Open source · Local-first

Credential broker and vault for AI agents.

An open-source credential broker that sits between your agents and the services they call. Instead of sharing credentials with every agent, log in once via OAuth2 or API keys. Authsome stores credentials securely and injects them via an HTTP proxy. One place to manage access, rotate keys, and see what every agent is doing.

Source on GitHub

skill/anthropic-skills:authsomeinvoked by Claude or any skill-aware agent

Works with

Claude Code·Codex·Cowork·Cursor·OpenClaw·Hermes Agent·NanoClaw·OpenCode

Claude · /anthropic-skills:authsome

›

OAuth2 providers

API-key providers

architecture layers

cloud dependencies

MIT

license

Why agents need authsome

Agents run beyond interactive sessions. They live in CI, over SSH, in cron jobs, in background workers, and in parallel pipelines. They need API access that survives without a human in the loop.

Hardcoded environment tokens leak or go stale, and building auth flow logic, token storage, refresh handling, and per-provider config into every project rebuilds the same plumbing every time.

Authsome is the local credential layer agents call at runtime.

01No credential sprawl.One encrypted store. Every provider, every agent, one place.
02No SaaS, no privacy trade-off.Credentials never leave your machine. Eliminates credential exfiltration risks as agents never see them.
03No browser required at runtime.Setup uses browser PKCE, device code, or a browser bridge for secure API key entry. After that, agents run headlessly.

Architecture

Five layers, one orchestrator.

Each layer has a single bounded responsibility. Layers do not reach sideways. Explicit orchestrators compose them, so every layer is independently testable and swappable.

L1identity

Signed principal chain. actor = agent, subject = user.

L2policy

Allow / deny gate evaluated before any credential read.

L3vault

Per-profile encrypted SQLite store under ~/.authsome/.

L4auth

OAuth2 + API-key flows. PKCE, device code, browser bridge.

L5audit

Append-only log of every read, refresh, and policy decision.

What is in the box

Built for the way agents actually run.

Encrypted vault

Per-profile SQLite store under ~/.authsome/. Master key file at mode 0600, derived from your passphrase.

Automatic refresh

OAuth2 tokens renew before expiry. Stale credentials are refreshed on read.

Profiles

Independent namespaces: default, work, per-agent. Connections do not cross profiles.

Multiple connections

Personal and team credentials per provider, side by side via --connection.

Headless flows

Device-code grant for SSH and CI. Browser-bridge form for raw API keys.

Custom providers

Drop a JSON file in ~/.authsome/providers/ to override or add a service.

Audit log

Every credential read, refresh, and policy decision appended to ~/.authsome/audit.log.

Agent skill

/anthropic-skills:authsome teaches skill-aware agents the list → login → run flow without you in the loop.

Providers

44 out of the box.

Anything else via custom providers. A single JSON file in ~/.authsome/providers/.

OAuth213

Atlassian

Discord

GitHub

GitLab

Google

HubSpot

Klaviyo

Linear

Microsoft

Notion

Postiz

Slack

API key31

Ahrefs

Apollo

Ashby

Beehiiv

Brevo

Buffer

Calendly

Clearbit

Dub.co

Hunter

Instantly

Intercom

Keywords Everywhere

Klaviyo

Lemlist

Livestorm

Mailchimp

Mention Me

OpenAI

Optimizely

Postmark

Resend

Rewardful

SavvyCal

SEMrush

SendGrid

Tolt

Typeform

Wistia

Zapier

Compared

Where authsome fits.

	Authsome	.env files	Doppler / Infisical	1Password CLI
Local-only by design	●	●	○	●
Built for agents	●	○	○	○
Open source	●	●	partial	○
Free for individuals	●	●	limited	limited
Automatic OAuth2 refresh	●	○	○	○
Device code flow	●	○	○	○
Multi-account per provider	●	○	●	●
Header injection at proxy	●	○	○	○
No SaaS dependency	●	●	○	partial

● supported · ○ not supported · text = nuance

Security

Credentials never leave your machine.

01Encrypted SQLite vault under ~/.authsome/. Master key file at mode 0600.
02API keys are never accepted as command-line arguments. Only the local browser-bridge form or a masked terminal prompt.
03Append-only audit log records every credential read, refresh, and policy decision.
04No telemetry. No cloud sync. No account. Egress only to providers you authorize.
05MIT licensed. Read every line.

Questions

Where are credentials stored?+

On your machine, in a per-profile encrypted SQLite vault under ~/.authsome/. The master key file is at mode 0600 and the encryption key is derived from your passphrase.

Does authsome talk to any cloud?+

No. There is no SaaS, no account, no telemetry. Authsome only contacts the providers you authorize, for OAuth refresh and the API calls your agent itself makes.

How does sidecar mode work?+

uvx authsome run starts a local mitmproxy-based HTTP proxy on 127.0.0.1, points the child process at it via HTTP_PROXY and HTTPS_PROXY, and injects the right Authorization header on outbound requests. Provider-specific placeholder env vars like OPENAI_API_KEY=authsome-proxy-managed let client libraries initialize without crashing.

Can I add my own provider?+

Yes. Drop a JSON file describing the OAuth2 or API-key flow in ~/.authsome/providers/<name>.json. Custom providers always win over bundled ones with the same name.

How is this different from Doppler, Infisical, or 1Password?+

Those are config and secrets managers. They deliver the raw secret to your environment, where the agent process holds it. Authsome injects auth headers at the proxy boundary, so the agent never sees the secret value. It also handles OAuth refresh automatically and runs entirely on your machine without an account.

Is authsome production-ready?+

Authsome is open source, MIT licensed, and tested. The proxy and vault are in active development. Read the changelog and the source before depending on it for high-stakes systems.

Run an agent in five minutes.

docs →github →