Lockbox keeps your API keys encrypted in one place. Your AI coding tools can use them without ever seeing the actual values. And if your code accidentally hits GitHub? Nothing leaks.
If you're building with AI tools like Claude Code or Cursor, you've probably hit at least one of these.
You forgot to add .env to .gitignore, or your AI tool committed it for you. Now your OpenAI key is public and someone's running up your bill.
Some in .env files, some in browser tabs, some in Slack messages. You've got the same API key in three different projects and can't remember which one is current.
Claude Code asks for your API key and you paste it right into the chat. Now it's in your conversation history, your clipboard, and who knows where else.
One key gets compromised and you're hunting through every project, every .env file, every config to find where you used it. It takes hours.
Think of it like a password manager, but built specifically for API keys and designed to work with AI coding tools like Claude Code and Cursor.
One master password locks everything down. Your keys are encrypted with the same standard used by banks and crypto wallets. Even if someone steals the vault file, they can't read it.
FREEClaude Code, Cursor, and Windsurf can store and retrieve your keys directly — no copy-pasting, no .env files lying around. Just ask your AI tool for the key it needs.
FREEYour .env files contain safe references like lockbox://openai/KEY instead of real keys. Push to GitHub all day — nothing sensitive is exposed.
Every time a key is used — whether by you or by an AI tool — it's logged. If something goes wrong, you can see exactly what was accessed and when.
FREEAlready have .env files? Import them in one command. Lockbox reads your existing files and stores everything safely. Migration takes seconds, not hours.
FREEWalk away from your computer? Your vault locks itself after 15 minutes. Someone guessing your password? It slows down after a few wrong tries. Copied a key? Clipboard clears itself.
FREEUse your vault on your laptop and your desktop. Everything is encrypted before it ever leaves your machine — we can never see your keys, even on our servers.
PRO — COMING SOONManage your keys in a clean web interface instead of the command line. Search, filter by project, build .env files visually, and see your access history at a glance.
PRO — COMING SOONCreate shared vaults for your team. Control who can see which keys. See what your team members are using. No more sharing secrets over Slack or email.
TEAM — COMING SOONNo account to create. No server to set up. No configuration files to edit. Just install, store your key, and start building.
Pick a master password. That's it. Lockbox creates an encrypted vault on your machine — your keys never leave your computer unless you want them to.
$ npx lockbox-vault init
Add your API keys one by one, or import an entire .env file at once. Organise them by project so you always know which keys belong where.
$ lockbox add openai API_KEY sk-...
Run your app through Lockbox and it injects your real keys only while your app is running. Or let your AI tool pull keys directly. Either way, nothing is saved to disk.
$ lockbox run "npm start"
Other tools were built for DevOps teams or general password management. Lockbox was built from day one for people who build with AI.
| Feature | Lockbox | Doppler | Infisical | 1Password | EnvKey |
|---|---|---|---|---|---|
| Works with AI tools | ✓ Built-in | ✗ | ✗ | ✗ | Shut down |
| Leak-proof .env files | ✓ lockbox:// | ✗ | ✗ | ✗ | Shut down |
| Works offline | ✓ | ✗ Cloud only | ✗ Cloud only | Partial | Shut down |
| Logs AI tool access | ✓ CLI + AI | ✗ | Basic | ✗ | Shut down |
| Open source | ✓ MIT | ✗ | ✓ | ✗ | Shut down |
| Free tier | ✓ Generous | Limited | Limited | Trial only | — |
| Paid price | $5/mo | $7–21/user | $8–18/user | $3–8/user | — |
| Time to get started | 30 seconds | 15+ minutes | 10+ minutes | 5+ minutes | — |
Everything you need to keep your API keys safe is free. Pro adds convenience features like sync, a visual dashboard, and team sharing when you're ready.
We're building sync, the visual dashboard, and team features based on what our users want most. Join the waitlist to help shape what comes next — and get early access when it's ready.