Add secretctl - AI-safe secrets manager with MCP integration

[forest6511]

Resource Recommendation

Name: secretctl

URL: https://github.com/forest6511/secretctl

Category Suggestion: Tooling 🧰 > General (or a new "Security" subcategory if appropriate)

Description:
Local-first secrets manager with built-in MCP server. Allows Claude Code to run commands with credentials injected as environment variables, without ever exposing plaintext secrets to the AI agent.

Key Features:

• MCP tools: secret_list, secret_run, secret_get_masked, secret_run_with_bindings
• Output sanitization (secrets in stdout are automatically redacted)
• AES-256-GCM encryption with Argon2id key derivation
• Single binary, no cloud dependency

Why it's useful for Claude Code users:
Instead of pasting API keys into Claude Code conversations, users can:

secretctl set aws --field access_key=AKIA... --field secret_key=...
# Claude calls secret_run via MCP - gets command output, never sees credentials

This follows the "Access Without Exposure" philosophy used by 1Password and HashiCorp Vault.

License: Apache 2.0

[hesreallyhim]

i) thanks @forest6511 security contributions are always welcome - I'm having trouble identifying the Claude-Code aspect of it - what would you say to someone who says - "this is a secrets manage (a really good one), with an MCP - and Claude uses MCP"?

ii) does your program store full secrets as environment variables?

[forest6511]

Thanks for the questions! Let me address both:

i) What makes this Claude Code specific?

You're right that it's an MCP server, but the design philosophy is specifically for AI coding assistants like Claude Code:

1. AI-Safe by design: Unlike most secrets managers that would expose plaintext via MCP, secretctl is designed so AI agents never receive secret values. This addresses the unique risk of AI assistants - they can leak secrets through conversation history, logs, or prompt injection.

2. secret_run workflow: Instead of get secret → paste into command, Claude Code calls secret_run which injects credentials as env vars and returns sanitized output. This matches how developers actually use Claude Code for CLI operations.

3. Output sanitization: If a command accidentally prints a secret, it's automatically redacted before returning to Claude. This is specifically useful for AI contexts where you can't control what the AI might ask to run.

That said, if the list is strictly for Claude Code-specific tools (slash commands, CLAUDE.md files, hooks), I understand if this doesn't fit. It's more of a "tool that works especially well with Claude Code" than a "Claude Code extension."

ii) Environment variables storage

No, secrets are not stored as environment variables. They're stored encrypted (AES-256-GCM) in a local SQLite database.

Environment variables are only used at runtime when secret_run is called - the secret is decrypted, injected into the subprocess environment, the command runs, and then the process exits (env vars are gone). The AI only sees the command output, never the env var values.

Storage: SQLite (encrypted) → Runtime: env var injection → Output: sanitized

Hope that clarifies! Happy to adjust the category suggestion or provide more details.

[forest6511]

You're right - secretctl is an MCP server, not a Claude Code-specific tool.

I've submitted it to awesome-mcp-servers instead, which is a better fit.

Closing this issue. Thanks for your time!