. No cloud. No subscriptions.
curl -fsSL https://secrets.waykee.com/install.sh | sh
Works on Linux, macOS & Windows
Without protection, any prompt injection or malicious tool call can exfiltrate your API keys, tokens, and credentials.
Every command is checked before secrets resolve. Every output is scrubbed after execution. Every process is verified before connection.
Each secret is locked to specific hosts. A GitHub token with host:github.com won't resolve for any other destination.
Blocks file redirections, pipes to netcat, base64 encoding, /dev/tcp, tee, and split-destination attacks before execution.
All secret values are scrubbed from stdout and stderr. Uses generic redaction tags to prevent oracle attacks.
Secrets are pinned in locked memory (mlock). Core dumps disabled. Process tracing blocked. Zeroed on reload.
AES-256-GCM encrypted vault on your machine. No cloud. No server to trust. Your machine, your secrets, your control.
Install, add secrets, use your AI tools normally. Auto-start via systemd/launchd. Claude Code hook auto-configured.
One command. No runtime dependencies. Native binary.
$ curl -fsSL https://secrets.waykee.com/install.sh | sh
$ waykee-secrets install
Enter license key: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
Enter master password: ********
Vault created. Daemon started.
Lock each secret to where it should be used. Not a general-purpose env var.
$ waykee-secrets add GITHUB_TOKEN --scope "host:github.com"
Enter value: ********
Secret added. Scope: host:github.com
$ waykee-secrets add OPENAI_KEY --scope "host:api.openai.com"
Secret added. Scope: host:api.openai.com
The daemon runs invisibly. Your agent writes {SECRET_NAME} markers. Waykee handles the rest.
# Claude Code (auto-configured)
$ claude
# Cursor / Windsurf (shell proxy)
$ SHELL=waykee-secrets cursor
# Claude Desktop (MCP server)
$ waykee-secrets mcp
Native binary. No runtime needed. No .NET, no Java, no Node. Just download and run.
x86_64 (NativeAOT)
curl -fsSL https://secrets.waykee.com/install.sh | sh
Most secret managers give the agent the secret. We don't.
| Waykee Secrets | Infisical Vault | HashiCorp Vault | 1Password | Doppler | |
|---|---|---|---|---|---|
| Scope-locked secrets | Yes | Partial | No | No | No |
| Output redaction | Yes | No | No | No | No |
| Anti-exfiltration | Yes | Partial | No | No | No |
| Works beyond HTTP | Any command | HTTP only | Yes | Yes | Yes |
| Memory protection | mlock + anti-ptrace | No | mlock | No | No |
| 100% local | Yes | Self-host | Self-host | Cloud | Cloud |
| Claude Code native | Auto hook | No | No | No | No |
| Price | $7.99 once | Free (OSS) | $50K+/yr | $8/user/mo | $21/user/mo |
Configure exactly where each secret can be used.
{GITHUB_TOKEN}{OPENAI_KEY}{AWS_SECRET}{DB_PASSWORD}{DEPLOY_KEY}{NPM_TOKEN}No subscriptions. No per-seat fees. No cloud bills. Pay once, own it.
Renew updates for $4.99/year (optional)
Included with Waykee subscription
One-time payment • Lifetime license • Up to 3 devices
On your machine only. The vault file (~/.waykee-secrets/vault.wksv) is encrypted with AES-256-GCM. The key is derived from your master password + machine fingerprint via PBKDF2 (600K iterations). No cloud, no external servers.
No. The agent writes markers like {GITHUB_TOKEN}. The daemon resolves them after security checks, executes the command, and returns redacted output. The agent never has the plaintext value in its context window.
Commands run normally through your default shell. The system fails open — your workflow is never blocked. Secrets simply won't resolve until the daemon restarts automatically via systemd/launchd.
You pay $7.99 once and can use that version forever on up to 3 machines. Your license includes 1 year of updates. After that, you can optionally renew for $4.99/year. If you don't renew, the version you have keeps working permanently.
Agent Vault is an HTTP proxy that only protects API calls. Waykee Secrets works at the shell level, protecting any command: curl, git, sqlcmd, custom scripts, binaries. We also redact output and block exfiltration patterns — they don't.
Linux x64 (NativeAOT, 3.9 MB), macOS arm64 (Apple Silicon, 6.4 MB), and Windows x64 (6.7 MB). The binary is a native compiled executable — no runtime needed. No .NET, no Java, no Node.
Yes. Claude Code has native hook integration (auto-configured). For Cursor, Windsurf, and others, use shell proxy mode: SHELL=waykee-secrets cursor. For Claude Desktop, use MCP server mode: waykee-secrets mcp.
Install in 60 seconds. $7.99 one-time. No cloud. No subscriptions.