<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Jack Baum</title>
    <description>The latest articles on DEV Community by Jack Baum (@jack_baum_08809d366a13558).</description>
    <link>https://dev.to/jack_baum_08809d366a13558</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3987948%2Fe950d286-d0eb-46e8-8817-6a385ca26f24.png</url>
      <title>DEV Community: Jack Baum</title>
      <link>https://dev.to/jack_baum_08809d366a13558</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/jack_baum_08809d366a13558"/>
    <language>en</language>
    <item>
      <title>I built an encrypted secrets manager so my AI coding agent stops leaking API keys</title>
      <dc:creator>Jack Baum</dc:creator>
      <pubDate>Tue, 16 Jun 2026 21:09:18 +0000</pubDate>
      <link>https://dev.to/jack_baum_08809d366a13558/i-built-an-encrypted-secrets-manager-so-my-ai-coding-agent-stops-leaking-api-keys-3386</link>
      <guid>https://dev.to/jack_baum_08809d366a13558/i-built-an-encrypted-secrets-manager-so-my-ai-coding-agent-stops-leaking-api-keys-3386</guid>
      <description>&lt;p&gt;▎ If you use Claude Code, Cursor, or any AI coding agent,&lt;br&gt;
  ▎ you've probably done this: pasted an API key straight&lt;br&gt;
  ▎ into the chat, left a .env lying around, or — the classic&lt;br&gt;
  ▎ — committed a secret by accident. I got tired of it and&lt;br&gt;
  ▎ built Envkeep.&lt;/p&gt;

&lt;p&gt;The problem&lt;/p&gt;

&lt;p&gt;AI coding sessions need real secrets to do real work:&lt;br&gt;
  OPENAI_API_KEY, a database URL, a Stripe key. The path of&lt;br&gt;
  least resistance is to paste the value into the&lt;br&gt;
  conversation. Now your secret is in a transcript, maybe in&lt;br&gt;
  logs, maybe synced to a cloud. Multiply that across every&lt;br&gt;
  session and every project and it's a mess.&lt;/p&gt;

&lt;p&gt;The idea&lt;/p&gt;

&lt;p&gt;Split the problem in two:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Humans get a GUI to manage secrets.&lt;/li&gt;
&lt;li&gt;Agents get a CLI that hands over one value at a time, on
demand.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;So instead of pasting a key, you tell the agent:&lt;/p&gt;

&lt;p&gt;▎ "the OpenAI key is in envkeep — grab&lt;br&gt;
  ▎ my-app/OPENAI_API_KEY."&lt;/p&gt;

&lt;p&gt;…and it runs:&lt;/p&gt;

&lt;p&gt;envkeep get my-app/OPENAI_API_KEY&lt;/p&gt;

&lt;p&gt;One secret. Nothing dumped. The plaintext never goes&lt;br&gt;
  through the chat.&lt;/p&gt;

&lt;p&gt;How it works&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Source of truth: an age-encrypted vault.age (X25519 +
ChaCha20-Poly1305). Only ciphertext ever hits disk or git —
you can sync it through any private repo and the host only
sees encrypted bytes.&lt;/li&gt;
&lt;li&gt;Decrypt-on-demand by default: no plaintext sits cached
anywhere. (There's an optional macOS Keychain cache with
auto-lock if you want speed.)&lt;/li&gt;
&lt;li&gt;Projects: secrets are project/KEY, so envkeep env my-app
can load a whole project's variables at once: eval
"$(envkeep env my-app)".&lt;/li&gt;
&lt;li&gt;A native macOS app (Swift + WKWebView) for the human side
— command palette, search, folders.&lt;/li&gt;
&lt;li&gt;Security you can dial in: Touch ID gate, TOTP 2FA (Authy
/ Google Authenticator), auto-relock, clipboard auto-clear,
and an audit log.&lt;/li&gt;
&lt;li&gt;Zero dependencies. Pure Python 3 stdlib + age. No server,
no database, no pip install.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Being honest about the threat model&lt;/p&gt;

&lt;p&gt;Envkeep protects against the realistic stuff: a leaked&lt;br&gt;
  repo, a stolen laptop at rest, a cloud host snooping. It is&lt;br&gt;
  not a replacement for HashiCorp Vault or an HSM, and — by&lt;br&gt;
  design — the CLI runs as you, so a coding agent you trust&lt;br&gt;
  to run commands can read what you point it at. The win is&lt;br&gt;
  that secrets stop sprawling into chats, .env files, and&lt;br&gt;
  commits.&lt;/p&gt;

&lt;p&gt;Try it&lt;/p&gt;

&lt;p&gt;brew install jackofshadowz/tap/envkeep&lt;br&gt;
  envkeep init&lt;/p&gt;

&lt;p&gt;It's MIT-licensed and open source:&lt;br&gt;
  &lt;a href="https://github.com/jackofshadowz/envkeep" rel="noopener noreferrer"&gt;https://github.com/jackofshadowz/envkeep&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;I'd love feedback — especially on the agent workflow and&lt;br&gt;
  the security model. What would you want before trusting it&lt;br&gt;
  with real keys?&lt;/p&gt;

</description>
      <category>security</category>
      <category>opensource</category>
      <category>ai</category>
      <category>productivity</category>
    </item>
  </channel>
</rss>
