One endpoint. Every AI provider.

Ship any AI provider
safely from day one.

OpenAI, Anthropic, AWS Bedrock, or any HTTP API. One line change — swap your base URL for Lockzero's gateway. Your real API keys live in the vault. Rotate, share across projects, or revoke without touching your code.

Start free — 7 daysSee how it works →
One-line integrationSame SDK, same methodsFree 7-day trial60+ providers

One token. Every provider. No migration required.

Same credentials. Same vault. Works across 60+ providers.

OpenAI
Anthropic
GitHub
Stripe
AWS
Vercel
Supabase
Cloudflare
GCP
Azure
MongoDB
OpenAI
Anthropic
GitHub
Stripe
AWS
Vercel
Supabase
Cloudflare
GCP
Azure
MongoDB
PostgreSQL
Redis
Netlify
Railway
Render
Datadog
Doppler
Twilio
Slack
PagerDuty
PostgreSQL
Redis
Netlify
Railway
Render
Datadog
Doppler
Twilio
Slack
PagerDuty
Encrypted

By default, every credential in Lockzero is encrypted with AES-256-GCM the instant it enters the vault.

No configuration required. Proxy your AI calls, store your secrets, rotate without a deploy. Your code never sees the raw key.

Proxy routing for OpenAI & Anthropic

One line change. The real key is injected server-side. Your app passes a Lockzero key — worthless without the vault.

Rotate without a deploy

Update a key in Lockzero. Every app pointing at the proxy instantly uses the new credential — no redeploy, no downtime.

Keys never touch your code

No raw credentials in your .env, CI pipeline, or teammates' machines. The vault holds them. Period.

How It Works

One endpoint change. Done forever.

No complex setup. No infrastructure changes. Your existing SDK stays identical — same methods, same response format, same models.

Change one line in your code

Swap your base_url from api.openai.com/v1 to lockzero.io/proxy/openai/v1. Use your Lockzero API key as the bearer token.

The real key never leaves the vault — your app passes a proxy key that's useless without it. Works identically for Anthropic.

  • OpenAI SDK compatible — every model, every endpoint
  • Anthropic SDK compatible — streaming included
  • No wrapper, no middleware, no extra latency
main.py
# ─── Before Lockzero ──────────────────────
from openai import OpenAI

client = OpenAI(
    api_key=os.environ["OPENAI_API_KEY"]
)
# ↑ key in .env, CI, Vercel, every laptop...

# ─── After Lockzero ───────────────────────
from openai import OpenAI

client = OpenAI(
    api_key=os.environ["LOCKZERO_API_KEY"],
    base_url="https://lockzero.io/proxy/openai/v1"
)
# Real key stays in the vault. Rotate any time.
See it in action

Watch LockZero work.

Real demos. No staging data. What you see is what ships.

LockZero — Security Demo
Built for builders who've been burned

What AI builders say.

The credentials problem hits every AI team. Here's how people describe it after switching.

had a key sitting in a commit for months. someone scraped it, i had a $3,200 cloud bill by the time i woke up. rotated everything with Lockzero that morning. never again.
— Daniel A. · Backend Engineer
we have 12 microservices all hitting OpenAI. rotating a key used to take 45 minutes and someone always had a stale env. now it's one click and everything just picks it up.
— Marcus W. · Platform Lead
added Lockzero as an MCP server. claude found an exposed key in my staging logs, rotated it, and sent me the audit trail — while i was getting a beer.
— Jamie T. · Founder
Claude + Lockzero

Your AI agent becomes your security team.

Add Lockzero as an MCP server in Claude Code or Claude Desktop. Claude can rotate credentials, detect leaks, and enforce policies — autonomously, in seconds, with a full audit trail.

What Claude can do once connected

  • Detect exposed credentials in logs, commits, and environment variables
  • Rotate keys with zero-downtime proxy cutover — fully automated for AWS, GitLab, SendGrid, Cloudflare, Twilio, Resend (more coming); guided 5-step flow for every other provider
  • Assess which services break if a given key is compromised
  • Roll back a bad rotation in one click before it causes an outage
  • Query secret metadata — age, last rotation, provider, environment
  • Enforce rotation policies and alert on violations
claude — MCP · Lockzero
$claude mcp add lockzero \
--transport http \
https://lockzero.io/api/mcp
✓ Lockzero MCP server connected
> rotate my OpenAI key, zero downtime
→ Fetching current credential... ✓
→ Generating replacement at OpenAI... ✓
→ Validating new key... ✓
→ Swapping proxy endpoint... ✓
→ Rollback snapshot saved
✓ sk-proj-... rotated. No downtime.
>

detect_secret_exposure

Scan logs, environment variables, and output for leaked credentials. Returns affected secret IDs and severity.

rotate_secret

Issue a new credential, validate it, and retire the old one. Zero downtime. Returns rotation status and new credential ID.

rollback_secret

Revert to the previous working version of a credential immediately. Useful when a rotation causes an application error.

verify_remediation

Confirm the rotated credential is active and the old key is fully revoked. Returns a signed verification record.

get_secret_metadata

Query the age, provider, environment, rotation schedule, and last-rotated timestamp for any managed secret.

assess_blast_radius

Identify which services, environments, and apps use a given credential — before and after a rotation.

Exposed at https://lockzero.io/api/mcp — JSON-RPC 2.0, Bearer token authentication.

Full MCP Documentation →
Operations Executor · BETA

Your AI agent actually does the work.

Type what you want done — “create a Hair Balm project with Stripe, OpenAI, and Resend; mint a proxy key scoped to it; draft a guardrail blocking high-spend Stripe ops.” The Executor proposes the plan, you approve each write, every tool call gets an audit row.

What it can do safely

  • Read your projects, proxy keys, providers, findings, and recent audit log
  • Create projects (with namespace allowlists and templates)
  • Mint proxy keys (optionally project-scoped — the key IS the project boundary)
  • Draft guardrails as YAML, ready for you to enable
  • Pause for explicit approval on every single write — no jailbreak grants destructive powers
  • Log every action with actor.type='ai-executor' to the immutable hash-chained audit

What it cannot do

  • Delete anything
  • Rotate or revoke credentials
  • Push externally (Vercel, AWS, GitHub, etc.)
  • Configure provider secrets
  • Change billing or workspace settings
Operations Executor — execution log
> spin up Hair Balm with stripe + openai + resend
PLAN
1. Create project "Hair Balm Store"
2. Mint proxy key "hairbalm-prod"
3. Draft guardrail: block high-spend Stripe
⏸ waiting for approval · create_project
✓ APPROVED · 18:54
✓ Project "Hair Balm Store" created audit:au_01HX…
✓ Proxy key "hairbalm-prod" created audit:au_01HY…
✓ Guardrail draft saved (enabled=false) audit:au_01HZ…
DONE tokens 2,138 tools 3
Zero-downtime rotation

Rotate any credential without a deploy.

Update a key in Lockzero — every app pointing at the proxy picks it up instantly. No code changes. No env var updates. No redeployment.

lockzero — rotation
$ lockzero rotate aws-iam --auto
→ Creating new IAM access key... ✓
→ Validating permissions... ✓
→ Updating proxy vault... ✓
→ Deactivating old key... ✓
→ All services verified healthy
✓ Rotation complete in 4.2s
Rollback: lockzero rollback aws-iam
$ lockzero rollback aws-iam
→ Restoring previous credential... ✓
✓ Rolled back in 0.8s
$

The previous key is always preserved

Lockzero never discards the working credential until you confirm the rotation is solid. One click restores everything instantly if something breaks.

Automated for AWS IAM — Lockzero creates the new key and deactivates the old one programmatically. Guided zero-downtime for OpenAI, Anthropic, GitHub, and Stripe.

  • 1-click rollback if anything breaks
  • Fully automated for AWS IAM
  • Guided zero-downtime for every other provider
Features

Everything you need to control your credentials.

From the first proxy call to Claude-automated rotation at 3am — Lockzero covers the full credential lifecycle.

Proxy routing — OpenAI & Anthropic

One line change. Your calls route through Lockzero, the real key is injected server-side. Compatible with every OpenAI and Anthropic SDK out of the box.

MCP server for Claude

Add Lockzero as an MCP server in Claude Code or Claude Desktop. Claude can rotate credentials, detect leaks, audit access, and roll back — without you in the loop.

Variables — one key, every project

Add your keys once at the account level. Every project inherits them automatically. Override per-project when needed. Export as .env or push to Vercel, Netlify, Railway, Render.

Rotate without a deploy

Update a key in Lockzero — every app pointing at the proxy instantly uses the new credential. Automated for AWS IAM. Guided zero-downtime for OpenAI, Anthropic, GitHub, and Stripe.

1-click rollback

If a rotation breaks something, revert to the previous working credential immediately. The old key is always preserved until you confirm it's safe to discard.

Tamper-evident audit trail

Every proxy request, rotation, rollback, and agent action is logged with a hash-chain integrity check. See exactly what happened, who triggered it, and when.

Encrypted vault

Store SSH keys, root passwords, and admin credentials in an encrypted vault with step-up authentication. Separate from your API key store.

Security posture scoring

Real-time risk score across all your credentials. Overdue rotations, leaked keys, and anomalous access surface as findings before they become incidents.

In-browser SSH terminal

Manage SSH hosts and keys inside Lockzero. Spin up an in-browser terminal session to any connected host — no separate SSH client required.

Pricing

Simple pricing. No secrets.

Start light. Scale when your system depends on it.

7-day free trial — no credit card charged until it ends. Cancel anytime.

1 line
Change in your code — the entire migration
0
Raw AI credentials in your application
0
Redeployments needed to rotate a key
7 days
Free trial — no charge until it ends
Builder
$15/mo
For real projects before production
  • Unlimited secrets
  • Unlimited integrations
  • 3 projects · 3 proxy keys
  • 100K routed calls / mo
  • 30-day audit history
  • Manual rotation · MCP access
Start Builder
Best Value
Pro
$25/mo
For production apps handling live credentials
  • Production runtime isolation
  • Leak detection
  • Guardrails
  • Step-up authentication
  • Traffic anomaly alerts
  • Advanced rotation (scheduled + auto)
  • Runtime controls · spend caps · governance
  • Unlimited integrations · unlimited projects
  • 1M routed calls / mo · 90-day audit
Try Pro free
Team
$15/seat/mo
For teams running production together
  • Everything in Pro
  • Unlimited integrations
  • Team RBAC · approval flows
  • SIEM / outbound webhooks
  • Priority support · 1-year audit
Try Team
Enterprise
Custom
SSO, SOC 2, custom KMS
  • SSO / SAML / SCIM
  • Customer-managed KMS
  • Dedicated proxy region
  • SOC 2 package
  • 99.99% SLA
Contact sales

Change one endpoint. Your AI keys are handled forever.

See full plan comparison →
Security

Secure by default. No configuration required.

Lockzero's security defaults are strict. No flags to enable, no policies to write. Safe out of the box.

AES-256-GCM encryption at rest

All secrets are encrypted immediately on receipt. Decrypted only at the moment they're needed for a proxy request. Nothing stored in plaintext — ever.

Keys never touch your code

Lockzero injects credentials at the proxy layer. They never appear in your application, your logs, your git history, or your environment variables.

Tamper-evident hash-chain audit log

Every action produces a hash-chained log entry. Nobody — including us — can silently modify the audit trail. Full visibility into what happened and when.

View full security overview →
From the community

Take everyone's word for it.

AI builders and security-conscious developers who got tired of the credentials problem.

had a key sitting in a commit from like 8 months ago. someone scraped it, i had a $3,100 stripe charge by the time i woke up. set up lockzero that morning. been 4 months and i haven't touched a .env file since
D
Daniel K.
Senior Software Engineer
we spent half a sprint coordinating a key rotation last year. someone always had a stale env, deploys would fail, slack blowing up. now i update it in lockzero and literally forget about it
P
Priya S.
Platform Engineer
ok this is kind of wild — i was getting a beer, phone buzzes. claude had already found an exposed key in my staging logs, rotated it, and sent me the audit trail. i hadn't asked it to do anything
J
Jordan M.
Founder, early-stage AI startup
i thought it was going to be some whole proxy setup thing. it was literally changing base_url. that's it. i was annoyed i spent time worrying about it
R
Ryan H.
Full-Stack Engineer
my agents hit 6 different apis. i had keys scattered in 3 places and honestly didn't know what was where — kind of embarrassing. now everything's in one spot and claude can just rotate them when needed
S
Sam R.
ML Engineer
auditor asked for evidence of our key rotation history. i used to dread that question. clicked export, sent a PDF. she said it was the cleanest package she'd seen. almost cried honestly
C
Chris B.
CTO
AI app buildersLLM wrappersClaude Code usersSaaS foundersFull-stack devsAutomation engineersFast-moving startups
FAQ

Frequently asked questions

Instead of pointing your app at api.openai.com or api.anthropic.com, you point it at lockzero.io/proxy/openai/v1 or lockzero.io/proxy/anthropic. You pass a Lockzero API key as the bearer token — Lockzero injects the real provider key server-side. Your code never sees the raw credential. One line change. That's it.
For OpenAI: change base_url from https://api.openai.com/v1 to https://lockzero.io/proxy/openai/v1 and swap your OPENAI_API_KEY for your LOCKZERO_API_KEY. Same for Anthropic. The rest of your code stays identical — same SDK, same methods, same response format.
Variables is Lockzero's account-level key store. Add an API key once — say, your OpenAI key — and it's instantly available in every project you create. Projects can override any variable with their own value if needed, but the default is zero-copy: one source of truth, everywhere. Export as .env or push directly to Vercel, Netlify, Railway, or Render.
Once Lockzero is added as an MCP server in Claude Code or Claude Desktop, Claude can rotate any credential with zero downtime, detect exposed keys in your code or logs, assess which services break if a key leaks, roll back a bad rotation instantly, and audit every action with a tamper-evident log — all without you being in the loop.
Yes. Every plan starts with a 7-day free trial. No charge until the trial ends. Cancel any time during the trial and you won't be billed.
Yes — securely. Credentials are encrypted at rest with AES-256-GCM and decrypted only at the moment they're needed for a proxy request. Nothing is logged in plaintext. The raw key value is never returned to your application.
Yes. Lockzero always preserves the previous working credential. If anything breaks after a rotation, revert to the last good key in one click — no digging through history, no incident, no downtime.
Today: AWS IAM, GitLab, SendGrid, Cloudflare, Twilio, and Resend — Lockzero calls the provider's API, mints the new key, deactivates the old one, and swaps the value in the vault with no human input. Everything else (OpenAI, Anthropic, Stripe, GitHub, etc.) uses guided rotation: paste the new key, Lockzero validates it against the live provider, and handles the swap. Every rotation — automated or guided — is zero-downtime and one-click rollback. We're adding more automated providers as their APIs allow.

One line change. Your AI keys handled forever.

Point your OpenAI and Anthropic calls at Lockzero. Rotate without a deploy. Never ship a raw key again.

Start Free Trial
Lockzero - Stop Shipping Your API Keys