Top questions
Common answers for setup and migration.
How does KeyLore stop the agent from seeing the raw token?
The agent searches metadata and requests access through MCP. KeyLore keeps the secret in a separate store and brokers the live action without returning the raw token value.
Is KeyLore only for one AI client?
No. Supported clients include Codex, Gemini CLI, Claude CLI, and generic MCP clients.
Does KeyLore replace every secret-management system?
No. Its role is narrower: improving how credentials are handled in local AI-assisted development workflows, especially where .env files would otherwise expose raw secrets to model-facing processes.
Why is metadata important?
Metadata gives the agent structured information about what a credential is for. That is more reliable than asking the model to infer intent from environment variable names alone.
Migration
Move off .env files
A step-by-step path for moving existing tokens into KeyLore and rotating away from environment-based secrets.
Need the starting point?
Install KeyLore first
Use the local-first install path, then come back here to migrate one token at a time.