A secure local MCP server for managing API keys with user approval
SecretButler provides a secure way to manage and share API keys with MCP clients like Claude Desktop and Cursor. It runs as a local server with a native GUI that requires explicit user approval before sharing any secrets.
- 🔒 Secure: Stores API keys locally in
~/.secretbutler.toml - 👤 User-controlled: GUI popup requires explicit approval for each request
- 🔌 MCP compatible: Works with any MCP client
- ⚙️ Easy setup: Simple TOML configuration
- 🍎 Native macOS: Uses native macOS GUI components
Add to your MCP client configuration:
{
"mcpServers": {
"SecretButler": {
"command": "uvx",
"args": ["secretbutler"],
"env": {
"CLIENT_NAME": "Claude"
}
}
}
}On first run, SecretButler creates ~/.secretbutler.toml:
[secrets]
OPENAI_API_KEY = "sk-..."
ANTHROPIC_API_KEY = "sk-ant-..."
HF_API_KEY = "hf_..."Simply edit this file to add your API keys.
| Tool | Description |
|---|---|
list_secrets() |
Returns available secret names (no approval needed) |
request_secrets(secret_names, client_name) |
Request specific secrets with user approval |
- ✅ Secrets stored locally only
- ✅ No sharing without explicit approval
- ✅ Clear approval dialogs show requested secrets and client
- ✅ Foreground GUI prevents unauthorized access
MIT License