npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

enigmagent-mcp

v1.0.5

Published

Local encrypted vault MCP server. AES-256-GCM + Argon2id. Resolves {{PLACEHOLDER}} secrets at runtime so LLMs never see real API keys. Works with Claude Desktop, Cursor, Continue.dev, Cline, Open WebUI.

Downloads

568

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

francisco_angulo_de_lafuentefrancisco_angulo_de_lafuente

Keywords

mcpmcp-servermodel-context-protocolai-agentsllmclaude-desktopcursorvaultsecretssecrets-managementcredentialsencryptionaes-256-gcmargon2idsecurityenigmagentopenclawp2pclaw

Readme

enigmagent-mcp

npm version npm downloads License: MIT Crypto Glama MCP GitHub stars

Local encrypted vault MCP server. Your LLM types {{OPENAI_KEY}}. The real value never reaches the model — not in prompts, not in logs, not in conversation history.

npx enigmagent-mcp --vault ./my.vault.json

That's the entire install. Works with Claude Desktop, Cursor, Continue.dev, Cline, Open WebUI, AnythingLLM, LM Studio, Zed, and anything else that speaks MCP.

Star this repo if you've ever pasted a token you regretted.

The 30-second pitch

You ask Claude to call your GitHub API. Claude needs GITHUB_TOKEN. Three options that all suck:

  1. Paste it in the chat → it lives in the provider's logs forever
  2. Put it in env vars → it leaks the moment Claude reads .env while debugging
  3. Skip the agent → you lose the whole point

Option 4: type {{GITHUB_TOKEN}} in the prompt. EnigmAgent intercepts at the MCP boundary, decrypts locally with AES-256-GCM, and returns the real token only when the requesting origin matches the secret's bound domain. The model literally never has the value.

Setup per client

Claude Desktop

~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "enigmagent": {
      "command": "npx",
      "args": ["-y", "enigmagent-mcp", "--vault", "/absolute/path/to/my.vault.json"]
    }
  }
}

Restart Claude. Two new tools appear: enigmagent_resolve and enigmagent_list.

Cursor

~/.cursor/mcp.json:

{
  "mcpServers": {
    "enigmagent": {
      "command": "npx",
      "args": ["-y", "enigmagent-mcp", "--vault", "/abs/path/my.vault.json"]
    }
  }
}

Continue.dev

~/.continue/config.yaml:

mcpServers:
  - name: enigmagent
    command: npx
    args: ["-y", "enigmagent-mcp", "--vault", "/abs/path/my.vault.json"]

Cline (VS Code)

cline_mcp_settings.json:

{
  "mcpServers": {
    "enigmagent": {
      "command": "npx",
      "args": ["-y", "enigmagent-mcp", "--vault", "/abs/path/my.vault.json"]
    }
  }
}

Open WebUI

# uses mcpo (https://github.com/open-webui/mcpo) as bridge
mcpo --port 8000 -- npx enigmagent-mcp --vault /abs/path/my.vault.json

Custom REST integration

npx enigmagent-mcp --mode rest --port 3737 --vault /abs/path/my.vault.json

Then POST /resolve with {"placeholder": "OPENAI_KEY", "origin": "https://api.openai.com"} returns the decrypted value (only when the origin matches the secret's bound domain).

CI / headless mode

Skip the interactive password prompt with env vars (only do this in trusted environments):

ENIGMAGENT_USER=alice ENIGMAGENT_PASS=… npx enigmagent-mcp --vault ./my.vault.json

Without these, the server starts in locked mode if there's no TTY — useful behind mcp-proxy and similar wrappers.

MCP tools exposed

| Tool | Description | |---|---| | enigmagent_resolve | Resolve a placeholder to its vault value. Domain binding enforced — the requesting origin must match the secret's bound domain | | enigmagent_list | List secret names + their bound domains. Never returns values |

// example tool call
{
  "name": "enigmagent_resolve",
  "arguments": {
    "placeholder": "GITHUB_TOKEN",
    "origin": "https://api.github.com"
  }
}
// → returns the decrypted token string

How it works

LLM emits tool call:  fetch({headers: {Authorization: "Bearer {{OPENAI_KEY}}"}})
                                                              │
                                              ┌───────────────▼───────────────┐
                                              │  enigmagent-mcp (this server) │
                                              │  • match placeholder name     │
                                              │  • check origin == bound dom. │
                                              │  • decrypt with AES-256-GCM   │
                                              └───────────────┬───────────────┘
                                                              │  real token
                                                              ▼
                                                    HTTPS to api.openai.com

The plaintext value exists in process memory for one event-loop tick. Never logged, never in stdout, never visible to the model.

Security model

| Layer | Implementation | |---|---| | KDF | Argon2id (m=64 MiB, t=3, p=1) — @noble/[email protected], bundled | | Encryption | AES-256-GCM, 96-bit nonce per entry | | Domain binding | Every secret pinned to a domain; resolver rejects mismatched origins | | Master key | Lives in process memory only — never written to disk | | Vault file | Encrypted JSON, plaintext never persisted |

What it does not protect against: a compromised process reading session memory, a malicious MCP server you've connected to with permission to call enigmagent_resolve, side-channels (timing, swap, core dumps). Full threat model: docs/THREAT_MODEL.md.

Full ecosystem

This repo is the MCP server alone. The full EnigmAgent project includes:

  • Browser extension (Chrome/Firefox/Edge) for credentials inside web forms
  • Python SDK for LangChain / LlamaIndex / CrewAI
  • REST + stdio dual-mode API
  • Domain-bound document injection ({{DOC:filename}})

Main repository: https://github.com/Agnuxo1/EnigmAgent

EnigmAgent is part of the OpenCLAW / P2PCLAW ecosystem of privacy-preserving local AI tooling — a multi-agent scientific research network where dozens of LLM agents need credentials and none of them should have them.

License

MIT — see LICENSE.

Contributing

Pull requests welcome. Security disclosures: see SECURITY.md in the main repo.

Francisco Angulo de Lafuente