KeyRunner - API Client - Visual Studio Marketplace

Local-first API client for VS Code

Mocking, secret scanning, vault integrations, and controlled agent execution.

KeyRunner is a local-first API client for developers who want more than just a request sender. Build and run requests inside VS Code, import existing collections, generate types from responses, simulate APIs with mocks, and keep secrets under tighter control.

If you are moving from Postman, Bruno, Insomnia, or Thunder Client, KeyRunner is built to preserve the workflow you already know while adding a stronger local execution and secret-handling model.

Why teams switch

Requests stay local. KeyRunner is designed around execution inside your environment instead of proxying API traffic through a third-party service.
Secrets are treated like secrets. Sensitive values are masked in the UI, protected in storage, and can be resolved from external vaults at runtime.
You can do more after the response arrives. Inspect schemas, generate TypeScript types, chain requests, and reuse working calls across collections.
Mocking and testing live in the same tool. Build realistic API workflows without stitching together separate utilities.
There is a path to agent security. Convert approved API actions into controlled tools instead of handing agents raw credentials.

Quick comparison

Capability	KeyRunner
Local-first request execution	Yes
Collections and environments	Yes
Postman / Bruno / Insomnia / Thunder Client migration	Yes
Response schema inspection	Yes
Type generation from responses	Yes
Secret scanning and masking	Yes
Vault integrations	Yes
Mock server workflows	Yes
Controlled agent execution direction	Yes

Core capabilities

API requests, collections, and environments

Build HTTP, REST, GraphQL, gRPC, and WebSocket workflows inside VS Code. Organize requests into collections and folders, switch environments cleanly, and reuse variables across URLs, headers, and payloads with {{variable}} syntax.

Import and migrate faster

Move existing work into KeyRunner instead of rebuilding it by hand. The extension is positioned to support migration workflows from tools your team may already be using, including Postman, Bruno, Insomnia, Thunder Client, and Apigee-based exports.

Local execution and secret-aware workflow

KeyRunner keeps the execution boundary close to the developer environment. Requests run locally, sensitive values are masked in the interface, and secret-like values can be scanned before they spread through collections, screenshots, or shared docs.

Secret stores and vault integrations

For teams that already use a vault, KeyRunner can fit that model instead of fighting it. Credentials can be resolved at runtime rather than copied into collections.

Supported integrations shown in product materials include:

Provider	Type
Google Cloud Secret Manager	Cloud secret manager
HashiCorp Vault	Self-hosted or cloud vault
1Password	Secrets platform
AWS Secrets Manager	Cloud secret manager
Azure Key Vault	Cloud secret manager

Mocking, chaining, testing, and response tooling

KeyRunner is designed for the workflow after "Send":

Chain requests into repeatable flows
Inspect response schemas
Generate TypeScript types from live responses
Build mock server workflows for local development
Create reusable snippets from working requests

Product screens

KeyRunner request builder inside VS Code

Build, organize, and send API requests without leaving VS Code.

_{AI Tool Converter Turn an existing request into a named tool with required inputs and a controlled execution path.}	_{Response Schema Inspect structured response shapes directly from live API results.}
_{Generate Types Create ready-to-use TypeScript definitions from your response payloads.}	_{Vault Integrations Connect enterprise secret managers and resolve credentials at runtime.}

Agent security direction

KeyRunner is also evolving toward controlled agent execution for enterprise teams. The idea is simple: let agents invoke approved API actions without exposing raw credentials or giving them unrestricted downstream access.

That direction includes:

Named tool calls instead of raw keys
Policy checks before execution
Secrets isolated from the agent
Audit visibility around what ran and under which identity

This is an enterprise-oriented part of the platform and should be read as a product direction with active build-out, not the only reason to adopt the extension today.

Get started

Install from VS Code

Open Extensions (Ctrl+Shift+X / Cmd+Shift+X)
Search for KeyRunner
Click Install

Or from Quick Open (Ctrl+P / Cmd+P)

ext install KeyRunner.keyrunner

Open the KeyRunner panel, import an existing collection or create a new request, and start testing locally.

keyrunner.app | Documentation | contact@keyrunner.app

Local-first tooling for secure API workflows and controlled agent execution.