Split-key reverse proxy that makes leaked API keys worthless

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for oblangatas from gravatar.com oblangatas

Unverified details

These details have not been verified by PyPI
Meta
  • License: GNU Affero General Public License v3 (AGPL-3.0-only)
  • Author: Shachar Mendelowitz
  • Requires: Python >=3.10
  • Provides-Extra: mcp , dev , test , qa , fuzz
Classifiers
Report project as malware

Project description

Worthless

Make leaked API keys worthless.

Python 3.10+ License: AGPL-3.0 Tests

When your .env leaks, the keys inside are placeholders. The real key never sits in your repo, your shell history, or your laptop's memory.

Quickstart

curl -sSL https://worthless.sh | sh        # fresh machine, no Python needed
# or, if you already have Python 3.10+:
pipx install worthless

Then cd into your project and run worthless. It detects keys in your .env, splits them, starts a local proxy. No code changes.

The Worker emits an X-Worthless-Script-Sha256 header so you can verify the bytes you ran match the bytes the Worker advertised before piping into sh. The check catches transit/cache tampering, not origin compromise — cosign-signed release manifests for that are tracked in WOR-303.

Full install options (Docker, MCP for Claude Code / Cursor / Windsurf, GitHub Actions, the verified-install flow, kill-switch runbook): docs.wless.io

Scope

Worthless scans for LLM provider API key prefixes only — currently openai (sk-, sk-proj-), anthropic (sk-ant-), google (AIza), and xai (xai-). For general secret detection (cloud tokens, GitHub PATs, AWS access keys, npm tokens, Cloudflare API tokens, etc.), use gitleaks or trufflehog as a companion tool — worthless will not flag those and is not trying to replace them.

How it works

  1. worthless lock splits each API key into two shards
  2. Shard A stays on your machine (encrypted). Shard B goes to the proxy database
  3. Your .env is rewritten with shard A — format-preserving, but cryptographically useless alone
  4. The proxy reconstructs the key only when the rules engine approves the request
  5. Spend cap blown? The key never forms. The request never reaches the provider

Platforms

Platform Status
macOS Supported
Linux Supported
Windows + WSL Supported
Native Windows Not supported — use WSL or Docker

Native-Windows support is tracked in WOR-237. See docs.wless.io for the full distro support matrix.

Versioning

PyPI version, signed git tag (vX.Y.Z), and the X-Worthless-Script-Tag header on worthless.sh are kept aligned — CI fails fast if pyproject.toml and the tag disagree. install.sh resolves the latest worthless from PyPI at install time; pin via WORTHLESS_VERSION=x.y.z curl -sSL https://worthless.sh | sh.

Documentation

Everything lives at docs.wless.io — install guides, the security model, wire protocol, recovery runbook, the verified-install flow, and the agent skill file (Claude Code / Cursor / Windsurf).

Development

git clone https://github.com/shacharm2/worthless && cd worthless
uv sync --extra dev --extra test
uv run pytest

Internal developer documentation lives in engineering/. Security invariants are in SECURITY.md.

Contributing

PRs welcome. Read CONTRIBUTING-security.md first.

License

AGPL-3.0

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for oblangatas from gravatar.com oblangatas

Unverified details

These details have not been verified by PyPI
Meta
  • License: GNU Affero General Public License v3 (AGPL-3.0-only)
  • Author: Shachar Mendelowitz
  • Requires: Python >=3.10
  • Provides-Extra: mcp , dev , test , qa , fuzz
Classifiers

Release history Release notifications | RSS feed

0.3.7

0.3.6

0.3.5

0.3.4

This version

0.3.3

0.3.2

0.3.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

worthless-0.3.3.tar.gz (368.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

worthless-0.3.3-py3-none-any.whl (154.0 kB view details)

Uploaded Python 3

File details

Details for the file worthless-0.3.3.tar.gz.

File metadata

  • Download URL: worthless-0.3.3.tar.gz
  • Upload date:
  • Size: 368.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for worthless-0.3.3.tar.gz
Algorithm Hash digest
SHA256 bca3e9bfcd46ecce49f3011542ad4636ad51601a73a59e6b0b01cee5d17a9627
MD5 0736d72d6ad872a5c8ab62356fbc5b49
BLAKE2b-256 a9384c3ce9cb384eea6120974945e82c747713c695595463214256a396f20625

See more details on using hashes here.

Provenance

The following attestation bundles were made for worthless-0.3.3.tar.gz:

Publisher: publish.yml on shacharm2/worthless

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file worthless-0.3.3-py3-none-any.whl.

File metadata

  • Download URL: worthless-0.3.3-py3-none-any.whl
  • Upload date:
  • Size: 154.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for worthless-0.3.3-py3-none-any.whl
Algorithm Hash digest
SHA256 94e315be1b7b4c15348a414d6da2dc77a8467b1fcfb650dc7e557c98ad289343
MD5 09c8b73bf0161e6c0bed7196b67e2036
BLAKE2b-256 334aa65acfffb389387f3bf85c32a0c0d65037a20b3cd3a5148d658b58a4a6a7

See more details on using hashes here.

Provenance

The following attestation bundles were made for worthless-0.3.3-py3-none-any.whl:

Publisher: publish.yml on shacharm2/worthless

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page