Know exactly what your AI agent accesses
Audit logs, access rules, and encryption for Claude Code
SecureCodeHQ encrypts your API keys, tokens and passwords. Claude Code accesses them via MCP with full audit trail and access policies. Setup in 30 seconds.
Add to Claude Code. That's it.
$ claude mcp add securecode -- npx -y @securecode/mcp-serverYou'll need to restart Claude Code twice: once after installing the MCP, and once after setting up your API key.
Then tell Claude Code:
See it in action
From install to fully configured in under 2 minutes.
Secrets and AI don't mix well
No audit trail of which AI model accessed what, when, or from where
No access policies or rules for AI agents accessing your secrets
.env files get committed to git by accident
Pasting keys in Claude chat sends them to external APIs
SecureCodeHQ solves all of this.
Up and running in 3 steps
Store your secrets
Import your .env file or create secrets from the dashboard. Organize with tags by project.
Connect Claude Code
Add 6 lines of MCP config. One-time setup, takes 30 seconds.
Claude uses them securely
Claude Code reads secrets via MCP. Values never appear in the chat. Every access is logged.
Everything you need, nothing you don't
Envelope Encryption
Every secret is encrypted with its own key (DEK), wrapped by Cloud KMS. AES-256-GCM. Enterprise-grade security without the enterprise price.
Native Claude Code MCP
Claude Code reads your secrets via MCP protocol. Values are injected directly, never exposed in the chat or sent to AI APIs.
MCP Access Rules
Tag-based policies that control how AI agents access your secrets. Block, require confirmation, restrict by model, or get notified. All enforced server-side.
Full Audit Trail
Every access is logged: who, when, which AI model, from what IP. Know exactly what's happening with your secrets.
Teams & Roles
Invite your team, assign roles (owner, admin, editor, viewer), set tag-based access. Each member sees only what they should.
Import & Export
Drag-and-drop your .env files or CSV with full metadata. Export anytime. Migrate in seconds, not hours.
Device Approval
New devices and MCP servers need approval before accessing secrets. You control which machines can read your keys.
CLI Migration
Run npx securecode migrate to import your .env files in one command. No manual copy-paste, no UI needed. From terminal to vault in 30 seconds.
Zero-Config Runtime
Use loadEnv() to inject secrets into process.env, or securecode-run to wrap any command. Your app reads secrets without code changes.
Smart Security Tips
The Tip Engine analyzes your usage and gives real-time security recommendations. Rotating expiring keys, detecting hardcoded secrets, and more.
Flexible Plans & Overrides
Custom plans and per-user overrides let you tailor limits to your needs. Graceful downgrades protect your data. No secrets lost, no access interrupted.
Vault Visualizer
See all your secrets organized by tag in a visual canvas. Drag, zoom, collapse groups. Understand your vault at a glance.
Chrome Extension
Generate passwords, API keys, UUIDs and more from any browser tab. Save directly to your vault with one click.
Built on real security, not promises
Every layer of SecureCodeHQ is designed to keep your secrets safe. Here's a quick overview.
AES-256-GCM Envelope Encryption
Each secret has its own encryption key (DEK), protected by Google Cloud KMS. The master key never leaves Google's HSM infrastructure.
Zero-Knowledge AI Access
When Claude Code uses your secrets, the AI agent never sees the values. Secrets are injected into temporary files, not into the conversation.
Device Approval Required
Every new agent + machine + IP combination is blocked by default. You explicitly approve each device from the dashboard.
Tag-Based Access Policies
Block secrets from AI access, require sessions, restrict specific models, or get email notifications on every access.
Full Audit Trail
Every access is logged: who, what, when, how, and from where. Including which AI model was used and whether it was inject or reveal mode.
Your secrets deserve better than a .env file
Start free with 50 secrets. Upgrade when you grow.
No credit card required