Secure, transparent credential injection for AI coding assistants and development tools.
CloakCode is a zero-knowledge credential management system that allows AI assistants (like Claude, Cursor, Aider) to make authenticated API calls without ever seeing your real credentials. It works by intercepting requests with dummy credentials and transparently replacing them with real ones via a proxy.
- π Zero-Knowledge Security - AI never sees your real API keys
- π Universal Support - Works with ANY API (OpenAI, Anthropic, AWS, GitHub, Stripe, etc.)
- π Transparent Proxy - No code changes required
- π¦ Docker Isolated - Runs in isolated containers for maximum security
- π¨ Strategy-Based - Pluggable authentication protocols (Bearer, AWS SigV4, OAuth, etc.)
- π« Telemetry Blocking - Automatically blocks tracking and analytics
- π Audit Logging - Complete audit trail of all credential usage
- π‘οΈ Host Whitelisting - Credentials only work for authorized domains
- Docker and docker-compose
- Python 3.12 or 3.13 (3.14 not supported yet)
- macOS, Linux, or WSL2
# 1. Clone the repository
git clone https://github.com/andrewgibson-cic/cloak-code.git
cd cloak-code
# 2. Install Python dependencies
make install
# 3. Verify installation
make verify
# 4. Start CloakCode
make start
# 5. Check status
make status-
Configure credentials (already created):
.env- Your real API credentials (git-ignored)credentials.yml- Credential mapping configurationproxy/config.yaml- Proxy rules and strategies
-
Add your API keys to
.env:# Edit .env and replace DUMMY values with real credentials OPENAI_API_KEY=sk-proj-your-real-key-here ANTHROPIC_API_KEY=sk-ant-your-real-key-here GITHUB_TOKEN=ghp_your-real-token-here -
Configure your AI assistant with DUMMY credentials:
# In Cline/Claude Code settings: API Key: DUMMY_ANTHROPIC_KEY # In Cursor settings: OpenAI Key: DUMMY_OPENAI_KEY
-
Verify it works:
make logs-proxy # Watch credential injection in action
- QUICK_START.md - Detailed setup guide
- COMMANDS.md - Complete make commands reference
- docs/ - Architecture and implementation details
# Start/Stop
make start # Start CloakCode containers
make stop # Stop containers
make restart # Restart containers
make status # Show container status
# Logging
make logs # Follow all logs
make logs-proxy # Watch proxy credential injection
make logs-agent # Watch agent container logs
# Development
make test # Run all tests
make test-unit # Run unit tests only
make format # Format code with black
# Maintenance
make clean # Clean Python artifacts
make docker-clean # Remove all Docker resourcesSee COMMANDS.md for complete command reference.
- AI Assistant makes API call with dummy credential (e.g.,
DUMMY_OPENAI_KEY) - Proxy intercepts the request
- Strategy detects dummy credential and validates target host
- Injection replaces dummy with real credential from
.env - Request proceeds to API with real credential
- Audit Log records the injection (without logging real credential)
βββββββββββββββββββ
β AI Assistant β Uses: DUMMY_OPENAI_KEY
β (Cline/Cursor) β
ββββββββββ¬βββββββββ
β HTTP Request
βΌ
βββββββββββββββββββ
β CloakCode β Intercepts request
β Proxy β Validates host: api.openai.com β
ββββββββββ¬βββββββββ Injects: sk-proj-real-key-***
β
βΌ
βββββββββββββββββββ
β OpenAI API β Receives real credential
β api.openai.com β Processes request
βββββββββββββββββββ
- Credentials only work for authorized domains
- Prevents credential theft via domain spoofing
- Cross-service protection (OpenAI key won't work for GitHub)
- Automatically blocks tracking/analytics domains
- Prevents credential leakage via telemetry
- Configurable blocklist
- Blocks requests on error (security over convenience)
- Prevents accidental credential exposure
- Comprehensive error handling
- Complete audit trail in
logs/audit.json - Records all credential injections
- Never logs real credentials (only dummy tokens)
CloakCode supports ANY API! Pre-configured strategies for:
- AI/ML: OpenAI, Anthropic, Google Gemini, Mistral AI, IBM WatsonX
- Version Control: GitHub, GitLab, Bitbucket, Azure DevOps
- Cloud: AWS (SigV4), Google Cloud, Azure
- Payments: Stripe, PayPal
- Communication: Slack, Discord, Twilio, SendGrid
- Custom: Easy to add your own via
credentials.yml
- β Core credential injection working
- β Multiple authentication strategies (Bearer, AWS SigV4, Git PAT)
- β Docker containerization
- β Comprehensive test suite
- β Documentation complete
β οΈ Docker proxy container has permission issue (being debugged)- π§ Production hardening in progress
Contributions welcome! See CONTRIBUTING.md for guidelines.
# Make sure you're using the virtual environment
source venv/bin/activate
make test# Check logs for errors
make logs-proxy
# Verify configuration
make verify
# Try rebuilding
make docker-clean
make start# Watch the proxy logs
make logs-proxy
# Verify your .env has real credentials
cat .env
# Check credentials.yml configuration
cat credentials.yml# Show all available commands
make help
# Verify installation
make verify
# Check container status
make status- GitHub: andrewgibson-cic/cloak-code
- Issues: Report bugs or request features
- Discussions: Ask questions
.env file or share your real API credentials. CloakCode is designed to keep credentials secure, but always follow security best practices.
π‘ Pro Tip: Use make logs-proxy to watch credential injection happen in real-time. It's educational and helps debug issues!