Split-key reverse proxy that makes leaked API keys worthless

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for oblangatas from gravatar.com oblangatas

Unverified details

These details have not been verified by PyPI
Meta
  • License: GNU Affero General Public License v3 (AGPL-3.0-only)
  • Author: Shachar Mendelowitz
  • Requires: Python >=3.10
  • Provides-Extra: mcp , dev , test , qa , fuzz
Classifiers
Report project as malware

Project description

Worthless

Make leaked API keys worthless.

Python 3.10+ License: AGPL-3.0 Tests

When your .env leaks, the keys inside are placeholders. The real key never sits in your repo, your shell history, or your laptop's memory.

Quickstart

curl -sSL https://worthless.sh | sh        # fresh machine, no Python needed
# or, if you already have Python 3.10+:
pipx install worthless

Then cd into your project and run worthless. It detects keys in your .env, splits them, starts a local proxy. No code changes.

The Worker emits an X-Worthless-Script-Sha256 header so you can verify the bytes you ran match the bytes the Worker advertised before piping into sh. The check catches transit/cache tampering, not origin compromise — cosign-signed release manifests for that are tracked in WOR-303.

Full install options (Docker, MCP for Claude Code / Cursor / Windsurf, GitHub Actions, the verified-install flow, kill-switch runbook): docs.wless.io

Scope

Worthless scans for LLM provider API key prefixes only — currently openai (sk-, sk-proj-), anthropic (sk-ant-), google (AIza), and xai (xai-). For general secret detection (cloud tokens, GitHub PATs, AWS access keys, npm tokens, Cloudflare API tokens, etc.), use gitleaks or trufflehog as a companion tool — worthless will not flag those and is not trying to replace them.

How it works

  1. worthless lock splits each API key into two shards
  2. Shard A stays on your machine (encrypted). Shard B goes to the proxy database
  3. Your .env is rewritten with shard A — format-preserving, but cryptographically useless alone
  4. The proxy reconstructs the key only when the rules engine approves the request
  5. Spend cap blown? The key never forms. The request never reaches the provider

Platforms

Platform Status
macOS Supported
Linux Supported
Windows + WSL Supported
Native Windows Not supported — use WSL or Docker

Native-Windows support is tracked in WOR-237. See docs.wless.io for the full distro support matrix.

Versioning

PyPI version, signed git tag (vX.Y.Z), and the X-Worthless-Script-Tag header on worthless.sh are kept aligned — CI fails fast if pyproject.toml and the tag disagree. install.sh resolves the latest worthless from PyPI at install time; pin via WORTHLESS_VERSION=x.y.z curl -sSL https://worthless.sh | sh.

Documentation

Everything lives at docs.wless.io — install guides, the security model, wire protocol, recovery runbook, the verified-install flow, and the agent skill file (Claude Code / Cursor / Windsurf).

Development

git clone https://github.com/shacharm2/worthless && cd worthless
uv sync --extra dev --extra test
uv run pytest

Internal developer documentation lives in engineering/. Security invariants are in SECURITY.md.

Contributing

PRs welcome. Read CONTRIBUTING-security.md first.

License

AGPL-3.0

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for oblangatas from gravatar.com oblangatas

Unverified details

These details have not been verified by PyPI
Meta
  • License: GNU Affero General Public License v3 (AGPL-3.0-only)
  • Author: Shachar Mendelowitz
  • Requires: Python >=3.10
  • Provides-Extra: mcp , dev , test , qa , fuzz
Classifiers

Release history Release notifications | RSS feed

0.3.7

This version

0.3.6

0.3.5

0.3.4

0.3.3

0.3.2

0.3.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

worthless-0.3.6.tar.gz (440.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

worthless-0.3.6-py3-none-any.whl (198.5 kB view details)

Uploaded Python 3

File details

Details for the file worthless-0.3.6.tar.gz.

File metadata

  • Download URL: worthless-0.3.6.tar.gz
  • Upload date:
  • Size: 440.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for worthless-0.3.6.tar.gz
Algorithm Hash digest
SHA256 17c75f16e03d47ef1572e23e120ebdaf607d1299fa7c57eb0247f130a4737170
MD5 49e88d1ead9977055c800fee6f7e579a
BLAKE2b-256 c2a986ee870a22d338016ceeb5c698872afbdc58e955032f6c3df9a9930c5820

See more details on using hashes here.

Provenance

The following attestation bundles were made for worthless-0.3.6.tar.gz:

Publisher: publish.yml on shacharm2/worthless

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file worthless-0.3.6-py3-none-any.whl.

File metadata

  • Download URL: worthless-0.3.6-py3-none-any.whl
  • Upload date:
  • Size: 198.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for worthless-0.3.6-py3-none-any.whl
Algorithm Hash digest
SHA256 c0100756b6c2dfa1c58cc1a9c3431084548d132b1827c35cd609d81cf425c6fb
MD5 0e6752be8d25a31abc49a520d7fbdb58
BLAKE2b-256 44d85e61b990dedaf2156aa914371ec468533e08f135d765db0cf086b8b5bbbc

See more details on using hashes here.

Provenance

The following attestation bundles were made for worthless-0.3.6-py3-none-any.whl:

Publisher: publish.yml on shacharm2/worthless

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page