Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.codezero.io/llms.txt

Use this file to discover all available pages before exploring further.

This guide walks you through setting up cordon to inject a credential into an HTTPS request — using httpbin.org/headers so you can see the injected header in the response. It’s also a good way to confirm everything is working as expected before configuring your real API routes. Cordon is project-first — running cordon setup in a project directory creates a cordon.toml there with the project’s routes and credentials isolated from other projects. A user-wide scope is also available for tools that span projects. See Scopes for details.

1. Run setup

cordon setup
The wizard generates CA certificates, creates a config file, and walks you through adding your first route. Say yes when asked to trust the CA certificate. Then say yes when prompted to add a route, enter httpbin.org as the host, httpbin as the route name, header as the auth type, Authorization as the header name, accept the default Bearer scheme, choose keyring as the secret source, and enter httpbin as the keyring account. Say no when asked to install cordon as a background service for this quickstart. After setup, store a test token in the keyring: 
cordon secret set httpbin
# When prompted, enter any value — e.g. "my-secret-token"
On macOS, cordon secret set stores credentials via the system keyring using an entry that cordon owns. This avoids the repeated “allow access to keychain” permission dialogs you’d see if cordon tried to read credentials stored by another application.

2. Start the proxy

cordon start
You’ll see output like: 
INFO cordon: listening on 127.0.0.1:6790
INFO cordon: route "httpbin" → httpbin.org (header)
INFO cordon: health endpoint ready

3. Route traffic through the proxy

In a separate terminal: 
eval "$(cordon env)"

curl https://httpbin.org/headers
httpbin echoes back all request headers. You should see your injected credential in the response: 
{
  "headers": {
    "Accept": "*/*",
    "Authorization": "Bearer my-secret-token",
    "Host": "httpbin.org",
    "User-Agent": "curl/8.7.1"
  }
}
Notice the Authorization header — you never sent it. Cordon intercepted the request, matched the httpbin.org route, and injected the credential from your keyring. You can add more routes with cordon route add, or edit existing ones with cordon route edit <name>. Prefer those commands over hand-editing cordon.toml; they validate the route and write the safer configuration for you.

Next steps

Claude Code Setup

One-command setup for AI agent workflows

1Password Guide

Detailed 1Password setup and security model

Secret Sources

Configure 1Password and OS keyring

CLI Reference

All CLI commands and options