API Key Management — macOS

Keytec

Store API keys in macOS Keychain. Group them by project.
Inject them at runtime. No .env files. No cloud. No account.

macOS Keychain storage No plaintext on disk Project profiles GitHub Actions sync Export as .env Dual licensed
Status

License: Dual — free personal, paid commercial

Platform: macOS (Keychain required)

Interface: CLI + local web dashboard

Version: 0.1.0 · 2026 · early-stage testing

The Problem

Every developer has a drawer full of .env files. They get committed by accident. They get emailed. They get copy-pasted into Notion. They sit in plaintext on laptops that get lost, stolen, or handed to contractors.

The usual solution — a password manager or secrets vault — solves storage but not the last mile. You still end up typing API keys into terminal windows, copying them into config files, or maintaining a separate secret per project per machine.

Keytec solves the whole chain. Store once in the OS Keychain. Attach to a project. Run. The key value is never written to disk, never visible in a log, and never leaves your machine unless you explicitly say so.

  • .env files committed to git — happens to every team eventually
  • API keys rotated manually after leaks, killing working deploys
  • Contractors handed .env files over Slack with no expiry
  • Keys duplicated across projects with no central view
  • No way to know which CI/CD secrets are stale or rotated
  • GitHub Actions secrets manually synced by hand, per repo
How It Works
01 — Store

macOS Keychain

API keys are stored in the operating system keychain using the security CLI. No plaintext file is created. Keys survive reboots, survive app uninstalls, and are protected by your login password and Touch ID.

02 — Attach

Project profiles

Profiles group the keys a project needs. openclaw gets Together AI and DeepSeek. aura gets OpenAI and Supabase. The profile stores key names only — never the values.

03 — Run

Runtime injection

One command — famtec run openclaw -- npm run dev — fetches every key attached to that profile, injects them as environment variables, and launches the process. Nothing is written. When the process exits, the values are gone.

CLI Demo
$ famtec add together
✓ TOGETHER_API_KEY saved to macOS Keychain
$ famtec profile create openclaw
✓ Created profile openclaw
$ famtec profile attach openclaw together
✓ Attached TOGETHER_API_KEY to openclaw
$ famtec run openclaw -- npm run dev
✓ Keys injected as env vars
TOGETHER_API_KEY=sk-••••••••••••••••
no .env file written
$
Features

CLI first

Full command-line interface for every operation. Add keys, create projects, attach, run, export. Scriptable and pipe-friendly.

Local web dashboard

A local dashboard at 127.0.0.1:48741 gives you a visual overview of all projects and keys. No account, no internet required.

Runtime injection

Keys are fetched from Keychain at run time and passed directly to your process as environment variables. Nothing is written to disk.

GitHub Actions sync

Push a project's keys directly into GitHub Actions Secrets in one command. Uses the gh CLI under the hood.

Export as .env

When you need a .env file — for a contractor, a deploy, a staging environment — export one on demand from the dashboard and delete it after.

Masked always

The dashboard never renders secret values. The CLI masks them in output. Values are only accessible to processes you explicitly run through Keytec.

Sharing Keys

When you need to hand keys to a system or a person, Keytec gives you four ways — each appropriate for a different situation.

Install

Keytec is a Node.js CLI application for macOS. Install it globally from npm or clone the repository and link it locally.

The local web dashboard starts automatically and serves on 127.0.0.1:48741. All data stays on your machine. There is no telemetry, no analytics, no update check.

npm install -g keytec-api-wallet famtec add together famtec profile create openclaw famtec profile attach openclaw together famtec run openclaw -- npm run dev
  • Requires macOS (Keychain dependency)
  • Node.js 20 or later
  • No configuration file needed
  • Optional: GitHub CLI for Actions sync
  • Profiles stored in ~/.famtec/profiles.json
  • Keys stored in macOS Keychain service "famtec"
  • Dashboard runs on 127.0.0.1:48741
  • ESM modules, no build step required
  • TypeScript source included
License
Community — Free

Personal & open source

Free forever for individuals, hobbyists, students, and open source projects. No time limit, no feature limit.

  • Personal use on your own machines
  • Open source projects (OSI-approved license)
  • Evaluation and private testing
  • Academic and research use
Commercial — Paid

Teams & organisations

A commercial license is required for any business or professional use. Contact for per-seat, per-team, and OEM pricing.

  • Company or team use (more than one machine)
  • Products or services that bundle Keytec
  • SaaS platforms and hosted offerings
  • Redistribution or resale

Keytec is an early-stage developer tool. FAMTEC is open to testing partners, security review, funded development, documentation support, and pilot use with teams managing sensitive API credentials.

Screenshots

Desktop dashboard, token management, and instruction mode — all running locally on macOS.

Keytec desktop dashboard
Dashboard — Overview
Keytec tokens view
Token Management
Keytec instruction mode
Instruction Mode