/latchkey

Latchkey

Your agent shouldn't need to know your Slack token. With Latchkey, it doesn’t. One command, any API, no custom connectors, and credentials stay on your machine.

npm install -g latchkey
Stars
114
Contributors6
View on GitHub

The credential layer for local AI agents

25+ services supported out of the box. Register any HTTP API at runtime. Works with Claude Code, OpenCode, Codex, and more.

The credential layer for local AI agents
We built Latchkey to help
masking tape
REST, not MCP

REST, not MCP

Call any API the way you already do. No new protocol, no special client, no extra runtime.

One command, every surface

One command, every surface

The same calls work in your editor, your terminal, your CI, your agent. Build once, run anywhere you write code.

Pure passthrough auth

Pure passthrough auth

Your request goes straight to the API. Latchkey handles the keys and gets out of the way.

Features

Sign in like a human

Latchkey opens a browser, you log in, it captures the token and closes the tab.

Keys encrypted at rest

Tokens live under ~/.latchkey, locked with a password from your system keyring.

Handles the weird auth

AWS signatures, Telegram URL tokens, anything that won't fit in a static header. Latchkey rewrites each call.

Self-hosted, same syntax

Point it at your GitLab, your internal Sentry, any HTTP API behind your VPN. Register once, call it like any public service.

Survives token refresh

Re-auth in one command. Your long-running agent picks up the new credentials without a restart.

One command to inspect

Latchkey services info tells you whether a credential is valid, invalid, or missing. No more guessing why a call 401'd.

That's the key detail - decoupled credential lifecycle means the agent can keep running across token refreshes. Makes Latchkey much more practical for long-running workflows.

Mykola Kondratiuk
Mykola Kondratiuk
paperclip

Latchkey keeps creds local, no extra config.

@TheCesarCross
@TheCesarCross
paperclip

Sent this to a couple of engineers I know who are building local agent setups. They've been duct-taping credential management together for months, this is right up their alley.

Gabriel P.
Gabriel P.
paperclip

Frequently asked questions

What is Latchkey?

A command-line tool that injects API credentials into your agent's curl calls. You log in once. Your agent runs standard curl. Latchkey adds the auth header on the way out.

How is this different from MCP?

No intermediary, no new protocol. Latchkey hands your request straight to the API. MCP wraps every service in a server you have to host. Latchkey just patches the auth into curl.

How do I get started?

npm install -g latchkey, then latchkey auth browser <service> to log in. Your agent calls latchkey curl ... from there. Run latchkey ensure-browser once if you want browser login.

Which services are supported?

AWS, Calendly, Discord, Dropbox, Figma, GitHub, GitLab, Gmail, Google Workspace, Linear, Mailchimp, Notion, Sentry, Slack, Stripe, Telegram, Yelp, Zoom, and more landing each release.

Can I add a service that isn't on the list?

Yes. latchkey services register <name> --base-api-url=... plus latchkey auth set with your token. Works for self-hosted GitLab, Mastodon, internal APIs, anything that takes static auth.

Where are my credentials stored?

Encrypted on your machine under ~/.latchkey. Nothing leaves your computer except the actual API calls you make.