A portable local authentication library for AI agents and developer tools

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mbajaj from gravatar.com mbajaj

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Manoj Bajaj
  • Tags agents , api-key , auth , credentials , mcp , oauth2
  • Requires: Python >=3.13
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

authsome

PyPI version Python 3.13+ License: MIT PyPI downloads Tests codecov

               __  __
  ____ ___  __/ /_/ /_  _________  ____ ___  ___
 / __ `/ / / / __/ __ \/ ___/ __ \/ __ `__ \/ _ \
/ /_/ / /_/ / /_/ / / (__  ) /_/ / / / / / /  __/
\__,_/\__,_/\__/_/ /_/____/\____/_/ /_/ /_/\___/

Local-first credential broker and vault for AI Agents

An open-source credential broker that sits between your agents and the services they call. Instead of sharing credentials with every agent, log in once via OAuth2 or API keys. Authsome stores credentials securely and injects them via an HTTP proxy. You get one place to manage access, rotate keys, and see what every agent is doing.

Demo

https://github.com/user-attachments/assets/27f9b229-baf4-4889-be9a-378a133654dc

Why Agents need Authsome

Agents run beyond interactive sessions. They live in CI, over SSH, in cron jobs, in background workers, and in parallel pipelines. They need API access that survives without a human in the loop.

Hardcoded environment tokens leak or go stale, and building auth flow logic, token storage, refresh handling, and per-provider config into every project rebuilds the same plumbing every time.

Authsome is the local credential layer agents call at runtime.

  • No credential sprawl. One encrypted store — every provider, every agent, one place.
  • No SaaS, no privacy trade-off. Credentials never leave your machine. Eliminates credential exfiltration risks as agents never see them.
  • No browser required at runtime. Setup can use browser PKCE, device code, or a browser bridge for secure API key entry. After that, agents run headlessly.

How It Works

The CLI is the agent's interface: setup once, then inject fresh credentials whenever a tool runs.

Authsome Architecture

Authenticate once:

uvx authsome login github

Then agents get valid credentials on demand:

uvx authsome get github --field access_token --show-secret
# → ghu_...

export $(uvx authsome export github)
# → sets GITHUB_ACCESS_TOKEN in current shell

uvx authsome run python my_agent.py
# runs behind a local auth proxy that injects headers at request time
# without exposing secrets in the child process environment.
# matched automatically via provider host_url (e.g. api.openai.com)

Credentials are stored locally, encrypted at rest, and refreshed before expiry. No server. No account. No cloud.

Why Authsome

authsome Hardcoded env tokens DIY
Automatic token refresh build it
OAuth2 + API keys build it
Runtime headless use varies
Local — no SaaS dependency
Built-in providers, zero config
Multi-account per provider build it

Authsome gives agents one command for a valid token, without scattering long-lived secrets across every project.

Quick Start

uvx authsome login github                  # opens browser, completes PKCE flow
uvx authsome login github --flow device_code  # headless: Device Code, works over SSH and CI
uvx authsome login openai                  # secure API key entry via browser bridge
uvx authsome list                          # all connections + token status

Docs

The full documentation site lives in docs/site/

To preview locally:

cd docs/site
npm i -g mint   # requires Node.js >= 20.17.0
mint dev

Specs

License

MIT — see LICENSE.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mbajaj from gravatar.com mbajaj

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Manoj Bajaj
  • Tags agents , api-key , auth , credentials , mcp , oauth2
  • Requires: Python >=3.13
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.6.2 yanked

Reason this release was yanked:

Incorrect server url

0.6.1

0.5.0

0.4.2

0.4.1

0.4.0

0.3.2

0.3.1

0.3.0

0.2.4

0.2.4rc76 pre-release

0.2.4rc75 pre-release

0.2.4rc74 pre-release

0.2.4rc73 pre-release

0.2.3

0.2.3rc72 pre-release

0.2.3rc71 pre-release

0.2.3rc70 pre-release

This version

0.2.3rc69 pre-release

0.2.3rc68 pre-release

0.2.3rc67 pre-release

0.2.3rc66 pre-release

0.2.3rc65 pre-release

0.2.3rc64 pre-release

0.2.2

0.2.2rc42 pre-release

0.2.2rc41 pre-release

0.2.2rc40 pre-release

0.2.2rc39 pre-release

0.2.2rc38 pre-release

0.2.2rc37 pre-release

0.2.2rc36 pre-release

0.2.2rc35 pre-release

0.2.1

0.2.1rc34 pre-release

0.2.1rc33 pre-release

0.2.1rc32 pre-release

0.2.1rc31 pre-release

0.2.1rc30 pre-release

0.2.1rc29 pre-release

0.2.1rc28 pre-release

0.2.1rc27 pre-release

0.2.1rc26 pre-release

0.2.1rc24 pre-release

0.2.1rc23 pre-release

0.2.1rc22 pre-release

0.2.1rc21 pre-release

0.2.1rc20 pre-release

0.2.0

0.2.0rc19 pre-release

0.2.0rc18 pre-release

0.2.0rc17 pre-release

0.2.0rc16 pre-release

0.2.0rc15 pre-release

0.2.0rc14 pre-release

0.2.0rc13 pre-release

0.2.0rc9 pre-release

0.2.0rc8 pre-release

0.2.0rc7 pre-release

0.2.0rc6 pre-release

0.1.12

0.1.11

0.1.11rc4 pre-release

0.1.11rc3 pre-release

0.1.11rc2 pre-release

0.1.11rc1 pre-release

0.1.10

0.1.9

0.1.8

0.1.7 yanked

Reason this release was yanked:

incorrect init

0.1.6 yanked

Reason this release was yanked:

Incorrect imports

0.1.5 yanked

Reason this release was yanked:

Incorrect imports

0.1.4

0.1.3

0.1.2

0.1.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

authsome-0.2.3rc69.tar.gz (248.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

authsome-0.2.3rc69-py3-none-any.whl (114.9 kB view details)

Uploaded Python 3

File details

Details for the file authsome-0.2.3rc69.tar.gz.

File metadata

  • Download URL: authsome-0.2.3rc69.tar.gz
  • Upload date:
  • Size: 248.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.11.12 {"installer":{"name":"uv","version":"0.11.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for authsome-0.2.3rc69.tar.gz
Algorithm Hash digest
SHA256 95a82b785f1563af4bb8581985a54413d336841cf2c2d5b228ec383ebe5adbdd
MD5 eb3f74d4a5cb38add266f54d980b91a5
BLAKE2b-256 69a7a0e78780b9ac263d7fd715e536f2cb92ec1270c8af10609ec265cab2c2a0

See more details on using hashes here.

File details

Details for the file authsome-0.2.3rc69-py3-none-any.whl.

File metadata

  • Download URL: authsome-0.2.3rc69-py3-none-any.whl
  • Upload date:
  • Size: 114.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.11.12 {"installer":{"name":"uv","version":"0.11.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for authsome-0.2.3rc69-py3-none-any.whl
Algorithm Hash digest
SHA256 f789bffc521bed4b370a5e0b55ef44c3d15782adb3cd66609430a8f60f308ab3
MD5 ccf75b7f074a11f68bc77ec294d4127c
BLAKE2b-256 f69f74fc42aebf7ee4c68bee970d31cb35fa4e2e23d6d3cd91ddee8501a3761e

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page