Split-key reverse proxy that makes leaked API keys worthless

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for oblangatas from gravatar.com oblangatas

Unverified details

These details have not been verified by PyPI
Meta
  • License: GNU Affero General Public License v3 (AGPL-3.0-only)
  • Author: Shachar Mendelowitz
  • Requires: Python >=3.10
  • Provides-Extra: mcp , dev , test , qa , fuzz
Classifiers
Report project as malware

Project description

Worthless

Make leaked API keys worthless.

Python 3.10+ License: AGPL-3.0 Tests

When your .env leaks, the keys inside are placeholders. The real key never sits in your repo, your shell history, or your laptop's memory.

Quickstart

curl -sSL https://worthless.sh | sh        # fresh machine, no Python needed
# or, if you already have Python 3.10+:
pipx install worthless

Then cd into your project and run worthless. It detects keys in your .env, splits them, starts a local proxy. No code changes.

The Worker emits an X-Worthless-Script-Sha256 header so you can verify the bytes you ran match the bytes the Worker advertised before piping into sh. The check catches transit/cache tampering, not origin compromise — cosign-signed release manifests for that are tracked in WOR-303.

Full install options (Docker, MCP for Claude Code / Cursor / Windsurf, GitHub Actions, the verified-install flow, kill-switch runbook): docs.wless.io

Scope

Worthless scans for LLM provider API key prefixes only — currently openai (sk-, sk-proj-), anthropic (sk-ant-), google (AIza), and xai (xai-). For general secret detection (cloud tokens, GitHub PATs, AWS access keys, npm tokens, Cloudflare API tokens, etc.), use gitleaks or trufflehog as a companion tool — worthless will not flag those and is not trying to replace them.

How it works

  1. worthless lock splits each API key into two shards
  2. Shard A stays on your machine (encrypted). Shard B goes to the proxy database
  3. Your .env is rewritten with shard A — format-preserving, but cryptographically useless alone
  4. The proxy reconstructs the key only when the rules engine approves the request
  5. Spend cap blown? The key never forms. The request never reaches the provider

Platforms

Platform Status
macOS Supported
Linux Supported
Windows + WSL Supported
Native Windows Not supported — use WSL or Docker

Native-Windows support is tracked in WOR-237. See docs.wless.io for the full distro support matrix.

Versioning

PyPI version, signed git tag (vX.Y.Z), and the X-Worthless-Script-Tag header on worthless.sh are kept aligned — CI fails fast if pyproject.toml and the tag disagree. install.sh resolves the latest worthless from PyPI at install time; pin via WORTHLESS_VERSION=x.y.z curl -sSL https://worthless.sh | sh.

Documentation

Everything lives at docs.wless.io — install guides, the security model, wire protocol, recovery runbook, the verified-install flow, and the agent skill file (Claude Code / Cursor / Windsurf).

Development

git clone https://github.com/shacharm2/worthless && cd worthless
uv sync --extra dev --extra test
uv run pytest

Internal developer documentation lives in engineering/. Security invariants are in SECURITY.md.

Contributing

PRs welcome. Read CONTRIBUTING-security.md first.

License

AGPL-3.0

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for oblangatas from gravatar.com oblangatas

Unverified details

These details have not been verified by PyPI
Meta
  • License: GNU Affero General Public License v3 (AGPL-3.0-only)
  • Author: Shachar Mendelowitz
  • Requires: Python >=3.10
  • Provides-Extra: mcp , dev , test , qa , fuzz
Classifiers

Release history Release notifications | RSS feed

0.3.7

0.3.6

0.3.5

This version

0.3.4

0.3.3

0.3.2

0.3.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

worthless-0.3.4.tar.gz (373.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

worthless-0.3.4-py3-none-any.whl (156.5 kB view details)

Uploaded Python 3

File details

Details for the file worthless-0.3.4.tar.gz.

File metadata

  • Download URL: worthless-0.3.4.tar.gz
  • Upload date:
  • Size: 373.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for worthless-0.3.4.tar.gz
Algorithm Hash digest
SHA256 dc092b7776dad03550cef3b97d5e4f8a72eab7a27bd4b6cda78fd14a8667d6aa
MD5 73b124985f227275b14b11e1cdc1aa18
BLAKE2b-256 6320f6adc5879c978a6d68cd977fd274c86022d01558b4b53e02c2973309e851

See more details on using hashes here.

Provenance

The following attestation bundles were made for worthless-0.3.4.tar.gz:

Publisher: publish.yml on shacharm2/worthless

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file worthless-0.3.4-py3-none-any.whl.

File metadata

  • Download URL: worthless-0.3.4-py3-none-any.whl
  • Upload date:
  • Size: 156.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for worthless-0.3.4-py3-none-any.whl
Algorithm Hash digest
SHA256 5a763f767f184634b646e85eb1804f8da4663cd0b9d62934ddd32a2d59b71a6a
MD5 a1e56c55c7442bf72ea2f27d51d1bb9c
BLAKE2b-256 65dd4c12a05ff49e5b30a88958d0c6c7102850891fed7c3c8121d60254b13634

See more details on using hashes here.

Provenance

The following attestation bundles were made for worthless-0.3.4-py3-none-any.whl:

Publisher: publish.yml on shacharm2/worthless

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page