Keyward v0.1.0

Keyward keeps API keys out of your Claude Code prompts.

A UserPromptSubmit hook scans every message you submit. If it spots an API key, it saves the value to a chmod 600 file before the model sees it, blocks the original prompt, and re-submits a sanitized version automatically — you press Enter once.

Install

/plugin marketplace add albemiglio/keyward
/plugin install keyward@keyward

Highlights

• ~20 provider regexes (Anthropic, OpenAI, GitHub, GitLab, Slack, Google, AWS, Stripe, HF, JWT, …) + explicit /key NAME=VALUE markers
• Cross-platform auto-paste — macOS (osascript), Linux X11 (xdotool), Linux Wayland (wtype), Windows (SendKeys)
• Optional gitleaks pass (KEYWARD_USE_GITLEAKS=1) for deeper detection
• using-keyward skill teaches Claude to consume secrets safely (export VAR=$(cat …), never bare cat)
• /raw bypass, /key-list, /key-rm
• 35-test suite, CI across Ubuntu/macOS/Windows × Python 3.9/3.12

Honest limitations

Defense-in-depth, not a guarantee: the transcript may capture a value depending on write ordering; auto-paste has a ~350 ms race and needs a display server; Wayland depends on the compositor; macOS needs Accessibility permission. See the Security Model.

Full notes: CHANGELOG.md