HN
Today

Show HN: Agent Vault – Open-source credential proxy and vault for agents

AI agents are notoriously bad at keeping secrets, prone to prompt injection, and generally non-deterministic, making traditional credential management a security nightmare. Infisical's new open-source Agent Vault tackles this by brokering API requests through a proxy, ensuring agents never directly possess sensitive credentials. This innovative approach resonates with HN's focus on practical, secure solutions for emerging AI challenges.

57
Score
17
Comments
#6
Highest Rank
16h
on Front Page
First Seen
Apr 23, 9:00 PM
Last Seen
Apr 24, 12:00 PM
Rank Over Time
158699913161717182122232627

The Lowdown

Agent Vault is an open-source HTTP credential proxy and vault designed specifically for AI agents, tackling the critical problem of securely granting agents access to services without exposing sensitive credentials. Unlike traditional workloads, AI agents are non-deterministic and highly susceptible to prompt injection, making them prone to leaking any secrets they directly possess.

Key aspects of Agent Vault and its design include:

  • Problem Solved: It addresses credential exfiltration, where agents could be manipulated into revealing their access tokens or keys.
  • Credential Brokering: Agent Vault implements a "credential brokering" pattern, acting as an egress proxy. Agents make requests to the proxy, which then injects the necessary credentials before forwarding the request to the target service.
  • MITM Architecture: It operates as a local forward proxy using an HTTPS_PROXY environment variable, performing TLS termination to inspect traffic and inject credentials before establishing a new upstream TLS connection. This also allows for potential firewall-like features.
  • No Direct Possession: A core principle is that agents never directly receive or store credentials; they only interact with the proxy.
  • Portability: Implemented as a single Go binary, it's highly portable and can be self-hosted, deployed via Docker, or from source.
  • Agent Compatibility: Designed to work with any agent that communicates over HTTP, including custom Python/TypeScript agents, sandboxed processes, and coding agents like Claude Code or Codex.
  • Security Features: Credentials are encrypted at rest (AES-256-GCM), and it provides request logging.
  • Research Preview: The project is currently in active development, with an unstable API, and is presented as a research preview.

Agent Vault aims to establish a more secure paradigm for secrets management in agentic systems, inviting community collaboration to refine and expand its capabilities for diverse AI agent use cases.

The Gossip

Credential Conundrum Clarified

Commenters largely validated the core idea of credential brokering at the proxy layer as the 'right mental model' for agent security, especially given the risks of prompt injection. The author reinforced this, emphasizing that the goal is to prevent agents from ever possessing credentials directly. There was a discussion about the distinction between credential exfiltration (what Agent Vault solves) and data exfiltration, with the author clarifying that while the proxy itself could be targeted for data, Agent Vault prevents direct credential access and should be part of a locked-down network.

Identity vs. Credentials

A significant discussion revolved around Agent Vault's scope, distinguishing between credential management and broader 'agent identity.' While Agent Vault focuses on securing how agents use credentials, users inquired about how it handles agent identity or authentication to backend services. The author, dangtony98, clarified that Agent Vault doesn't address the identity piece directly, but sees it as a logical next step, noting that identity for agents would require a larger ecosystem-wide shift. Another commenter pointed to 'zeroid' as a separate solution for agent identity.

Integration & Ecosystem

Users expressed excitement and inquired about how Agent Vault integrates with Infisical's existing secret management platform. The author confirmed that a closer integration between Agent Vault and Infisical Cloud vaults is planned, viewing Agent Vault as a crucial delivery mechanism for agents using secrets managed centrally by Infisical. Some comparisons were also drawn to similar tools like 'executor.sh' and 'Onecli'.

Layered Security Logic

The discussion touched on the importance of Agent Vault as one layer within a comprehensive security strategy. Commenters highlighted that while Agent Vault prevents credential exfiltration, additional measures like container isolation and network lockdown are essential to mitigate other risks, such as data exfiltration or unauthorized proxy access. The author confirmed the need for network hardening around Agent Vault for a full deployment.