contexter-vault
redact secrets from Claude Code before they leave your machine
Local proxy that intercepts every Claude Code request, swaps your API keys and client credentials for <<VAULT:name>> placeholders, and substitutes real values back only at tool execution time. AES-256-GCM local vault. Zero runtime dependencies. Open source MIT.
how it works
contexter-vault init Creates AES-256-GCM vault at ~/.contexter-vault/, registers Claude Code hooks, sets ANTHROPIC_BASE_URL=http://127.0.0.1:9277
contexter-vault add stripe-key Encrypts your secret into the vault, returns <<VAULT:stripe-key>> placeholder. The value never touches your shell history, git, or prompt context.
claude chat Proxy redacts placeholder values in every outbound request. Tools substitute real values only at execution time. Anthropic never sees the raw secret.
features
NDA-first design
Every value you register in the vault is covered by a hard network boundary. If your freelance contracts prohibit sharing client production credentials with third-party AI services, the vault turns that clause into a runtime guarantee.
Zero runtime dependencies
500 lines of TypeScript on Bun. node:crypto for AES-256-GCM. No npm install magic, no supply-chain surface. Auditable in one evening.
AES-256-GCM local vault
Your master key never leaves your machine. No cloud account, no sync service, no telemetry. The vault file is a single encrypted blob at ~/.contexter-vault/vault.enc.
Works transparently
Uses the documented ANTHROPIC_BASE_URL env var. Same integration pattern as enterprise LLM gateways (Portkey, LiteLLM, Nexus). Claude Code sees only placeholders; tool execution gets real values locally.
how it compares
| feature | contexter-vault | raw env var | mitmproxy |
|---|---|---|---|
| Secrets redacted from prompts | ✓ | ✗ | needs custom script |
| Zero-config install | ✓ | ✓ | ✗ (root CA + per-app scripts) |
| Anthropic ToS clean | ✓ | ✓ | ambiguous |
| Works with Claude Code CLI | ✓ | partial (strip manually) | ✓ |
| Works with Claude Desktop | planned v0.3 | ✗ | ✓ |
| Local AES-256-GCM vault | ✓ | ✗ | ✗ |
| Open source MIT | ✓ | n/a | ✓ (BSD-3) |
faq
Will Anthropic ban me for using this? +
No. ANTHROPIC_BASE_URL is an officially documented env var for LLM gateway setups. All auth headers forwarded unchanged. Usage attributable to your Anthropic account.
What's the performance overhead? +
Negligible. Proxy adds under 5ms per request. Streaming throughput unchanged.
How is this different from dotenv? +
dotenv loads secrets into your shell environment where any process can read them. The vault keeps secrets encrypted at rest, redacts them from network traffic, and substitutes them only at tool-execution time.
Does it work with Claude Desktop app? +
Not in v0.2. v0.3 planned with HTTPS MITM + self-signed CA.
What if I leak the vault file? +
The file is AES-256-GCM encrypted. The key lives separately at ~/.contexter-vault/vault.key. Both are needed to decrypt. Use disk encryption as your outer layer.
Is this replacing Claude Code itself? +
No. The proxy sits between Claude Code and the Anthropic API. Transparent. Claude Code behaves exactly as before.
ship it
30 seconds from install to redaction
npm install -g contexter-vaultcontexter-vault init && contexter-vault startrequires bun ≥1.0 · tested on macos, linux, windows