keychain-auth sits between your CLI tools and your operating system’s keychain (macOS Keychain, Linux Secret Service, or Windows Credential Manager), enforcing cryptographic binary verification and zero-trust access control on every request. Instead of letting any process on your machine silently read your secrets, keychain-auth verifies the exact identity of every caller before granting access.Documentation Index
Fetch the complete documentation index at: https://theseventeen-2abbdf80.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Quick Start
Install keychain-auth and secure your first CLI integration in minutes.
How It Works
Understand the security model, kernel verification, and access control policies.
CLI Reference
Explore all daemon and management commands: start, register, approve, and more.
Protocol Reference
Build a client integration using the JSON-over-socket wire protocol.
Why keychain-auth?
On Linux and Windows, any process running under your user account can silently read all credentials from the system keychain — no password required. On macOS, constant permission dialogs train users to click “Always Allow,” granting every CLI tool permanent access. keychain-auth eliminates both attack surfaces.Zero-Trust Access Control
Every binary is verified by SHA-256 hash and restricted to explicit service namespaces.
Audit Log
Every read, write, search, and denial is logged with granular per-secret records.
Integration Guide
Register your tool, configure permissions, and implement namespace isolation.
Platform Support
Works on macOS, Linux, and Windows with automatic headless fallback.
Get started in three steps
Install keychain-auth
Download and install the keychain-auth binary for your platform. See the installation guide for platform-specific instructions.
Start the daemon
Run
keychain-auth start to launch the security daemon. It will begin listening on a local Unix socket or Windows Named Pipe.