Install it, lock your keys, and run your app. The details below explain what each protection layer actually does.
Keys are split using XOR-based secret sharing (a one-time pad variant). This is information-theoretically secure — a stolen share reveals nothing about the original key, even with unlimited compute.
| Algorithm | XOR / one-time pad secret sharing (2-of-2) |
| Security model | Information-theoretic — cannot be broken by brute force |
| Share A | Local filesystem, encrypted at rest |
| Share B | Proxy process memory only — never written to disk |
| Key in memory | Reconstructed ephemerally, zeroed immediately after use |
| Cloud dependency | None — everything runs locally |
Set a spending cap per key. When the counter reaches your limit, the proxy refuses to reconstruct the key — even if both shares are available. Hard stop at the infrastructure layer.
| Enforcement layer | Proxy — happens before key reconstruction |
| Bypass possible? | No — the app cannot override the proxy |
| Scope | Per-key spending counter |
| Reset | Manual (worthless reset-budget) |
Built-in pre-commit hook scans staged files for raw API keys before any commit lands in git history. First line of defense; the split-key proxy is the second.
| Integration | pre-commit framework (.pre-commit-config.yaml) |
| Detects | OpenAI, Anthropic, AWS, Stripe, and common patterns |
| Action | Commit is blocked — not just warned |
| CI support | Works in GitHub Actions via pre-commit.ci |
Prefix any command with worthless wrap. Your application reads environment variables exactly as before. No SDK changes, no import changes.
| Before | python app.py |
| After | worthless wrap python app.py |
| Works with | Python, Node.js, Ruby, Docker, any shell command |
worthless unlock restores your original .env exactly as before. Proxy stops. Shares deleted. No dependency on Worthless remaining installed.
| Command | worthless unlock |
| Result | Original .env restored, proxy stopped, shares deleted |
| Lock-in | None |
No cloud. No account. No keys touching anyone else's server. AGPL-3.0 licensed. Zero telemetry.
| License | AGPL-3.0 |
| Cloud services | None required |
| Telemetry | Zero |
Against common alternatives in the secrets/security space.
| Capability | worthless | Vault / Secrets Mgr | detect-secrets | .gitignore |
| Prevents commits with raw keys | ✓ | ✗ | ✓ | Partial |
| Post-leak protection | ✓ | ✗ | ✗ | ✗ |
| Leaked key is cryptographically useless | ✓ | ✗ | ✗ | ✗ |
| Budget / hard spending cap | ✓ | ✗ | ✗ | ✗ |
| Zero code changes | ✓ | ✗ | ✓ | ✓ |
| Fully self-hosted | ✓ | Optional | ✓ | ✓ |
| Open source | ✓ | ✓ | ✓ | — |
Install in one command. Protect your first key in under a minute.