Janee is a secrets management MCP server that sits between AI agents and your API keys. It encrypts keys locally, injects credentials into agent requests, and provides a full audit trail of all access. Agents communicate with Janee via the MCP protocol to request access to services (for example, Stripe or GitHub), and Janee supplies the corresponding credentials without exposing raw keys to the agent. The system also supports exec-mode tools that run CLI utilities with injected credentials, enabling agents to perform actions without ever handling the actual keys. To use Janee, install the CLI, initialize a local config, add your API services, and then run the MCP server with the serve command. Agents can then invoke the execute tool to access your APIs through Janee, receiving responses while Janee logs requests and enforces any defined policies.

Prerequisites:

• Node.js and npm installed on your system
• Basic familiarity with MCP concepts

Installation steps:

1. Install the Janee CLI globally via npm:

   npm install -g @true-and-useful/janee

2. Initialize Janee locally (creates config and keys directory):

   janee init

3. Add services you want to protect (interactive or by editing ~/.janee/config.yaml):

   janee add

   or hand-edit the config.yaml to define services and capabilities

4. Start the MCP server:

   janee serve

5. If you plan to use exec-mode CLI tools, configure and add them like:

   janee add twitter --exec
   --key "tvly-xxx"
   --allow-commands "bird,tweet-cli"
   --env-map "TWITTER_API_KEY={{credential}}"

Note: Janee stores encrypted keys locally (e.g., ~/.janee) and logs all access for auditing.

Tips and common considerations:

• Environment: Janee uses a local store for keys. Ensure the store path (~/.janee) is protected and backed up as needed.
• Security: Use capabilities to grant fine-grained access. For exec-mode tools, aggressively whitelist allowed commands.
• Git operations: Janee can auto-manage credentials for git workflows via exec-mode with a temporary askpass workflow.
• GitHub App auth: Janee supports short-lived tokens via GitHub Apps; prefer this for long-running agents.
• Config format: You can configure services and capabilities in ~/.janee/config.yaml or use the interactive add flow.
• Agent support: Any MCP-compatible client (Claude Desktop, Cursor, OpenClaw, etc.) can invoke the execute tool to access APIs through Janee.
• Troubleshooting: If agents report missing credentials, check that the service and capability names exist in config, and that the MCP server is running and reachable by agents.