DEV Community

Sarvesh Sonkusre
Sarvesh Sonkusre

Posted on

Why AI Coding Agents Should Never See Your API Keys (and How I Solved It)

AI coding assistants have fundamentally changed how we build software.

Whether you're using Cursor, Claude Code, Windsurf, or another AI-powered IDE, these tools can read large portions of your project to provide better suggestions. That context often includes configuration files, source code, terminal output—and sometimes your secrets.

That made me stop and ask a simple question:

Why should an AI assistant ever need access to my API keys?

The Problem

Today, almost every application stores credentials like this:

OPENAI_API_KEY=sk-xxxxxxxxxxxxxxxx
STRIPE_SECRET_KEY=sk_live_xxxxxxxxx
DATABASE_URL=postgres://...

These values are commonly loaded into:

.env files
process.env
os.environ
shell variables

This approach works, but it also means that anything with access to your project or process environment can potentially access those credentials.

For AI-assisted development, that introduces an unnecessary level of exposure. Even if you trust your tools, it's good security practice to minimize where secrets exist.

I Started Thinking...

What if applications never stored the real secret?

What if they only saw a placeholder?

Instead of:

OPENAI_API_KEY=sk-xxxxxxxx

What if your project contained:

OPENAI_API_KEY=nv://OPENAI_API_KEY

No plaintext API key.

Nothing valuable to copy.

Nothing meaningful for an AI assistant to read.

The Idea

That led me to build nv-protocol.

Instead of injecting secrets into your application environment, nv-protocol stores encrypted credentials locally and replaces placeholders only when an authorized outbound request is made.

The basic flow looks like this:

Developer


.env

OPENAI_API_KEY=nv://OPENAI_API_KEY


Application


nv-protocol


Secure Vault


External API

Your project never contains the actual secret.

Your source code remains portable.

Your AI assistant only sees placeholders.

Why This Matters

This isn't just about AI.

It's about following a broader security principle:

Only expose sensitive information where it's absolutely required.

If a component doesn't need to know a secret, it shouldn't have access to it.

That philosophy can reduce accidental leaks, simplify code sharing, and make AI-assisted development safer by default.

Current Status

nv-protocol is now available as an open-source project.

✅ Available on npm

npm install -g nv-protocol

✅ Available on PyPI

pip install nv-protocol

Windows Package Manager support is also on the way.

Looking for Feedback

This is an early project, and I'd genuinely appreciate feedback from developers, security engineers, and anyone building AI-powered workflows.

Does this approach solve a real problem?
What integrations would make it more useful?
Where do you see limitations or edge cases?

You can explore the project here:

GitHub: https://github.com/SarveshSonkusre02/nv-protocol

If you find the idea interesting, consider giving it a ⭐, opening an issue, or contributing. I'd love to hear your thoughts and continue improving it with the community.

Top comments (0)