Skip to main content

Quickstart

This guide gets you from zero to protected in about 5 minutes.

1. Install

npm install github:SirTingling/takumo
# pnpm
pnpm add github:SirTingling/takumo

# yarn
yarn add SirTingling/takumo

2. Create a test file

Make a file with some secrets:
// test-secrets.ts (example values only)
const config = {
  awsKey: "AKIAIOSFODNN7EXAMPLE",
  dbUrl: "postgres://admin:examplepass@prod.internal:5432/myapp",
  stripeKey: "sk_test_EXAMPLEKEY123"
};

export default config;

3. Scan for secrets

npx takumo-aegis scan test-secrets.ts
Output:
Scanning: test-secrets.ts

Found 3 secrets:

  Line 3   AWS Access Key         AKIAEXAMPLE...
  Line 4   Database URL           postgres://***...
  Line 5   Stripe Secret Key      sk_test_EXAMPLE...

Run `takumo-aegis tokenize test-secrets.ts` to see tokenized output.

4. See what Claude would receive

npx takumo-aegis tokenize test-secrets.ts
Output:
const config = {
  awsKey: "__TAKUMO_v1_KEY_8f3a2b1c__",
  dbUrl: "__TAKUMO_v1_CONN_4d5e6f7a__",
  stripeKey: "__TAKUMO_v1_KEY_1a2b3c4d__"
};

export default config;
This is exactly what gets sent to the AI. No real secrets.

5. Full round-trip with Claude

Set your API key:
export ANTHROPIC_API_KEY=sk-ant-api03-...
Run with a prompt:
npx takumo-aegis shield test-secrets.ts --prompt "Add input validation and error handling"
What happens:
  1. Takumo detects 3 secrets
  2. Replaces them with tokens
  3. Sends tokenized code to Claude with your prompt
  4. Gets Claude’s response (still has tokens)
  5. Swaps tokens back to real secrets
  6. Outputs the final code
Your secrets never left your machine.

Next steps