TIO · Open Source Ecosystem · MIT License

brokreAI Secure Credential Proxy

A local credential proxy tool designed for AI agents and humans to collaborate. Let AI safely execute ssh, mysql, psql and other commands, passwords never enter AI context, environment variables, or process output.

GitHubGiteenpm
MIT
License
Rust
Core Language
AES-256-GCM
Encryption
1,096+
Weekly Downloads

Core Design Philosophy

One rule: Passwords never enter AI's reachable range, nor observable process state

# Architecture
AI / User
brokre CLI
OS Keychain
Vault File
PTY + Injector
Any CLI on PATH
(ssh, mysql, gsql…)
Password not in AI context
Not in environment variables
Not in process list
AES-256-GCM static encryption
HMAC audit chain

8 Security Features

From password storage, transmission to AI access boundaries, full-link zero-leak design

No env/ps leakage

Injection based on PTY prompt; passwords are never passed via -p, SSHPASS, MYSQL_PWD or exported environment variables.

Parent process holds no plaintext

Saved passwords are decrypted in a short-lived brokre --internal-injector child process, written to PTY, then the child exits immediately (Unix).

AI cannot reveal

brokre reveal requires real TTY + master password, not available in Web UI, and not exposed through MCP.

Static vault encryption

Per-field AES-256-GCM encryption; DEK wrapped by OS keyring (Linux) or ~/.brokre/.master_kek (macOS), optional Argon2id to reveal password.

MCP boundary isolation

MCP only exposes metadata (brokre_list) and execution (brokre_exec), not passwords, session tokens or reveal capability.

Admin UI security

Binds only to 127.0.0.1; passwords are write-only; session tokens printed in terminal, never returned to AI; 15-minute idle timeout.

Audit chain

HMAC chained JSONL audit logs; brokre audit verify can detect tampering.

OS hardening

Disable core dump, ptrace check (Linux), optional mlockall, see docs/HARDENING.md.

AES-256 Encrypted Credential Vault

Passwords stored in encrypted vault; AI and users only see aliases and metadata, real credentials never exposed

AES-256 encrypted credential vault

Quick Start

Three steps to configure AI secure credential proxy

1

Add MCP Config

// Cursor: ~/.cursor/mcp.json
{
  "mcpServers": {
    "brokre": {
      "command": "npx",
      "args": ["-y", "brokre@latest"]
    }
  }
}
2

First Connection, Save Credentials

# First run any CLI, interactively save password
brokre ssh root@10.0.0.1
brokre mysql prod-db
3

AI Secure Usage

# AI only sees aliases, passwords never exposed
brokre mysql prod-db -e "SHOW TABLES"
brokre ssh prod-bastion uname -a

MCP Tool Interfaces

Three secure tools exposed through standard MCP protocol; passwords and tokens are not included

Tool NamePurpose
brokre_listList saved aliases (metadata only: profile, name, host)
brokre_execRun any saved CLI alias (binary + args)
brokre_setupOpen admin UI in browser for user to add credentials

* Does not expose: reveal, password export or session tokens

Supported AI Clients

Any tool supporting stdio MCP can use brokre

Cursor
Claude Code
Kimi Code
Trae
OpenClaw
Hermes Agent
ChatClaw
Other MCP Clients

Preset Management UI Groups

Built-in convenient management tabs for common tools; PTY wrapper supports any CLI on PATH

SSH
ssh, scp, sftp (shared credentials)
FTP
ftp, lftp
MySQL
mysql, mariadb
PostgreSQL
psql, postgres
Redis
redis-cli, redis
ClickHouse
clickhouse-client, clickhouse
MinIO
mc, minio
Any CLI
Generic password: matching

Open Source Repositories

GitHub
Main repository; Issues and PRs please submit here
Gitee
Domestic mirror, faster access from China
npm
npm package, use npx -y brokre@latest directly