Secure API key management for the API services you use, including AI services.
Project description
Keymaster
Secure API key management for the various APIs you use, with support for OpenAI, Anthropic, Stability AI, and DeepSeek. Addional support for any other API service you want to add.
Features
- ✅ Secure key storage using macOS Keychain
- ✅ Multiple environment support (dev/staging/prod)
- ✅ Interactive service and environment selection
- ✅ Encrypted audit logging with timestamps
- ✅ API key validation and testing
- ✅ Key rotation support
- ✅ Environment file generation
- ✅ Case-insensitive service names
- ✅ Secure key backup during replacement
- ✅ SQLite metadata storage
- ✅ Direct API integration with:
- OpenAI
- Anthropic
- Stability AI
- DeepSeek
Requirements
- Python 3.11 or higher
- Supported Operating Systems:
- macOS: Uses Keychain
- Linux: Uses SecretService (GNOME Keyring/KWallet)
- Windows: Uses Windows Credential Locker
- Internet connection for API validation
Installation
- Create and activate a virtual environment:
python3 -m venv venv
source venv/bin/activate
- Install from source:
git clone https://github.com/joeazure/keymaster.git
cd keymaster
pip install -e .
Usage
Initialize Keymaster
keymaster init
This will:
- Create necessary directories (~/.keymaster)
- Initialize configuration
- Set up logging
- Verify keychain access
- Create SQLite database
Managing API Keys
Add a Key
# Interactive mode
keymaster add-key
# Non-interactive mode
keymaster add-key --service openai --environment dev --api_key <your_api_key>
# Force replace existing key
keymaster add-key --service openai --environment dev --api_key <your_api_key> --force
Remove a Key
# Interactive mode
keymaster remove-key
# Non-interactive mode
keymaster remove-key --service openai --environment dev
List Keys
# List all keys
keymaster list-keys
# List keys for specific service
keymaster list-keys --service openai
# Show key values (requires confirmation)
keymaster list-keys --show-values
Test a Key
# Interactive mode
keymaster test-key
# Non-interactive mode
keymaster test-key --service openai --environment dev
Environment File Generation
# Interactive mode
keymaster generate-env
# Non-interactive mode
keymaster generate-env --service openai --environment dev --output .env
Configuration Management
# Show current configuration
keymaster config show
# Reset configuration
keymaster config reset
Audit Logging
# View all audit logs
keymaster audit
# Filter by service
keymaster audit --service openai
# Filter by environment
keymaster audit --environment prod
# Filter by date range
keymaster audit --start-date 2024-01-01 --end-date 2024-01-31
# View sensitive data (requires confirmation)
keymaster audit --decrypt
Security Features
- Secure storage in macOS Keychain
- Encrypted audit logs
- Secure key backup before replacement
- SQLite metadata storage
- Automatic directory permission management
- Key validation before storage
- Sensitive data masking in logs
Directory Structure
~/.keymaster/
├── config.yaml # Configuration file
├── logs/
│ ├── keymaster.log # Application logs
│ └── audit.log # Encrypted audit logs
└── db/
└── keymaster.db # SQLite metadata database
Supported Services
- OpenAI: API key management for OpenAI services
- Anthropic: Claude and other Anthropic API services
- Stability AI: Image generation and AI models
- DeepSeek: AI language models and services
Development
Running Tests
pip install -e ".[test]" # Install test dependencies
pytest # Run tests with coverage
Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Run tests
- Submit a pull request
License
Copyright 2024 Joe Azure
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
CLI Commands
keymaster init # Initialize in project directory
keymaster add-key # Add new API key
keymaster remove-key # Remove stored key
keymaster list-keys # List available keys
keymaster test-key # Test API key validity
keymaster generate-env # Generate .env file
keymaster rotate-key # Rotate API keys
keymaster audit # View audit log
keymaster config # Manage configuration
keymaster register-provider # Register new API provider
Command Options
add-key
# Interactive mode
keymaster add-key
# Non-interactive mode
keymaster add-key --service openai --environment dev --api_key <your_api_key>
# Force replace existing key
keymaster add-key --service openai --environment dev --api_key <your_api_key> --force
test-key
# Test single key
keymaster test-key --service openai --environment dev
# Test all keys
keymaster test-key --all
# Verbose output
keymaster test-key --service openai --environment dev --verbose
audit
# View all audit logs
keymaster audit
# Filter by service and environment
keymaster audit --service openai --environment prod
# Filter by date range
keymaster audit --start-date 2024-01-01 --end-date 2024-01-31
# View sensitive data
keymaster audit --decrypt
register-provider
# Register new API provider
keymaster register-provider
# Prompts for:
# - Service name
# - Description
# - Test URL (optional)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
keymaster-0.1.1.tar.gz
(209.9 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
keymaster-0.1.1-py3-none-any.whl
(24.9 kB
view details)
File details
Details for the file keymaster-0.1.1.tar.gz.
File metadata
- Download URL: keymaster-0.1.1.tar.gz
- Upload date:
- Size: 209.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.11.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c22fe0d546938f264b6f8194d0b3c5225fca441d6b180ec8c47d0bc168c2fa90
|
|
| MD5 |
5a90047f535666bb85c2e08c841d5e0d
|
|
| BLAKE2b-256 |
e7fe0f353cf56b61afedcfe6bd4fccd511a92734c016e6360ea9f0e0d0ed2906
|
File details
Details for the file keymaster-0.1.1-py3-none-any.whl.
File metadata
- Download URL: keymaster-0.1.1-py3-none-any.whl
- Upload date:
- Size: 24.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.11.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
626697acf00e43cb5ed12c63c0ee81e154ac4890a68815e7d5f343f6654e6d43
|
|
| MD5 |
2b8637e4376ae0b48f2b7c75848b3e9c
|
|
| BLAKE2b-256 |
e10ad463447d186c692c026ef207fff372347c8e052797f7a215ea872093fab4
|
