Tell Claude to integrate Stripe. Let Cursor build your OpenAI pipeline. Phantom lets AI use your real API keys to do real work — without the keys ever being exposed.
Three commands. No config files to write. No accounts to create.
Installs Phantom, reads your .env, stores real secrets in an encrypted vault, rewrites .env with phantom tokens.
Adds Phantom's MCP server to Claude Code and allows it to read your .env (which now only has phantom tokens).
Starts the proxy, launches Claude Code. AI sees phantom tokens. Real keys injected at the network layer. Done.
You paste API keys into Claude Code. You let Cursor read your .env. You know it's risky — but AI doing your work is worth it. Phantom fixes this.
Phantom doesn't restrict AI — it enables it. Tell Claude or Cursor to use your real APIs. Everything just works.
Claude writes the code, tests it against your real Stripe key. The key flows through the proxy — Claude never sees sk_live_..., but the integration works.
Cursor reads your .env, sees phm_d9f1.... It writes code that calls OpenAI. The proxy injects your real key. The chatbot works. The key stays safe.
Run phantom sync --platform vercel to push real secrets to your deployment. No more copying keys into dashboards. One command, all environments.
Run phantom pull --from vercel to import all secrets. Your vault syncs. No Slack messages asking for the .env file.
Works underneath your existing workflow. Nothing to learn.
Run phantom init. Real secrets move to an encrypted vault. Your .env is rewritten with worthless phm_ tokens. Auto-detects 13+ services.
Run phantom exec -- claude. A local proxy starts. AI reads your .env, sees only phantom tokens. Fresh tokens every session.
When code calls an API, the proxy swaps the phantom token for your real credential and forwards over TLS. Your code works perfectly. AI never knew.
phantom sync pushes secrets to Vercel and Railway. phantom pull imports them on a new machine. One source of truth.
The full workflow from protecting secrets to deploying them.
Not just safer — faster. One tool for local dev, AI coding, and deployment.
ChaCha20-Poly1305 with Argon2id. OS keychain on macOS/Linux. Encrypted file fallback for CI and Docker.
Fresh phantom tokens every session. If one leaks from AI logs or context, it's already invalid.
Native Claude Code integration. AI manages secrets through MCP tools without ever seeing real values.
phantom check blocks commits containing unprotected secrets. Catches hardcoded keys before they ship.
Push secrets to Vercel and Railway. Pull to onboard new machines. No more copying keys through Slack.
Auto-detects 13+ services from key names. Knows OPENAI_API_KEY from NODE_ENV.
Full SSE/streaming support. OpenAI and Anthropic streaming responses work perfectly through the proxy.
MIT licensed. Written in Rust. 56+ tests. Auditable, forkable, free forever.
phantom cloud push backs up your vault to Phantom Cloud. Sync secrets across machines. End-to-end encrypted.
Two commands. Two minutes. Full AI delegation without the security risk.