<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: James</title>
    <description>The latest articles on DEV Community by James (@james_e07a45af2915e448367).</description>
    <link>https://dev.to/james_e07a45af2915e448367</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4016242%2F21f3d9ee-76c4-4a8b-a235-7bb740c6cdcf.png</url>
      <title>DEV Community: James</title>
      <link>https://dev.to/james_e07a45af2915e448367</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/james_e07a45af2915e448367"/>
    <language>en</language>
    <item>
      <title>I Built Authsia Because AI Agents Shouldn't Need to See Your Secrets</title>
      <dc:creator>James</dc:creator>
      <pubDate>Sun, 05 Jul 2026 14:05:41 +0000</pubDate>
      <link>https://dev.to/james_e07a45af2915e448367/i-built-authsia-because-ai-agents-shouldnt-need-to-see-your-secrets-1e17</link>
      <guid>https://dev.to/james_e07a45af2915e448367/i-built-authsia-because-ai-agents-shouldnt-need-to-see-your-secrets-1e17</guid>
      <description>&lt;p&gt;AI coding agents are becoming part of the normal developer workflow.&lt;/p&gt;

&lt;p&gt;They run tests. They inspect repos. They start dev servers. They call CLIs. They debug deployment scripts. They sometimes need the same secrets a human developer needs: API keys, SSH keys, tokens, certificates, &lt;code&gt;.env&lt;/code&gt; values.&lt;/p&gt;

&lt;p&gt;And the default answer is still usually:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;"Just paste the key into the terminal."&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Or:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;"Put it in &lt;code&gt;.env&lt;/code&gt; and hope nothing weird happens."&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;That feels wrong.&lt;/p&gt;

&lt;p&gt;Not because developers are careless, but because the tooling around local secrets was designed for a world where humans typed most commands themselves. Now we have terminals, scripts, CI jobs, local automation, and AI agents all touching the same workflows.&lt;/p&gt;

&lt;p&gt;I built &lt;strong&gt;Authsia&lt;/strong&gt; to make that boundary cleaner.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Website: &lt;a href="https://authsia.clarionstack.com" rel="noopener noreferrer"&gt;https://authsia.clarionstack.com&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;GitHub: &lt;a href="https://github.com/james-liang-cs/homebrew-authsia" rel="noopener noreferrer"&gt;https://github.com/james-liang-cs/homebrew-authsia&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  The Problem
&lt;/h2&gt;

&lt;p&gt;Most developer secrets leak through boring places:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;copying API keys into terminals&lt;/li&gt;
&lt;li&gt;leaving plaintext values in &lt;code&gt;.env&lt;/code&gt;
&lt;/li&gt;
&lt;li&gt;giving an AI agent access to an entire shell environment&lt;/li&gt;
&lt;li&gt;loading SSH keys into a long-lived agent&lt;/li&gt;
&lt;li&gt;pasting credentials into scripts during debugging&lt;/li&gt;
&lt;li&gt;forgetting which tool used which secret and when&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Traditional password managers are great for humans. They store credentials. They autofill websites. They help you generate strong passwords.&lt;/p&gt;

&lt;p&gt;But developer workflows need something slightly different.&lt;/p&gt;

&lt;p&gt;A developer secret often needs to be used by a command, not read by a person.&lt;/p&gt;

&lt;p&gt;For example:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;npm &lt;span class="nb"&gt;test
&lt;/span&gt;terraform plan
aws sts get-caller-identity
kubectl apply &lt;span class="nt"&gt;-f&lt;/span&gt; deploy.yaml
ssh ubuntu@server
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The question should not always be:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;"How do I reveal this secret?"&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;It should be:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;"How do I let this command use the secret without exposing more than necessary?"&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;That distinction matters even more when the command is launched by an AI agent.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Authsia Is
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Authsia is a local-first secret vault and CLI for macOS developer workflows.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;It is built around terminals, workspaces, SSH, and local coding agents.&lt;/p&gt;

&lt;p&gt;The core idea is simple:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;Keep secrets in your local vault. Let tools request scoped access only when they need it.&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Authsia gives you:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;a macOS vault for passwords, notes, certificates, SSH keys, and OTP codes&lt;/li&gt;
&lt;li&gt;a CLI for developer workflows&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;authsia://&lt;/code&gt; secret references for commit-safe config&lt;/li&gt;
&lt;li&gt;workspace-aware secret injection with masked command output&lt;/li&gt;
&lt;li&gt;guarded terminal shims&lt;/li&gt;
&lt;li&gt;Agent JIT approvals for scoped &lt;code&gt;list&lt;/code&gt; and &lt;code&gt;exec&lt;/code&gt; workflows&lt;/li&gt;
&lt;li&gt;SSH signing through a local Authsia agent&lt;/li&gt;
&lt;li&gt;local audit history&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  A Better &lt;code&gt;.env&lt;/code&gt; Workflow
&lt;/h2&gt;

&lt;p&gt;Instead of committing or copying plaintext secrets, Authsia can turn project secrets into references.&lt;/p&gt;

&lt;p&gt;A repo can contain something like:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;STRIPE_API_KEY=authsia://password/Stripe/password?folder=Project/API
DATABASE_URL=authsia://password/Database/password?folder=Project/API
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Those values are not secrets. They are references.&lt;/p&gt;

&lt;p&gt;The real secret stays in Authsia.&lt;/p&gt;

&lt;p&gt;Then, when you run a command:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;authsia workspace run &lt;span class="nt"&gt;--&lt;/span&gt; npm &lt;span class="nb"&gt;test&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Authsia resolves the references for the child process.&lt;/p&gt;

&lt;p&gt;The secret does not need to live in your parent shell forever. It does not need to be pasted into chat. It does not need to sit raw in your repo.&lt;/p&gt;

&lt;p&gt;For setup:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;authsia workspace init
authsia workspace status
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The goal is not to make secret management fancy. The goal is to make the safer path feel like the normal path.&lt;/p&gt;

&lt;h2&gt;
  
  
  Concealed Secret Output
&lt;/h2&gt;

&lt;p&gt;A secret can still leak even if you never paste it manually.&lt;/p&gt;

&lt;p&gt;Sometimes a script prints the environment. Sometimes a test failure dumps config. Sometimes an agent runs the wrong diagnostic command.&lt;/p&gt;

&lt;p&gt;That is why Authsia's &lt;code&gt;exec&lt;/code&gt; path masks secret output.&lt;/p&gt;

&lt;p&gt;When you run a command through Authsia:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;authsia &lt;span class="nb"&gt;exec&lt;/span&gt; &lt;span class="nt"&gt;--env-file&lt;/span&gt; .env &lt;span class="nt"&gt;--&lt;/span&gt; npm &lt;span class="nb"&gt;test&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;or through a secret-bearing workspace command:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;authsia workspace run &lt;span class="nt"&gt;--&lt;/span&gt; npm &lt;span class="nb"&gt;test&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Authsia resolves the needed secrets for the child process, then masks approved secret values from stdout and stderr before they appear in the terminal.&lt;/p&gt;

&lt;p&gt;So if a tool accidentally prints an injected API key, Authsia attempts to conceal the raw value in command output.&lt;/p&gt;

&lt;p&gt;This is not a replacement for writing safe scripts. It does not make arbitrary programs harmless. But it gives the local workflow a useful last-mile guardrail: secrets can be used by the command without casually showing up in terminal output, agent logs, or copied debugging text.&lt;/p&gt;

&lt;h2&gt;
  
  
  Agent JIT Approvals
&lt;/h2&gt;

&lt;p&gt;The biggest reason I built Authsia is simple:&lt;/p&gt;

&lt;p&gt;AI agents should be able to use secrets without getting broad secret-reading powers.&lt;/p&gt;

&lt;p&gt;That is where &lt;strong&gt;Agent JIT approvals&lt;/strong&gt; come in.&lt;/p&gt;

&lt;p&gt;JIT means just-in-time. In Authsia, JIT is triggered only when Authsia detects a local coding agent, IDE helper, or explicitly agent-marked command making an eligible Authsia request.&lt;/p&gt;

&lt;p&gt;It is not triggered for normal human terminal usage. A developer typing Authsia commands directly keeps the normal session or biometric approval flow.&lt;/p&gt;

&lt;p&gt;Agent JIT is intentionally narrow. It only permits:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;code&gt;list&lt;/code&gt; for approved metadata discovery&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;exec&lt;/code&gt; for running a command with scoped secrets injected into one child process&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;It does not permit plaintext export commands like:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;code&gt;get&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;&lt;code&gt;read&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;&lt;code&gt;load&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;&lt;code&gt;inject&lt;/code&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;It also does not authorize OTP or SSH secret use through the JIT &lt;code&gt;exec&lt;/code&gt; path. JIT &lt;code&gt;exec&lt;/code&gt; is for password, certificate, and note references. SSH should use Authsia's SSH-agent flow instead.&lt;/p&gt;

&lt;p&gt;An agent can discover approved metadata:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;authsia list passwords &lt;span class="nt"&gt;--format&lt;/span&gt; table
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;And it can run a command through Authsia:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;authsia &lt;span class="nb"&gt;exec&lt;/span&gt; &lt;span class="nt"&gt;--env-file&lt;/span&gt; .env &lt;span class="nt"&gt;--&lt;/span&gt; npm &lt;span class="nb"&gt;test&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;In a workspace flow:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;authsia workspace run &lt;span class="nt"&gt;--&lt;/span&gt; npm &lt;span class="nb"&gt;test&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;If that workspace command consumes &lt;code&gt;authsia://&lt;/code&gt; references, Authsia routes it through the same &lt;code&gt;exec&lt;/code&gt; boundary where JIT approval can apply for detected agents. If there are no secret inputs, workspace run can pass through without firing JIT.&lt;/p&gt;

&lt;p&gt;The grant is visible in Access Center, exact-folder scoped, tied to the agent/caller context, and temporary.&lt;/p&gt;

&lt;p&gt;That is the boundary I want for AI-assisted development: agents can do useful work, but JIT does not become unlimited secret access.&lt;/p&gt;

&lt;h2&gt;
  
  
  Guarded Terminal
&lt;/h2&gt;

&lt;p&gt;Sometimes you do not want to prefix every command with &lt;code&gt;authsia workspace run&lt;/code&gt;.&lt;/p&gt;

&lt;p&gt;For that, Authsia has a guarded terminal mode:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;eval&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="si"&gt;$(&lt;/span&gt;authsia workspace guard &lt;span class="nt"&gt;--print-env&lt;/span&gt;&lt;span class="si"&gt;)&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Guarded mode adds Authsia shims for common developer tools like:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;npm, pnpm, yarn, python, pip, docker, aws, kubectl, terraform, pulumi
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The idea is to keep familiar commands familiar, while still routing secret-bearing workflows through Authsia.&lt;/p&gt;

&lt;p&gt;So instead of redesigning your whole workflow, Authsia sits at the boundary where secrets are needed.&lt;/p&gt;

&lt;h2&gt;
  
  
  SSH Is Part Of The Same Problem
&lt;/h2&gt;

&lt;p&gt;SSH keys are developer secrets too.&lt;/p&gt;

&lt;p&gt;Authsia includes a local SSH agent. After shell integration:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;&lt;span class="nb"&gt;eval&lt;/span&gt; &lt;span class="s2"&gt;"&lt;/span&gt;&lt;span class="si"&gt;$(&lt;/span&gt;authsia init zsh&lt;span class="si"&gt;)&lt;/span&gt;&lt;span class="s2"&gt;"&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Git and SSH can use Authsia through &lt;code&gt;SSH_AUTH_SOCK&lt;/code&gt;.&lt;/p&gt;

&lt;p&gt;You can adopt existing keys:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;authsia ssh adopt &lt;span class="nt"&gt;--path&lt;/span&gt; ~/.ssh &lt;span class="nt"&gt;--dry-run&lt;/span&gt;
authsia ssh adopt &lt;span class="nt"&gt;--path&lt;/span&gt; ~/.ssh &lt;span class="nt"&gt;--yes&lt;/span&gt; &lt;span class="nt"&gt;--folder&lt;/span&gt; Infra/SSH
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The aim is to move SSH usage away from loose private key files and toward a local approval and audit boundary.&lt;/p&gt;

&lt;p&gt;It is still normal SSH. It is just less casual about where private keys live.&lt;/p&gt;

&lt;h2&gt;
  
  
  Local-First By Design
&lt;/h2&gt;

&lt;p&gt;Authsia is intentionally local-first.&lt;/p&gt;

&lt;p&gt;Secrets are stored in your local Keychain-backed vault, with optional iCloud Keychain sync depending on your setup. The CLI talks to the local app. The audit trail is local. There is no analytics layer trying to understand your workflow.&lt;/p&gt;

&lt;p&gt;That matters to me because developer tools should not require sending sensitive workflow metadata to another service unless there is a very good reason.&lt;/p&gt;

&lt;p&gt;For a lot of solo developers, indie hackers, and small teams, the local machine is still the center of gravity.&lt;/p&gt;

&lt;p&gt;Authsia is built for that reality.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Authsia Is Not
&lt;/h2&gt;

&lt;p&gt;Authsia is not magic.&lt;/p&gt;

&lt;p&gt;It does not make unsafe automation automatically safe. It does not replace good cloud IAM. It does not turn every local workflow into an enterprise access-control system.&lt;/p&gt;

&lt;p&gt;What it does is give developers a better default for local secrets:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;references instead of plaintext&lt;/li&gt;
&lt;li&gt;child-process injection instead of parent-shell exposure&lt;/li&gt;
&lt;li&gt;short-lived grants instead of permanent agent access&lt;/li&gt;
&lt;li&gt;SSH agent integration instead of scattered private keys&lt;/li&gt;
&lt;li&gt;auditability instead of guessing what happened&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;That is the layer I wanted as AI agents became part of my daily workflow.&lt;/p&gt;

&lt;h2&gt;
  
  
  Try Authsia
&lt;/h2&gt;

&lt;p&gt;If you work with terminals, SSH, &lt;code&gt;.env&lt;/code&gt; files, and AI coding agents, I would love for you to try Authsia and tell me where the workflow still feels rough.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Website: &lt;a href="https://authsia.clarionstack.com" rel="noopener noreferrer"&gt;https://authsia.clarionstack.com&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;GitHub: &lt;a href="https://github.com/james-liang-cs/homebrew-authsia" rel="noopener noreferrer"&gt;https://github.com/james-liang-cs/homebrew-authsia&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;CLI Guide: &lt;a href="https://authsia.clarionstack.com/cli.html" rel="noopener noreferrer"&gt;https://authsia.clarionstack.com/cli.html&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Install with Homebrew:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;brew &lt;span class="nb"&gt;install&lt;/span&gt; &lt;span class="nt"&gt;--cask&lt;/span&gt; james-liang-cs/authsia/authsia
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Then launch the app once and check the CLI:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;authsia status
authsia workspace init
authsia workspace run &lt;span class="nt"&gt;--&lt;/span&gt; npm &lt;span class="nb"&gt;test&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;AI agents should be able to help us build software.&lt;/p&gt;

&lt;p&gt;They should not need unlimited access to every secret in our shell to do it.&lt;/p&gt;

</description>
      <category>security</category>
      <category>ai</category>
      <category>devtools</category>
      <category>productivity</category>
    </item>
  </channel>
</rss>
