macOS secrets manager with Touch ID. A secure dotenv alternative.
Stop putting API keys in .env files. Stop pasting secrets into AI chats.
Website ยท Blog ยท Install ยท CLI Reference ยท vs dotenv ยท vs 1Password CLI
NoxKey is a free, open-source macOS secrets manager that stores API keys, tokens, and credentials in the macOS Keychain (hardware-encrypted via Secure Enclave) and gates every access with Touch ID.
It replaces .env files with a developer CLI and native menu bar app. No cloud. No master password. No subscription. NoxKey detects AI coding agents (Claude Code, Cursor, Copilot) and delivers secrets through an encrypted handoff so the raw value never enters the agent's context window.
brew install no-box-dev/noxkey/noxkeyYou have API keys in .env files. Plaintext. No authentication. Any process on your machine can read them โ including AI coding agents that treat your .env as just another project file.
12.8 million secrets were exposed in public GitHub repos in 2024. The .env pattern was designed in 2012, before AI agents existed. It's a liability.
NoxKey stores secrets in the macOS Keychain (Secure Enclave, hardware-encrypted) and gates every access with Touch ID. No files on disk. No master password. No cloud.
# Store a secret (from clipboard โ never in shell history)
noxkey set myorg/project/STRIPE_KEY --clipboard
# Use it in your shell
eval "$(noxkey get myorg/project/STRIPE_KEY)"
# โ Touch ID prompt โ STRIPE_KEY loaded into environment
# List your secrets (names only, never values)
noxkey ls myorg/When an AI agent calls noxkey get, NoxKey detects the agent by walking the process tree and returns an encrypted handoff โ the secret reaches the agent's environment but never enters its conversation context.
# 1. Install via Homebrew
brew install no-box-dev/noxkey/noxkey
# 2. Launch the app (it lives in your menu bar)
open /Applications/NoxKey.app
# 3. Done โ the CLI works immediately
noxkey lsnoxkey import myorg/project .env # import all secrets
noxkey ls myorg/project/ # verify
rm .env # delete the liability| .env files | 1Password CLI | HashiCorp Vault | NoxKey | |
|---|---|---|---|---|
| Encryption | None | AES-256 (cloud) | Server-side | Secure Enclave (hardware) |
| Auth model | None | Master password | Token-based | Touch ID per access |
| AI agent safety | None | None | None | Process-tree detection |
| Network required | No | Yes (sync) | Yes (server) | No |
| Cost | Free | $36/yr | Free (self-host) | Free |
| Setup | None | Account + master pw | Server infra | brew install |
โโโโโโโโโโโโโโโโ Unix socket โโโโโโโโโโโโโโโโโโโ
โ noxkey CLI โ โโโโโโโโ JSON โโโโโโโโโโโโโถ โ NoxKey.app โ
โ (Swift) โ โ (SwiftUI) โ
โโโโโโโโโโโโโโโโ โโโโโโโโโโฌโโโโโโโโโโ
โ
โโโโโโโโโโผโโโโโโโโโโ
โ Agent Detection โ
โ (process-tree โ
โ walk, 20 levels) โ
โโโโโโโโโโฌโโโโโโโโโโ
โ
โโโโโโโโโโโโโโโ โโโโโโโโโผโโโโโโโโโโโ
โ Touch ID โ โ macOS Keychain โ
โ (Secure โโโ (Data Protection) โ
โ Enclave) โ โโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโ
Menu bar app โ native SwiftUI. Manages the Keychain, handles Touch ID, detects AI agents via proc_pidinfo, serves requests over a Unix domain socket.
CLI โ Swift binary. Talks to the app over the socket. Every request is validated server-side โ the CLI can't bypass agent detection.
Agent detection โ walks the process tree from the requesting PID up to launchd, checking each ancestor against known agent signatures (claude, cursor, codex, windsurf, copilot). Full explanation โ
- Touch ID on every access โ not a password, your fingerprint
- Secure Enclave storage โ decryption key never leaves the chip
- Strict mode โ mark high-value secrets to always require Touch ID, even during sessions
- Zero network โ no telemetry, no sync, no cloud. Secrets never leave your machine
- DLP guard โ scans AI agent output for leaked secret values before they enter context
eval "$(noxkey get org/proj/KEY)"โ one command, any terminal- Session unlock โ
noxkey unlock org/projโ one Touch ID, then batch access - Import/export โ
noxkey import org/proj .envmigrates everything in one step - Peek โ
noxkey peek org/proj/KEYshows first 8 chars for verification - Organize โ
noxkey organizereviews keys and adds missing metadata - Rotate โ
noxkey rotate org/proj/KEYguides you through secret rotation
- Generate โ create login credentials with auto-generated passwords from the quick-access panel
- Organizations โ managed org list, linked emails auto-selected per org
- Email aliases โ generate unique
+aliasvariants per project (e.g.user+react-frontend-a1b2@domain) - Tabbed view โ All | Logins | Recovery Codes | Generate in both panel and main app
- Step-through clipboard โ username copied first, click Next for password
- Browser detection โ auto-detects project from active localhost tab (Chrome, Safari, Arc, Edge)
- Automatic detection โ Claude Code, Cursor, Codex, Windsurf, Copilot identified by process tree
- Encrypted handoff โ agents get secrets in their environment, never in conversation context
- Command blocking โ
--raw,--copy,load,export,bundleblocked for agent callers - DLP scanning โ
noxkey guardcatches leaked values in agent output
noxkey set <org/proj/KEY> --clipboard Store from clipboard
noxkey get <org/proj/KEY> Copy to clipboard (Touch ID)
noxkey peek <org/proj/KEY> Show first 8 chars
noxkey rm <org/proj/KEY> Delete a secret
noxkey ls [prefix] List key names (no values)
noxkey ls --type=login --org=n1 Filter by type, org, or search
noxkey import <org/proj> <file> Import from .env file
noxkey export <org/proj> <file> Export to .env file
noxkey unlock <org/proj> [--timeout=4h] One Touch ID, then batch access
noxkey lock [org/proj] Lock prefix (or all)
noxkey session Show active sessions
noxkey strict <org/proj/KEY> Always require Touch ID (even during sessions)
noxkey unstrict <org/proj/KEY> Remove strict mode
noxkey guard DLP scan stdin for leaked values
noxkey verify Print security verification commands
noxkey audit [N] Show last N audit log entries
noxkey rotate <org/proj/KEY> Guided rotation workflow
noxkey organize [--dry-run] [--auto] Review and fix metadata
noxkey scan [path] [--prefix=org/proj] Find and import .env files
noxkey config <org/proj> --timeout=8h Set session timeout per prefix
noxkey update Update app and/or CLI
org/project/KEY โ project-specific secrets
shared/KEY โ cross-project secrets (e.g. shared/CLOUDFLARE_API_TOKEN)
| What | Where |
|---|---|
| Secret values | macOS Data Protection Keychain (Secure Enclave) |
| Metadata | Separate Keychain item per secret |
| Session cache | In-memory only, cleared on lock/quit |
| Socket | User-only permissions (0600), peer UID verified |
- Secrets never leave the machine in plaintext
- Agent callers receive AES-256-CBC encrypted payloads via self-deleting temp scripts
- Sessions are bound to PID + process start time (prevents PID recycling attacks)
noxkey lsandnoxkey peeknever expose full values
git clone https://github.com/No-Box-Dev/Noxkey.git
cd Noxkey
open NoxKey.xcodeproj
# Build and run (Cmd+R)The CLI auto-installs to ~/.local/bin/noxkey when the app launches. Add ~/.local/bin to your PATH.
Requires macOS 14+ and Xcode 15+.
Deep dives into how NoxKey works and why:
- Stop Putting Secrets in .env Files
- macOS Keychain for Developers
- How Touch ID Can Protect Your API Keys
- The Developer's Guide to Credential Hygiene
- 6 Ways AI Agents Leak Your Secrets
- How We Built Process-Tree Agent Detection
Is NoxKey free? Yes. MIT-licensed, open source, no account, no subscription, no cloud.
How is NoxKey different from 1Password CLI? NoxKey is local-only (no cloud, no account), free, and includes AI agent detection with encrypted handoff. Full comparison.
How is NoxKey different from dotenv? dotenv stores secrets as plaintext files with zero authentication. NoxKey stores them in the hardware-encrypted Keychain with Touch ID. Full comparison.
Does NoxKey work on Linux or Windows? No. NoxKey is macOS only โ it depends on the macOS Keychain and Touch ID. For cross-platform needs, consider 1Password CLI or HashiCorp Vault.
Does NoxKey send data to the cloud? No. Zero outbound network connections. Verifiable via macOS network monitoring.
How does NoxKey detect AI agents? It walks the macOS process tree when a secret is requested. If an AI agent is in the calling chain, the secret is delivered through an encrypted, self-deleting temp script instead of as a raw value. Technical deep-dive.
MIT โ Copyright (c) 2024-2026 No-Box-Dev