K0KEYZERO

AI is going where no human has gone before.
It's taking your keys with it.

KeyZero makes sure no workload — human or machine — ever touches a secret it hasn't earned.

$ npm i -g @keyzero/cli
Read the DocsGitHub

Open source. MIT license. One binary. Zero dependencies.

Replace .env in 30 seconds.

terminal
$ kz init
created .keyzero.toml
$ kz add
? Secret name: DATABASE_URL
? Provider: keychain
? Reference: myapp-db-url
✓ Added to .keyzero.toml
$ kz run -- npm start
✓ 3 secrets resolved from keychain
✓ Server running on localhost:3000

Same workflow you already know. Except nothing is on disk. Secrets resolve from your vault at runtime — keychain, 1Password, AWS, Vault, or whatever you already use.

Your AI agent doesn't need your real keys.

Without keyzero
$ env | grep API
OPENAI_API_KEY=sk-proj-abc123def456...
STRIPE_KEY=sk_live_789xyz...

Your agent sees everything. Logs everything. Can leak everything.

With kz run --blind
$ env | grep API
OPENAI_API_KEY=kz_masked_7f3a9b...
STRIPE_KEY=kz_masked_e2c41d...

Masked tokens. Real secrets swapped at the network boundary. Your agent literally cannot leak what it never sees.

Everything Is Fine

// TODO: fix before launch (6 months ago)

01. Your .env Is Famous

It's in 14 repos, 3 Docker images, and a Slack thread titled "temp creds DO NOT USE." Your AI agent just read all of them.

// TODO: rotate keys (opened 2023)
02. Every Agent Has Root

Your LLM can call Stripe, delete S3 buckets, and email your CEO. It earned those permissions by... existing. Nobody asked if it should.

// FIXME: principle of least privilege
03. Secrets Don't Expire

That API key is 18 months old. The person who created it left the company. The agent using it doesn't know what it does. Neither do you.

// NOTE: "temporary" — last modified 2024

One tool. Three depths.

Start with one command. Grow into enterprise.

  • 01
    Start simple

    kz run -- npm start — Secrets resolved from your keychain or any vault. Nothing on disk. No code changes. Works today.

  • 02
    Add isolation

    kz run --blind -- node agent.js — Secrets masked. MITM proxy rewrites them at the network boundary. Connection policies control what your agent can reach.

  • 03
    Scale to your team

    kz serve --bundle policies.yaml — JWT identity verification. CEL policy engine. Audit trail. Same tool, same config format. Enterprise-grade when you need it.

YOUR APPKEYZERO SANDBOXVERIFY IDENTITYCHECK POLICYAUTHORIZE( short-lived · scoped · audited )

Works with your vault. Not ours.

Keychain
macOS & Linux
1Password
Team vaults
AWS
Secrets Manager & SSM
HashiCorp Vault
KV v2
GCP
Secret Manager
age
Encrypted files
env
Environment vars
keyzero server
Centralized policies

No vendor lock-in. Switch providers by changing one line of config.

Adapt Or Get Breached

Feature.env filesdirenvSecret managersKeyZero [K0]
Where secrets livePlaintext on diskPlaintext on diskCentralized vault (app still pulls)Resolved at runtime, never on disk
AI agent safetyAgent reads .env directlyAgent reads .env directlyBuild custom integrationsBlind mode — agent never sees real keys
Credential lifetimeForeverForeverManual rotationEphemeral, auto-expired
Access controlEveryone gets everythingPer-directory, all-or-nothingPolicy-based (static roles)Per-request, per-workload, CEL policies
SetupCreate a fileInstall + write .envrcDeploy server + configurenpm i -g @keyzero/cli && kz init
Works withOne fileOne toolOne vendor8+ backends, any vault

Open source. Runs on your terms.

$ npm i -g @keyzero/cli
$ kz --version # installs as 'kz'
Read the DocsStar on GitHub
| | | .---. | / \ | ( ) ( ) | \ ^ / | '---' |