proxykey is a credential proxy and vault for API keys. Your real keys (OpenAI, Anthropic, Telegram, Stripe and 25+ providers) are encrypted with AES-256-GCM and never leave the server. Apps and AI agents authenticate with revocable "passes" (vlt_...) that carry per-pass IP binding, rate limits and full request logs.
This MCP server lets an agent manage those passes: list_providers, list_secrets, create_pass, create_pending_pass, update_pass, rotate_pass, revoke_pass, delete_pass, rebind_pass_ip, get_pass_logs, get_pass_stats and more (13 tools). A "read the real key" operation does not exist in the toolset — only a human can enter the original key, in the panel. A leaked pass is a non-event: wrong IP is denied, limits cap abuse, and revocation is one click without touching the original.
Hosted endpoint: https://mcp.proxykey.org/mcp (Streamable HTTP). Auth: a Bearer mcp_... token minted in the panel at https://app.proxykey.org. Docs: https://app.proxykey.org/docs.html