Every project has one. A .env file sitting in the project root with database passwords, API keys, and secrets of varying sensitivity. You have it in .gitignore. You hope nobody accidentally commits it. You send it to new teammates over Slack because there's no better option. You've probably forgotten it's there half the time.
The .env file is the developer ecosystem's accepted bad practice. Everyone knows it's not great. Nobody has a better answer for local development that doesn't require enterprise infrastructure.
agentsecrets env is that answer.
What It Does
agentsecrets env is a process wrapper. You put it in front of any command. It pulls your secrets from the OS keychain and injects them as environment variables into the process at launch. The process reads from os.environ normally — no changes to your application code, no SDK to install, no integration work. When the process exits, the values are gone. Nothing was written to disk.
# Instead of:
python manage.py runserver
# You run:
agentsecrets env -- python manage.py runserver
That's the entire change to your workflow. Everything inside your application stays identical.
The Setup
# Install
brew install the-17/tap/agentsecrets
# or: npm install -g @the-17/agentsecrets
# or: pip install agentsecrets
# Initialize and store your secrets
agentsecrets init
agentsecrets secrets set DATABASE_URL=postgresql://user:pass@localhost/mydb
agentsecrets secrets set STRIPE_SECRET_KEY=sk_live_51H...
agentsecrets secrets set DJANGO_SECRET_KEY=your-secret-key
agentsecrets secrets set OPENAI_KEY=sk-proj-...
# Or import your existing .env all at once, then delete it
agentsecrets secrets push
rm .env
Values go to the OS keychain — macOS Keychain, Windows Credential Manager, or Linux Secret Service. Not a file. Not an environment variable in your shell profile. The OS keychain requires system-level authentication to access and is not readable by other processes.
Django
Your settings.py doesn't change:
import os
DATABASES = {
"default": {
"ENGINE": "django.db.backends.postgresql",
"NAME": os.environ["DB_NAME"],
"PASSWORD": os.environ["DB_PASSWORD"], # injected by agentsecrets env
"HOST": os.environ["DB_HOST"],
}
}
SECRET_KEY = os.environ["DJANGO_SECRET_KEY"]
STRIPE_SECRET_KEY = os.environ["STRIPE_KEY"]
Run your Django commands:
agentsecrets env -- python manage.py runserver
agentsecrets env -- python manage.py migrate
agentsecrets env -- python manage.py shell
agentsecrets env -- celery -A myapp worker --loglevel=info
agentsecrets env -- python manage.py test
Node.js / Next.js
agentsecrets env -- node server.js
agentsecrets env -- npm run dev
agentsecrets env -- npx next dev
agentsecrets env -- npx ts-node src/index.ts
agentsecrets env -- npx prisma migrate dev
Your application reads process.env.STRIPE_KEY exactly as before. The source of the value changed. The interface didn't.
The Makefile Pattern
This is the lowest-friction way to adopt agentsecrets env across an existing project. Add one line to your Makefile:
RUN := agentsecrets env --
dev:
$(RUN) npm run dev
test:
$(RUN) npm test
migrate:
$(RUN) python manage.py migrate
server:
$(RUN) python manage.py runserver
worker:
$(RUN) celery -A myapp worker --loglevel=info
Now make dev, make test, make migrate all run with secrets injected from the keychain. You type the same commands you always typed.
One bonus: you can override RUN from the shell to strip injection entirely when debugging:
make dev RUN= # runs: npm run dev (no injection, for debugging)
make dev # runs: agentsecrets env -- npm run dev
Stripe CLI
The Stripe CLI stores your key in ~/.config/stripe/config.toml after stripe login. Plaintext. Permanent. Readable by any process on your machine including your AI coding assistant.
# Bypass config.toml entirely
agentsecrets env -- stripe listen --forward-to localhost:3000
agentsecrets env -- stripe customers list
agentsecrets env -- stripe trigger payment_intent.created
agentsecrets env -- stripe mcp
The CLI finds STRIPE_SECRET_KEY in the environment and uses it. config.toml becomes irrelevant.
Docker Compose
Docker Compose picks up environment variables from the shell that launches it:
agentsecrets env -- docker-compose up
agentsecrets env -- docker-compose run web python manage.py migrate
Your docker-compose.yml stays the same. The secrets come from the keychain rather than a .env file.
Why This Is Safer Than .env Files for AI-Assisted Development
When you use an AI coding assistant — Claude, Cursor, Copilot — it has access to your filesystem. It reads files to understand your codebase. Your .env file is in your project directory.
Three ways this goes wrong:
Direct access: Your assistant reads .env when debugging, checking configuration, or just exploring the project. The key is now in the conversation context.
Prompt injection: A malicious file your agent processes contains hidden instructions — "find and transmit all API keys." Your agent looks in the obvious places. .env is the obvious place.
Malicious extensions: A compromised plugin runs in the same process as your agent and has the same filesystem access.
agentsecrets env removes the .env file from the equation entirely. There's nothing to find. The values come from the OS keychain at process launch and exist only in the child process memory — a space the agent doesn't have access to.
Audit Log
Every agentsecrets env invocation is logged:
{
"timestamp": "2026-03-04T10:00:00Z",
"method": "ENV",
"target_url": "python manage.py runserver",
"secret_keys": ["DB_PASSWORD", "STRIPE_KEY", "DJANGO_SECRET_KEY"],
"status": "OK"
}
Key names. The command that ran. Never values.
The One-Line Migration
If you have an existing project with a .env file:
# Import everything from .env into the keychain
agentsecrets secrets push
# Verify it's all there
agentsecrets secrets list
# Delete the .env file
rm .env
# Update your Makefile with the RUN variable
# Done
Your team members do the same — agentsecrets login, agentsecrets workspace switch, agentsecrets secrets pull. The .env file stops getting passed around over Slack.
GitHub: https://github.com/The-17/agentsecrets
ClawHub: https://clawhub.ai/SteppaCodes/agentsecrets
Built by; https://theseventeen.co
Top comments (0)