End-user MCP & Agent API key management

I'm working on Piper to tackle the challenge of securely providing API keys to agents, scripts, and MCPs. Think of it like a password manager, but for your API keys.

Instead of embedding raw keys or asking users to paste them everywhere, Piper uses a centralized model.

You add your keys to Piper once.

• When an app (that supports Piper) needs a key, Piper asks you for permission.

• It then gives the app a temporary, limited pass, not your actual key.

• You can see all permissions on a dashboard and turn them off with a click.

The idea is to give users back control without crippling their AI tools.

I'm also building out a Python SDK (pyper-sdk) to make this easy for devs.

Agent Registration: Developers register their agents and define "variable names" (e.g., open_api_key)

SDK (pyper-sdk):

• The agent uses the SDK which vends a short-lived token that the agent can use to access the specific user secret.

• Also incliudes environment variable fallback in case the agent's user prefers not to use Piper.

• This gives agents temporary, scoped access without them ever handling the user's raw long-lived secrets.