janee

Secrets management for AI agents via MCP

[](https://www.npmjs.com/package/@true-and-useful/janee) [](https://www.npmjs.com/package/@true-and-useful/janee) [](https://opensource.org/licenses/MIT) [](https://github.com/rsdouglas/janee)

> Your AI agents need API access to be useful. But they shouldn't have your raw API keys. > Janee sits between your agents and your APIs — injecting credentials, enforcing policies, and logging everything.

| | | |---|---| | 🔒 Zero-knowledge agents | Agents call APIs without ever seeing keys | | 📋 Full audit trail | Every request logged with timestamp, method, path, status | | 🛡️ Request policies | Allow/deny rules per capability (e.g., read-only Stripe) | | ⏱️ Session TTLs | Time-limited access with instant revocation | | 🔌 Works with any MCP client | Claude Desktop, Cursor, OpenClaw, and more | | 🏠 Local-first | Keys encrypted on your machine, never sent to a cloud | | 🖥️ Exec mode | Run CLI tools with injected credentials — agents never see the keys | | 🤖 GitHub App auth | Short-lived tokens for autonomous agents — no static PATs | | 🐦 Twitter/X OAuth 1.0a | Per-request OAuth signing — 4 secrets stay encrypted | | ☁️ AWS SigV4 | Sign AWS API requests server-side — SES, S3, and more | | 🔧 Automatic git auth | git push/pull just works when credentials include GitHub tokens |

---

AI agents need API access to be useful. The current approach is to give them your keys and hope they behave.

• 🔓 Agents have full access to Stripe, Gmail, databases
• 📊 No audit trail of what was accessed or why
• 🚫 No kill switch when things go wrong
• 💉 One