Skip to content

ArtificialSight/apiauth

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

APIAuth

GitHub stars

CLI tool for API key and JWT lifecycle management — generate, store, verify, rotate, and revoke keys with an encrypted local keystore.

Star this repo if you manage API credentials — it helps other devs find APIAuth!

CI Python License Open Source Alternative LibHunt PyPI

Installation

pip install apiauth

# Generate an API key
apiauth generate api-key --name "My API Key" --service "api-gateway" --expiry-days 90

# List all keys with expiry status
apiauth list

# Export for CI/CD
apiauth export --format github-actions

Features

  • Generate API keys and JWTs with a single command
  • Import existing API keys into the encrypted keystore
  • Verify API keys against stored hashes — check revocation and expiry
  • Rotate keys and tokens safely — previous values are hashed out
  • Revoke compromised keys instantly
  • List & search keys by service with expiry status indicators
  • Export as environment variables, dotenv, JSON, or GitHub Actions format
  • Audit keystore for expired, expiring, and revoked keys
  • Encrypted local keystore — AES-256-GCM, master key stored in ~/.apiauth/
  • CI/CD integration — export keys for GitHub Actions, GitLab CI, etc.

Commands

apiauth generate

Generate a new API key or JWT.

apiauth generate api-key --name "My API Key" --service "api-gateway" --expiry-days 90
apiauth generate jwt --name "My JWT" --service "auth-service" --expiry-days 30 --claim role=admin

apiauth list

List all stored keys with expiry status.

apiauth list
apiauth list --service "api-gateway"
apiauth list --json-output

apiauth show

Show details for a specific key.

apiauth show <key-id>

apiauth verify

Verify an API key against stored hashes.

apiauth verify ak_xYz123abc...

apiauth import

Import an existing key into the keystore.

apiauth import ak_existing_key_value --name "Legacy Key" --service "api"

apiauth rotate

Rotate a key and hash out the previous value.

apiauth rotate <key-id>

apiauth revoke

Revoke a key instantly.

apiauth revoke <key-id>

apiauth export

Export keys for external consumption.

apiauth export --format env --service "api-gateway"
apiauth export --format dotenv
apiauth export --format github-actions
apiauth export --format json

apiauth audit

Audit keystore health.

apiauth audit

apiauth stats

View keystore statistics.

apiauth stats

Export Formats

Format Use Case
env Shell source scripts (export KEY=value)
dotenv .env files (no export prefix)
github-actions $GITHUB_ENV and workflow YAML
json Programmatic consumption

Security

  • Master key never leaves ~/.apiauth/master.key
  • Key store is encrypted with AES-256-GCM
  • Plaintext keys are only displayed once on creation
  • Rotated keys have their previous values hashed
  • Imported keys are stored as SHA-256 hashes only
  • verify command checks against stored hashes — no plaintext stored

Pricing

APIAuth is one of eleven tools in the Revenue Holdings suite. One license covers all CLI tools.

Plan Price Best For
Free $0 Individual devs, OSS — CLI only, 5 keys
APIAuth Individual $12/mo ($10 billed annually) Professional devs — unlimited keys, all export formats
Suite (all 11 tools) $49/mo ($39 billed annually) Full Revenue Holdings toolkit — 40% savings
Team $79/mo ($63 billed annually) Up to 5 devs — shared keystore, team dashboard, alerts
Enterprise Custom SSO, RBAC, compliance reports, dedicated support

🔹 No lock-in: CLI works fully offline on the free tier — no telemetry, no phone-home. 🔹 Annual billing: Save 20%.

Per-Tier Features

Feature Free Individual Suite Team Enterprise
CLI: generate, verify, export
Unlimited keys 5 keys
All export formats env only
JWT with custom claims
Audit & stats
Shared team keystore
Dashboard & analytics
Compliance reports
RBAC / SSO / SAML / OIDC
Priority support Community 24h 24h 8h Dedicated

Part of Revenue Holdings — CLI tools built by autonomous AI.

Storage

Keys and configuration are stored in ~/.apiauth/:

  • ~/.apiauth/master.key — AES-256-GCM master key (never shared)
  • ~/.apiauth/keystore.enc — encrypted key-value store
  • ~/.apiauth/config.yaml — user configuration

CI/CD Integration

# In your deployment pipeline
export $(apiauth export --format env --service production)

# Audit before release
apiauth audit --exit-on-expired

Roadmap

  • Vault-backed remote keystore (HashiCorp Vault, AWS Secrets Manager)
  • Auto-expiry notifications via CLI or webhook
  • GPG key support
  • MCP server for AI-assisted key management
  • Web UI for team keystore management
  • Terraform provider for secret provisioning

License

MIT — see LICENSE


Part of Revenue Holdings — a suite of 11 developer CLI tools built by autonomous AI agents. Also check out API Contract Guardian (breaking change detection), DeployDiff (infrastructure diffs), json2sql (JSON → SQL), ConfigDrift (config drift detection), DeadCode (dead code cleanup), APIGhost (mock API server), Envault (env sync), SchemaForge (ORM converter), and click-to-mcp (CLI → MCP server).

About

Manage API keys, tokens, and JWTs from the terminal with rotation support

Resources

License

Contributing

Security policy

Stars

1 star

Watchers

0 watching

Forks

Packages

 
 
 

Contributors

Languages

  • Python 100.0%