MIT-Licensed
The repo includes an MIT license, so teams can use, modify, and self-host Heimdall without a paywall.
Heimdall is MIT-licensed, open source, and free to use. Clone the repo, self-host the proxy, connect the local agent, and keep real API keys off developer machines and AI agents.
The agent sends the real secret in plain sight.
curl https://api.openai.com/v1/models \
-H "Authorization: Bearer sk-01-1234456"The agent only gets a safe placeholder token.
curl https://api.openai.com/v1/models \
-H "Authorization: Bearer __OPENAI_API_KEY__"Use, modify, fork, and self-host Heimdall freely.
Start with git clone and follow the upstream quickstart.
Manage clients, secrets, and audit logs through the built-in panel.
Heimdall ships under the MIT license, lives in a public GitHub repository, and already includes the proxy server, local agent, and optional admin panel you need to run it yourself.
The repo includes an MIT license, so teams can use, modify, and self-host Heimdall without a paywall.
The setup path is documented from git clone through proxy setup, local-agent install, and transparent verification.
Enable the built-in panel to manage clients, stored secrets, AWS-backed secrets, and audit logs at /panel/.
Today, every AI agent gets your raw API keys and secrets. One prompt injection, one compromised agent and your credentials are in the hands of attackers.
Click a threat to see how Heimdall defeats it
AI agents receive your actual API keys in plaintext. A single leak means attackers get full, unrestricted access to your services.
Agents only see safe aliases. Heimdall's proxy swaps them for real credentials at request time the actual secret is never exposed.
Prompt injection attacks can trick agents into sending your real secrets to attacker-controlled servers and you would never know.
Each token is bound to its intended destination. An agent trying to send credentials anywhere unauthorized is instantly blocked.
Nothing stops an agent from sending your keys to a random third-party URL, or making thousands of calls you never authorized.
Set per-token rate limits, daily caps, and budget thresholds. No agent can exceed the boundaries you define.
No logs, no rate limits, no audit trail. You have no idea which agent used which token, how many times, or where it was sent.
See exactly which agent used which token, how many times, and to what URL. Real-time dashboards and alerts for every action.
Instead of handing raw API keys to AI agents, Heimdall gives them placeholders.
Use __OPENAI_API_KEY__ in your app and Heimdall injects the real
credential at request time. The secret never leaves the vault.
Agents and developers use placeholders like __OPENAI_API_KEY__ or __STRIPE_KEY__. Heimdall swaps them for real credentials at the proxy layer, so the live secret stays server-side.
Restrict each secret to its intended destination. __OPENAI_API_KEY__ only works for api.openai.com; any attempt to send it elsewhere is instantly blocked.
Set per-token rate limits, daily caps, and budget thresholds. Prevent runaway agents from burning through your API credits or making unauthorized bulk requests.
See exactly which agent used which token, how many times, and to what URL. Real-time dashboards and alerts for every suspicious pattern.