Hand Claude Code every API key it needs — and never show it one.

Paste an API key into a chat and it's logged there forever. subscribetome keeps every key in your Mac's Keychain and feeds it to commands automatically — so Claude Code can use your keys without ever seeing them. One vault for every service. Nothing to leak, nothing to rotate at 2am.

Paste into Claude Code

one line · activates STM

Set up subscribetome for me using https://github.com/matterhornso/subscribetome

Then: restart Claude Code when it asks. STM never asks you for a key.

Or run two terminal commands

terminal

claude plugin marketplace add matterhornso/subscribetome
claude plugin install stm@subscribetome

Then: restart Claude Code, run /stm:dashboard, add your keys.

What Claude Code sees

curl … -H "Authorization: Bearer {{stm:openai:default}}"

A safe placeholder. No real secret is here — this is all the chat ever holds.

subscribetome swaps in your real key the instant the command runs

What your shell actually runs

curl … -H "Authorization: Bearer sk-live-a3f9c1·········"

The real key. It reaches the command and stops there — never the conversation.

There is no server. There is no us.

subscribetome is an open-source plugin that runs entirely on your own machine. It has no backend — so nobody, not the author and not "matterhornso", can see your keys, your commands, or even that you use it. There is nothing to see, because nothing of yours is anywhere but your own Mac.

Localhost only

The dashboard never goes online

It's a page your own Mac serves on 127.0.0.1, bound to loopback. No remote machine can reach it.

No backend

Nowhere to send your data

subscribetome has no servers, no cloud database, no sign-up, no telemetry.

Your keychain

Keys stay on your disk

Every secret lives in the macOS Keychain on your machine. subscribetome reads it locally.

Available now for macOS and Claude Code. Linux, Windows, and other coding agents — Codex, opencode, Cursor — are on the roadmap.

More than just keys.

Security for the keys

Keys out of the chat. Every API key your agent uses, kept out of the transcript.
Pasted-secret guardrail. A secret you paste in chat is blocked before the model sees it.
Leaked-key alert. A command that echoes its own input is flagged so you can rotate.

Security for the rest

Spend visibility. Real usage pulled from provider APIs, on demand.
Command policy. Allow / deny rules at the PreToolUse layer.
Linux, Windows, and other agents (Codex, opencode, Cursor).

36 services pre-configured/ keys never touch the chat/ macOS Keychain/ MIT · open source