Split-key reverse proxy that makes leaked API keys worthless

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for oblangatas from gravatar.com oblangatas

Unverified details

These details have not been verified by PyPI
Meta
  • License: GNU Affero General Public License v3 (AGPL-3.0-only)
  • Author: Shachar Mendelowitz
  • Requires: Python >=3.10
  • Provides-Extra: mcp , dev , test , qa , fuzz
Classifiers
Report project as malware

Project description

Worthless

Make leaked API keys worthless.

Python 3.10+ License: AGPL-3.0 Tests

When your .env leaks, the keys inside are placeholders. The real key never sits in your repo, your shell history, or your laptop's memory.

Quickstart

curl -sSL https://worthless.sh | sh        # fresh machine, no Python needed
# or, if you already have Python 3.10+:
pipx install worthless

Then cd into your project and run worthless. It detects keys in your .env, splits them, starts a local proxy. No code changes.

The Worker emits an X-Worthless-Script-Sha256 header so you can verify the bytes you ran match the bytes the Worker advertised before piping into sh. The check catches transit/cache tampering, not origin compromise — cosign-signed release manifests for that are tracked in WOR-303.

Full install options (Docker, MCP for Claude Code / Cursor / Windsurf, GitHub Actions, the verified-install flow, kill-switch runbook): docs.wless.io

Scope

Worthless scans for LLM provider API key prefixes only — currently openai (sk-, sk-proj-), anthropic (sk-ant-), google (AIza), and xai (xai-). For general secret detection (cloud tokens, GitHub PATs, AWS access keys, npm tokens, Cloudflare API tokens, etc.), use gitleaks or trufflehog as a companion tool — worthless will not flag those and is not trying to replace them.

How it works

  1. worthless lock splits each API key into two shards
  2. Shard A stays on your machine (encrypted). Shard B goes to the proxy database
  3. Your .env is rewritten with shard A — format-preserving, but cryptographically useless alone
  4. The proxy reconstructs the key only when the rules engine approves the request
  5. Spend cap blown? The key never forms. The request never reaches the provider

Platforms

Platform Status
macOS Supported
Linux Supported
Windows + WSL Supported
Native Windows Not supported — use WSL or Docker

Native-Windows support is tracked in WOR-237. See docs.wless.io for the full distro support matrix.

Versioning

PyPI version, signed git tag (vX.Y.Z), and the X-Worthless-Script-Tag header on worthless.sh are kept aligned — CI fails fast if pyproject.toml and the tag disagree. install.sh resolves the latest worthless from PyPI at install time; pin via WORTHLESS_VERSION=x.y.z curl -sSL https://worthless.sh | sh.

Documentation

Everything lives at docs.wless.io — install guides, the security model, wire protocol, recovery runbook, the verified-install flow, and the agent skill file (Claude Code / Cursor / Windsurf).

Development

git clone https://github.com/shacharm2/worthless && cd worthless
uv sync --extra dev --extra test
uv run pytest

Internal developer documentation lives in engineering/. Security invariants are in SECURITY.md.

Contributing

PRs welcome. Read CONTRIBUTING-security.md first.

License

AGPL-3.0

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for oblangatas from gravatar.com oblangatas

Unverified details

These details have not been verified by PyPI
Meta
  • License: GNU Affero General Public License v3 (AGPL-3.0-only)
  • Author: Shachar Mendelowitz
  • Requires: Python >=3.10
  • Provides-Extra: mcp , dev , test , qa , fuzz
Classifiers

Release history Release notifications | RSS feed

0.3.7

0.3.6

This version

0.3.5

0.3.4

0.3.3

0.3.2

0.3.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

worthless-0.3.5.tar.gz (376.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

worthless-0.3.5-py3-none-any.whl (156.3 kB view details)

Uploaded Python 3

File details

Details for the file worthless-0.3.5.tar.gz.

File metadata

  • Download URL: worthless-0.3.5.tar.gz
  • Upload date:
  • Size: 376.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for worthless-0.3.5.tar.gz
Algorithm Hash digest
SHA256 eec11c200840493b5c5853aedd2d5608839b1401695934e0d6fbb40f54fa3d74
MD5 b020c8ab5ac3ab7d8ff20a519f68e43f
BLAKE2b-256 6c617293de08b6bbae3caf9de53605ab3aab065f80933a69d383399bba0e1ba2

See more details on using hashes here.

Provenance

The following attestation bundles were made for worthless-0.3.5.tar.gz:

Publisher: publish.yml on shacharm2/worthless

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file worthless-0.3.5-py3-none-any.whl.

File metadata

  • Download URL: worthless-0.3.5-py3-none-any.whl
  • Upload date:
  • Size: 156.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for worthless-0.3.5-py3-none-any.whl
Algorithm Hash digest
SHA256 e161a411ee4dbb5ec5eee51a34ba5cd50460a4f0785a5a18003377446d1a7352
MD5 6a2df2c75d49a7e56e6ee1699963eee4
BLAKE2b-256 e87c95cac4fb093b726f07a385a4aafde5e1af85960c712f9c1e0b37aba6e991

See more details on using hashes here.

Provenance

The following attestation bundles were made for worthless-0.3.5-py3-none-any.whl:

Publisher: publish.yml on shacharm2/worthless

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page