1/22/2026 at 2:02:54 PM
by xinbenlv
1/23/2026 at 6:17:44 AM
The solution that Anthropic uses for Claude Code Web for repository access is to not give the LLM any secrets at all - anything requiring escalated privilege is done through a proxy which holds the credentials.by bilbo-b-baggins
1/23/2026 at 7:45:08 AM
Concrete setup: (1) All secrets in 1Password/Bitwarden with CLI, (2) Agent sandbox with no env var access, (3) Wrapper scripts that fetch secrets on-demand and inject at runtime, (4) Context scrubbers that strip secrets before LLM sees logs. Key insight: don't prevent agent access to secrets, prevent secrets from entering agent context/logs. Different problem, solvable with tooling.by varshith17
1/22/2026 at 10:33:18 PM
TBH, the best pattern I've seen is just nuking the secrets at the input level. Run a local regex watcher in-memory that flags anything looking like a PK or seed phrase before it even hits the agent's context window. Keeps it off the network stack entirelyby CriptoSeguro25
1/22/2026 at 10:40:21 PM
Any prompt injection attack could by pass this by simply do a base64 or any encoding, I guess?by xinbenlv
1/22/2026 at 11:14:59 PM
You ar absolutely right. Obfuscation like Base64 or rot13 will always beat static Regex. I was thinking more in terms of a seatbelt for accidental leaks user error rather than a defense against adversarial prompt injection. It's about reducing the blast radius of clumsy mistakes, not stopping a determined attacker.by CriptoSeguro25
1/22/2026 at 10:08:29 PM
I’m not too familiar with the space, but a friend of mine works at Descope[0] where they offer IAM solutions for agents.by algebra-pretext
1/22/2026 at 10:41:18 PM
is the permission device+client based or role based?by xinbenlv
1/22/2026 at 10:13:19 PM
Run the agent in a sandbox without access to production secrets.by nojs
1/22/2026 at 10:42:06 PM
What if you simply need to give them access. E.g if you want them to do code review you have to at least give them code repo read access. But you don't know if the environment where agent runs will be compromisedby xinbenlv
1/25/2026 at 2:08:04 PM
If you give read access with their own api key they will only get read access, the access that you gave them. Not sure what is the issue.by mejutoco
1/22/2026 at 10:05:04 PM
I've been having success using Doppler for secret storage. Takes it off the filesystem.by deflator
1/22/2026 at 10:42:36 PM
My question is not about on or off storage, is more about when you give agent access, it assume the environment agent runs is safeby xinbenlv