Self-hosted NVIDIA NIM API-key manager with a Claude MCP connector; deploy your own instance.
Self-hosted NVIDIA NIM API-key manager with a Claude MCP connector; deploy your own instance.
The server is a self-hosted, production-ready manager for API keys of your NVIDIA Build/NIM account. It features encrypted storage, key rotation assistance, expiry detection, usage stats, RBAC, audit trails, a web dashboard, and a Claude MCP connector. Deployment is configured via environment variables for quick setup.
๐ ๏ธ Key Features
Encrypted storage for API keys
Assisted rotation and expiry detection
Usage statistics and RBAC/audit support
Web dashboard for management
Claude MCP connector for integration
๐ Use Cases
Self-hosted management of NVIDIA NIM API keys
Encrypted key storage with rotation and expiry workflows
Claude MCP-enabled workflows and integration scenarios
โก Developer Benefits
Deployable via environment variables
Modular features suitable for integration into existing CI/CD
Open-API compatible MCP connector for Claude
โ ๏ธ Limitations
Data and access depend on self-hosted deployment environment
Requires proper configuration of environment variables and security controls
Self-hosted, production-ready manager for the API keys of your own NVIDIA Build/NIM account โ encrypted storage, assisted rotation, expiry detection, usage stats, projects, RBAC, audit, a web dashboard, and a Claude MCP connector. Deploy your own instance in a few minutes; everything is configured through environment variables.
NVIDIA Terms of Service. NVIDIA Build offers no public API to create or rotate keys programmatically (you generate them at build.nvidia.com), and API keys must not be shared or redistributed to third parties. This project is therefore designed for you to manage your own keys on your own instance: the only outbound call is the official read-only validation endpoint GET https://integrate.api.nvidia.com/v1/models. It does not automate or scrape the NVIDIA portal, and it is not a service for handing your keys to other people.
Deploy your own (no local setup)
Click the button (or Use this template โ Create repository, then in Render pick New โ Blueprint and select your fork). Render reads render.yaml and provisions everything automatically:
a managed PostgreSQL database,
the Dockerized web service with a health check,
the secrets JWT_SECRET, ENCRYPTION_MASTER_KEY and MCP_OAUTH_JWT_SIGNING_KEY (generated and stored by Render's secret manager),
DATABASE_URL injected from the database.
When prompted, set FIRST_ADMIN_EMAIL and FIRST_ADMIN_PASSWORD (your initial admin, created on first boot).
Open the service URL: log in at /, explore the API at /docs.
Every push to main runs CI (lint + types + tests + build) and redeploys automatically. Migrations (alembic upgrade head) run on container start.
Prefer another host? Any platform that runs a Docker container + PostgreSQL works โ see docs/deployment.md.
Use it from Claude (MCP connector)
The same deployment exposes a Model Context Protocol server at โนBASEโบ/mcp so you can add it to Claude as a custom connector. Claude authenticates with OAuth 2.1 (GitHub by default, Google optional) and can list/inspect keys, dispense a ready-to-use key, register/rotate/revoke and manage projects โ with the same RBAC and audit trail as the REST API. Only identities in MCP_ALLOWED_IDENTITIES may connect (fail-closed).
Create a GitHub OAuth App with callback โนBASEโบ/auth/callback; copy the Client ID/Secret.
In Render set MCP_GITHUB_CLIENT_ID, MCP_GITHUB_CLIENT_SECRET and MCP_ALLOWED_IDENTITIES (your GitHub login/e-mail). The rest is already in render.yaml.
Full guide (Google, tool reference, security, troubleshooting): docs/connector.md.
Features
Secure key registration โ encrypted at rest with AES-256-GCM (key derived via HKDF-SHA256 from the platform secret manager). Never stored or logged in plaintext.
Assisted, audited rotation โ you create the new key in your NVIDIA account, paste it, and the system performs an atomic swap (new key active, old one revoked with a rotated_from_id lineage link).
Periodic validation โ automatic sweep against NVIDIA every 6 h (configurable) that flags invalid/revoked keys.
Key dispensing โ GET /api/v1/keys/dispense returns the least-recently-used active key (LRU), globally or per project, recording usage.
Projects โ group keys by consumer/workload.
Statistics โ inventory by status, dispenses, usage time series.
Security โ JWT (access + refresh), roles admin/manager/viewer, rate limiting, immutable audit of every sensitive operation.
Claude connector (MCP) โ OAuth-secured MCP server at /mcp (see above).
Operations โ structured JSON logging, Prometheus metrics at /metrics, health check at /health, OpenAPI at /docs.
Architecture
code
app/
โโโ domain/ # Enums and domain exceptions (no dependencies)
โโโ application/ # Use cases (services) and ports (interfaces)
โ โโโ services/ # auth, users, keys, projects, stats, audit
โโโ infrastructure/ # Adapters: SQLAlchemy (repositories) and NVIDIA gateway
โโโ api/ # FastAPI: routers, schemas, deps, rate limiting
โโโ mcp/ # Claude connector: MCP server, OAuth and identity mapping
โโโ dashboard/ # Lightweight SPA served at /
โโโ tasks/ # Scheduled jobs (APScheduler)
โโโ core/ # Config, crypto, security, logging
Pragmatic Clean Architecture: dependencies point inward; the application layer knows nothing about FastAPI and reaches NVIDIA through the KeyValidator port. Details and decisions in docs/architecture.md.
BASE=https://your-service.onrender.com
# Log in (the admin was created on first boot)
TOKEN=$(curl -s $BASE/api/v1/auth/login -H 'Content-Type: application/json' \
-d '{"email":"you@example.com","password":"your-password"}' | jq -r .access_token)
# Register a key created at build.nvidia.com (validating it against NVIDIA)
curl -s $BASE/api/v1/keys -H "Authorization: Bearer $TOKEN" -H 'Content-Type: application/json' \
-d '{"name":"prod-1","api_key":"nvapi-...","validate_remote":true}'# Get an available key (LRU) to use in your application
curl -s "$BASE/api/v1/keys/dispense" -H "Authorization: Bearer $TOKEN"
More examples (rotation, projects, stats, audit) in docs/api-examples.md. Interactive OpenAPI at /docs.
pip install -e ".[dev]"
pytest --cov=app # required coverage gate: 85% (currently ~94%)
ruff check . && mypy app
docker compose up # local stack with PostgreSQL
Security
Threat model, cryptographic details and design decisions in docs/security.md. Key points: AES-256-GCM encryption with a key derived (HKDF) from the secret manager, SHA-256 fingerprints to deduplicate without exposing the secret, short-lived signed JWTs, argon2 password hashing, per-IP rate limiting, audit of every sensitive operation, and no plaintext keys in logs or responses except the explicit dispense endpoint. To report a vulnerability, see SECURITY.md.