π
Secretforge AI
Secrets Manager and API key finder with AI abilities
0 installs
1 stars
Trust: 59 β Fair
Security
Installation
npx secretforge-aiAsk AI about Secretforge AI
Powered by Claude Β· Grounded in docs
I know everything about Secretforge AI. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Loading tools...
Reviews
Documentation
π‘οΈ SecretForge AI
Stop Committing API Keys Forever
One command. Zero exposed secrets.
Get Started β’ Documentation β’ Discord β’ Twitter
β‘ What is SecretForge?
SecretForge AI is an AI-powered secret management platform that automatically:
- π Detects required API keys from your project dependencies
- π Provisions secure keys with optimal scopes
- π Rotates keys based on AI-powered schedules
- π‘οΈ Catches exposed secrets in PRs before they hit production
- β Validates compliance (SOC2, GDPR, HIPAA, PCI-DSS)
Built with: Cloudflare Workers + AI Agents + Model Context Protocol
Features
- π€ AI-Powered Detection: Automatically detects required API services from project dependencies
- π Zero-Config Provisioning: Intelligent key generation with minimal configuration
- π Automatic Rotation: Scheduled and policy-based key rotation
- β Compliance Validation: SOC2, GDPR, HIPAA, PCI-DSS compliance checking
- π Edge-Native: Built on Cloudflare Workers for global low-latency
- π¬ Natural Language Interface: Chat with AI assistant via CLI or web dashboard
- π Documentation Search: Vector-based semantic search for API documentation
- π MCP Integration: Seamless integration with Claude Code and MCP-compatible AI tools
Architecture
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β SecretForge AI β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β MCP Server β β CLI β β Web Dashboardβ β
β β (Claude) β β (Ollama) β β (Next.js) β β
β ββββββββ¬ββββββββ ββββββββ¬ββββββββ ββββββββ¬βββββββββ β
β β β β β
β βββββββββββββββββββ΄ββββββββββββββββββ β
β β β
β ββββββββββΌβββββββββ β
β β Cloudflare API β β
β β (Hono/Workers) β β
β ββββββββββ¬ββββββββββ β
β β β
β βββββββββββββββββββΌββββββββββββββββββ β
β β β β β
β ββββββΌβββββ βββββββΌββββββ ββββββΌββββββ β
β β D1 β β KV β βVectorize β β
β β(SQLite) β β(Secrets) β β (Docs) β β
β βββββββββββ βββββββββββββ ββββββββββββ β
β β
β ββββββββββββββββββββββββββββββββββββββββββββ β
β β Cloudflare Agents (Stateful AI) β β
β β GPT-4o β’ Embedded SQLite β’ State Mgmt β β
β ββββββββββββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Quick Start
Prerequisites
- Node.js 20+
- pnpm 8+
- Cloudflare Account (for deployment)
- Ollama (optional, for local CLI AI)
- OpenAI/Anthropic API Keys (for AI features)
Installation
# Clone the repository
git clone https://github.com/yourusername/secretforge-ai.git
cd secretforge-ai
# Install dependencies
pnpm install
# Copy environment template
cp .env.example .env
# Configure environment variables
# Edit .env with your API keys
# Run setup script
bash setup.sh
Development
# Start all services
pnpm dev
# Start specific package
pnpm --filter @secretforge/cli dev
pnpm --filter @secretforge/api dev
pnpm --filter @secretforge/web dev
# Build all packages
pnpm build
# Run tests
pnpm test
# Lint
pnpm lint
Using Docker Compose
# Start all services (Ollama, Miniflare, PostgreSQL, Redis)
docker-compose up -d
# View logs
docker-compose logs -f
# Stop services
docker-compose down
Project Structure
secretforge-ai/
βββ packages/
β βββ api/ # Cloudflare Workers API
β β βββ src/
β β β βββ index.ts # Hono API, Agents, endpoints
β β βββ schema.sql # D1 database schema
β β βββ wrangler.toml # Cloudflare configuration
β β
β βββ cli/ # Command-line interface
β β βββ src/
β β βββ index.ts # Commander CLI, Ollama integration
β β
β βββ mcp-server/ # Model Context Protocol server
β β βββ src/
β β βββ index.ts # MCP tools & prompts
β β
β βββ web/ # Next.js dashboard
β β βββ app/
β β βββ page.tsx # React UI
β β
β βββ shared/ # Shared utilities (future)
β
βββ .github/ # CI/CD workflows
βββ docs/ # Documentation
βββ infrastructure/ # IaC configs
βββ docker-compose.yml # Local development environment
βββ turbo.json # Turborepo configuration
βββ package.json # Monorepo root
Usage
CLI
# Initialize project
secretforge init
# Request API key
secretforge request stripe --env prod --scopes read_write
# Rotate existing key
secretforge rotate secret-id-123
# List all keys
secretforge list
# Chat with AI assistant
secretforge chat "How do I rotate my Stripe keys?"
MCP Server (Claude Code)
Add to your Claude Code MCP settings:
{
"mcpServers": {
"secretforge": {
"command": "npx",
"args": ["-y", "@secretforge/mcp-server"]
}
}
}
Use in Claude:
- "Analyze my project and detect required API keys"
- "Provision a Stripe API key for production"
- "Validate my secrets for SOC2 compliance"
Web Dashboard
cd packages/web
pnpm dev
Visit http://localhost:3000 to access the dashboard.
Configuration
Cloudflare Setup
# Login to Cloudflare
pnpm wrangler login
# Create D1 database
pnpm wrangler d1 create secretforge-db
# Apply schema
pnpm wrangler d1 execute secretforge-db --file=packages/api/schema.sql
# Create KV namespace
pnpm wrangler kv:namespace create SECRETS_VAULT
# Create Vectorize index
pnpm wrangler vectorize create api-docs-index --dimensions=1536 --metric=cosine
# Deploy
pnpm --filter @secretforge/api deploy
Environment Variables
See .env.example for full list. Key variables:
OPENAI_API_KEY: OpenAI API key for embeddings & AIANTHROPIC_API_KEY: Anthropic API key for ClaudeENCRYPTION_KEY: 32-byte encryption key (generate withopenssl rand -base64 32)SECRETFORGE_API: API endpoint URL
Security
- Encryption: AES-GCM 256-bit encryption for all secrets at rest
- Zero-Knowledge: Secrets encrypted before storage, decrypted on-demand
- Audit Logging: All operations logged with IP, user agent, timestamp
- Compliance: Built-in validation for SOC2, GDPR, HIPAA, PCI-DSS
- Rotation Policies: Configurable automatic rotation schedules
Tech Stack
| Layer | Technology |
|---|---|
| Runtime | TypeScript, Node.js 20+ |
| Monorepo | Turborepo |
| API | Hono, Cloudflare Workers |
| Storage | D1 (SQLite), KV, Vectorize |
| AI/LLM | OpenAI GPT-4o, Ollama (Llama 3.1) |
| MCP | @modelcontextprotocol/sdk |
| CLI | Commander, Inquirer, Chalk, Ora |
| Web | Next.js 14, React, Tailwind CSS |
| Agents | Cloudflare Agents API |
Roadmap
- OAuth2 integration for major providers
- Browser extension for 1-click key injection
- Slack/Discord bot for ChatOps
- Terraform/Pulumi provider
- GitHub Actions integration
- Key usage analytics & anomaly detection
- Multi-tenant support
- SSO/SAML for enterprise
Contributing
Contributions welcome! Please read CONTRIBUTING.md first.
# Fork the repo
git checkout -b feature/your-feature
# Make changes and test
pnpm test
# Commit and push
git commit -m "Add your feature"
git push origin feature/your-feature
# Open a pull request
License
MIT License - see LICENSE for details.
Support
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Email: support@secretforge.ai
Acknowledgments
Built with:
Made with β€οΈ by the SecretForge team