How to let AI code with your real API keys (without leaking them)

Mason Wyatt — Tue, 31 Mar 2026 07:03:37 +0000

You want Claude to integrate Stripe. You want Cursor to build your OpenAI pipeline. But your API keys are in .env, and AI can read them.

GitGuardian found 39.6 million secrets leaked on GitHub in 2025. AI-assisted commits leak at 2x the baseline rate.

Phantom fixes this in one command.

The Problem

When you use AI coding tools, your .env secrets enter the LLM context window:

Those keys can leak via session logs, prompt injection, or training data.

$ npx phantom-secrets init

One command:

Your .env now looks like:

OPENAI_API_KEY=phm_a7f3b9e2c1d4f6a8...
STRIPE_SECRET_KEY=phm_2ccb5a1e9f8d7b3c...

These tokens are worthless. Safe to leak. Safe for AI to read.

When your code makes an API call, Phantom's local proxy intercepts it:

$ phantom exec -- node app.js
# Proxy running on 127.0.0.1:54321
# Real keys injected at network layer

Phantom ships an MCP server with 9 tools. Works with Claude Code, Cursor, Windsurf, and Codex.

Claude Code:

$ claude mcp add phantom-secrets-mcp -- npx phantom-secrets-mcp

Cursor / Windsurf / Codex:

{"phantom": {"command": "npx", "args": ["phantom-secrets-mcp"]}}

Once configured, just tell your AI: "protect my API keys" — it handles everything.

Sync your vault across machines with end-to-end encryption:

$ phantom login        # GitHub OAuth
$ phantom cloud push   # Encrypted upload
$ phantom cloud pull   # On another machine

The server never sees your plaintext secrets. ChaCha20-Poly1305 encryption with keys that never leave your device.

$ npx phantom-secrets init

New since launch: cloud sync, export/import, streaming proxy support, team vaults, and MCP tools for Claude Code, Cursor, Windsurf, and Codex.