RSS

Show HN: AVP – an agent can't leak a secret it never had

radku1 pts0 comments

A process can t leak a secret it never had.Shai-hulud, prompt-injection - you name it. They cannot steal what your agent (or an process) don t have.I run coding agents (Claude Code, Codex) on my own machines most of the day. Every one of them wants real API keys in env and I was scratching my head for the last few months how to contain it.The usual answer to this is a firewall. I don t buy it. A firewall tries to contain a secret the process is still holding, and the rules are painful to maintain.AVP gives the agent a placeholder and injects the real value at the last moment, on the wire: ``` # the agent s env holds only a placeholder STRIPE_API_KEY=avp-placeholder # agent sends: Authorization: Bearer avp-placeholder # AVP forwards upstream: Authorization: Bearer sk_live_...real... ```Keep your passwords in your vault where they belong. AVP initially relies on Bitwarden as a secret manager. It s MIT licensed.Appreciate any feedback.

agent secret placeholder process real leak

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.