Keyward keeps API keys out of your Claude Code prompts.
A UserPromptSubmit hook scans every message you submit. If it spots an API key, it saves the value to a chmod 600 file before the model sees it, blocks the original prompt, and re-submits a sanitized version automatically — you press Enter once.
Install
/plugin marketplace add albemiglio/keyward
/plugin install keyward@keyward
Highlights
- ~20 provider regexes (Anthropic, OpenAI, GitHub, GitLab, Slack, Google, AWS, Stripe, HF, JWT, …) + explicit
/key NAME=VALUEmarkers - Cross-platform auto-paste — macOS (osascript), Linux X11 (xdotool), Linux Wayland (wtype), Windows (SendKeys)
- Optional gitleaks pass (
KEYWARD_USE_GITLEAKS=1) for deeper detection using-keywardskill teaches Claude to consume secrets safely (export VAR=$(cat …), never barecat)/rawbypass,/key-list,/key-rm- 35-test suite, CI across Ubuntu/macOS/Windows × Python 3.9/3.12
Honest limitations
Defense-in-depth, not a guarantee: the transcript may capture a value depending on write ordering; auto-paste has a ~350 ms race and needs a display server; Wayland depends on the compositor; macOS needs Accessibility permission. See the Security Model.
Full notes: CHANGELOG.md