Claude Code secret tools, honestly compared.
Several plugins keep API keys out of Claude Code — but they guard different leak paths. Here's which vector each one actually covers, and where Keyward fits.
Three different leak paths
A secret can reach Claude three ways: you paste it into the prompt, Claude reads it out of a file (like .env) while working, or you paste it into the web UI. Most tools specialise in one. Keyward owns the first.
| Tool | Primary leak path | Auto re-submits clean prompt | Runs in | Open source |
|---|---|---|---|---|
| Keyward | Key you paste into the prompt | Yes | Terminal (UserPromptSubmit hook) | MIT |
| sensitive-canary | Pasted prompt + .env reads | Blocks (no auto re-submit) | Terminal (UserPromptSubmit hook) | Yes |
| nopeek | Claude reading files / CLI output | — | CLI + plugin (named profiles) | Yes |
| cc-redact | Claude reading secret files | — (type-preserving redaction) | Terminal (PreToolUse/PostToolUse) | Yes |
| claude-secrets | Stored secrets + output redaction | — (vault + {{SECRET}} injection) | Terminal / MCP | Yes |
| VaultBix | Pastes in the browser UI | Blocks in-browser | Chrome extension (multi-AI) | Freemium |
Based on each project's public documentation as of June 2026 — behaviour changes, so check the source before relying on any detail. This page is maintained by Keyward and aims to be fair, not to disparage; these are good tools solving adjacent problems.
Keyward vs sensitive-canary
The closest peer. Both register a UserPromptSubmit hook and stop secrets before they reach the API. The difference is what happens next: sensitive-canary blocks the prompt and asks you to retry; Keyward saves the value, blocks, and automatically re-submits a sanitized version — then a bundled skill lets Claude actually use the saved key via export VAR=$(cat …) without ever printing it. Keyward also ships cross-platform paste automation (macOS, Linux, Windows) and ~20 provider regexes plus optional gitleaks.
When to pick something else
If your main worry is Claude reading .env files while it works, a file-redaction tool like nopeek or cc-redact is the better fit — or run both alongside Keyward, since they cover different paths. If you paste keys into web chat (ChatGPT, Claude.ai) rather than the terminal, a browser extension is the right layer. And for high-value production secrets, none of these replace a real secret manager — keep those in 1Password, Vault, or your cloud's KMS and reference them by name.