Inject credentials at the network layer

Gatekeeper is a TLS-intercepting proxy. Route HTTPS through it and authentication headers are injected transparently based on hostname. Clients never see raw tokens.

Ships as a CLI, Go library, and MCP relay.
Powers Moat's network-layer credential injection. Works standalone or embedded.

# Install
$ go install github.com/majorcontext/gatekeeper/cmd/gatekeeper@latest

# Start the proxy
$ gatekeeper --config gatekeeper.yaml

# Make a request — credential injected automatically
$ curl --proxy http://127.0.0.1:9080 --cacert ca.crt https://api.github.com/user

Credentials

TLS Interception

Per-host certificates generated on demand from your CA. The proxy terminates TLS, reads the request, injects the header, and forwards over a fresh upstream TLS connection.

Hostname-Based Injection

Map upstream hosts to credentials in YAML. Headers are added only for matching requests — everything else passes through untouched.

Pluggable Sources

Env vars and static values for development. AWS Secrets Manager, GCP Secret Manager, GitHub App tokens, and RFC 8693 token exchange for production.

Network Policy

Permissive by default, strict allowlist when you need it. Block egress to anything outside your declared host list.

Integration

Standard HTTP Proxy

Any client that honors HTTPS_PROXY can route through Gatekeeper. No SDK or library required.

MCP Relay

Forward Model Context Protocol requests to upstream MCP servers with credential injection and SSE streaming preserved.

OpenTelemetry

Traces, metrics, and logs configured entirely via standard OTEL_* environment variables. Canonical log line per request.

Go Library

Embed the proxy directly in your Go tooling. Full programmatic control over config, credential sources, and lifecycle.

Why This Exists

Tokens in environment variables are the path of least resistance — and the source of most leaks. Once a credential is in $GITHUB_TOKEN, anything running in that process can read it, log it, or exfiltrate it. The agent told to "not read secrets" can still read secrets.

Gatekeeper moves credentials out of the process and into the network path. The client makes an authenticated request without ever holding the token. Configuration declares which upstream hosts get which credentials, and where those credentials come from. Everything else is a vanilla HTTPS proxy.

Get Started

Introduction — How credential injection and TLS interception fit together
Installation — Install the binary and generate a CA
Quick Start — Proxy your first authenticated request

Gatekeeper is open source and in active development. APIs and configuration formats may change. View github.com/majorcontext/gatekeeper for the latest updates.