Blog/Announcing the Keystore CLI

Announcing the Keystore CLI

Keystore Team··5 min read

Announcing the Keystore CLI

Today we are shipping @keystore/cli, a command-line tool for managing every aspect of your Keystore vault: providers, tokens, budgets, audit logs, and credential rotation.

We built it because the current state of credential management in AI agent development is indefensible. AutoGPT stores API keys in a .env file. LangChain reads OPENAI_API_KEY from the environment. CrewAI does the same. Every major agent framework treats credentials as plaintext strings loaded at process startup, with no encryption at rest, no rotation mechanism, no access auditing, and no budget enforcement.

The result: GitGuardian reported 23.8 million secrets leaked on GitHub in 2024, a 25% increase year over year. Among them, 46,441 OpenAI API keys were exposed every month --- a 1,212x increase from 2022. A 2022 GitGuardian study found that 70% of secrets leaked in previous years were still valid at the time of detection. Nobody was rotating them.

OWASP's guidance for AI applications is explicit: credentials should be short-lived and dynamically generated, expiring within hours or minutes. The reality is that most teams hard-code long-lived keys and never touch them again until something breaks. The CLI is designed to close that gap --- making the practices that security experts recommend as easy to execute as the anti-patterns they replace.

Installation

bash
1
2
npm install -g @keystore/cli
ks login

What the CLI Does

Provider Management

Add providers with credentials encrypted via AES-256-GCM before storage. The plaintext key is never logged, cached locally, or displayed after entry.

bash
1
2
3
ks provider add openai --key sk-your-api-key
ks provider add anthropic --key sk-ant-your-key
ks provider list
1
2
3
NAME        SOURCE    STATUS    ADDED
openai      byok      active    2026-02-20
anthropic   byok      active    2026-02-20

Token Management

Create scoped tokens with budget and rate limit policies:

bash
1
2
3
4
5
6
ks token create \
  --name production-agent \
  --providers openai,anthropic \
  --budget 100 \
  --budget-period monthly \
  --rate-limit 200/minute

List, update, and revoke tokens instantly:

bash
1
2
3
ks token list
ks token update production-agent --budget 150
ks token revoke compromised-agent

Revocation is immediate. The agent loses access on its next request. The underlying provider credentials remain intact --- you only rotate provider keys if the provider key itself (not the ks_ token) was compromised.

Audit Logs

Query per-request logs showing provider, endpoint, status, and cost:

bash
1
2
3
4
ks logs --token production-agent --last 20
ks logs --provider openai --since "2 hours ago"
ks logs --status 4xx,5xx --last 50
ks logs --format json --since 2026-02-01 > february.json

The Workflows That Matter

Credential Rotation

OWASP recommends short-lived credentials. The CLI makes rotation scriptable:

bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# Rotate a provider key
ks provider update openai --key sk-new-api-key

# Rotate an agent token (revoke old, create new, deploy)
ks token revoke staging-agent --quiet

NEW_TOKEN=$(ks token create \
  --name staging-agent \
  --providers openai,anthropic \
  --budget 50 \
  --budget-period monthly \
  --format token-only)

gh secret set KS_TOKEN --body "$NEW_TOKEN"

The provider key update is transparent to all agent tokens --- they continue working through the proxy with no code changes. The agent token rotation can be automated in CI/CD, enabling the short-lived credential lifecycle that security auditors ask for and development teams rarely implement.

Investigating Cost Spikes

In January 2026, a recursive agent loop ran for 11 days unnoticed, accumulating $47,000 in API charges. The team only discovered it when the monthly invoice arrived. With the CLI, you can catch this within minutes:

bash
1
2
3
4
5
6
7
8
9
10
11
# Spot the anomaly: which tokens are spending the most today?
ks workspace usage --period today

# Drill into the suspicious token
ks logs --token runaway-agent --since "24 hours ago" --format summary

# See the pattern: hundreds of identical calls
ks logs --token runaway-agent --provider openai --last 100

# Kill it immediately
ks token revoke runaway-agent

The audit log makes the pattern visible --- hundreds of identical requests to the same endpoint in rapid succession. The budget system would have stopped it automatically, but even without a budget, the logs give you the forensic trail to identify and kill the problem.

Another real case: a contract analysis agent generated $1,410 in charges across 47,000 API calls in just 6 hours. The developer had no visibility into what the agent was doing until the bill arrived. Per-request audit logging eliminates that blind spot.

Bootstrapping New Environments

Script the complete setup for a new project, with different budget tiers per environment:

bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#!/bin/bash
# setup-keystore.sh

ks provider add openai --key "$OPENAI_KEY"
ks provider add anthropic --key "$ANTHROPIC_KEY"

for env in dev staging prod; do
  BUDGET=$([ "$env" = "prod" ] && echo 200 || echo 25)
  RATE=$([ "$env" = "prod" ] && echo 300 || echo 60)

  TOKEN=$(ks token create \
    --name "${env}-agent" \
    --providers openai,anthropic \
    --budget $BUDGET \
    --budget-period monthly \
    --rate-limit "${RATE}/minute" \
    --format token-only)

  echo "KS_TOKEN=$TOKEN" > ".env.${env}"
done

Development gets a $25/month budget and 60 requests per minute. Production gets $200/month and 300 requests per minute. The credentials are encrypted in the vault, the tokens are scoped and revocable, and the budgets are enforced at the proxy. This takes 30 seconds to run and replaces the manual key-passing workflow that leads to secrets in Slack messages, shared .env files, and eventually, leaked credentials on GitHub.

Why a CLI

Dashboards are good for overview. CLIs are good for automation, scripting, CI/CD integration, and incident response --- the scenarios where credential management decisions happen under time pressure.

When 97% of organizations that experienced AI-related breaches lacked proper access controls (per recent industry analysis), the problem is not that teams do not understand the risk. It is that the secure path requires more effort than the insecure one. The .env file takes 10 seconds. Setting up a secrets manager, configuring rotation, adding audit logging, and implementing budget controls takes days.

The CLI is designed to make the secure path take minutes. Add a provider, create a scoped token, set a budget, deploy. The same amount of effort as writing an .env file, with encryption, rotation, auditing, and budget enforcement built in.

bash
1
2
npm install -g @keystore/cli
ks login

Your vault. Your terminal. Your agents under control.