Why would agents need API keys? Isn't the simplest way to write a function they can call that accesses the API key.
I agree adding API keys to the environment variables can be dangerous. An option is to never let agents read environment variables. When they try kill the agent.
Instead of environment variables have a encrypted file or files and a decrypt function. And that decrypt function can only be called by other functions.
Yes, you could write a function call that accesses the API without exposing the key! That's what Janee is basically! Except that instead of writing the function you install the package and load up the credentials - no function writing needed.
You can define multiple services so if you have cloudflare keys, for example, with different permissions you could define cloudflare-read-dns and cloudflare-write-pages or whatever.
Thanks! It works great as a local-only tool if you just ignore the HTTP features :) It doesn't open any ports or make anything available over HTTP by default, its just there if you're running agents in docker and want to centralise secrets
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Why would agents need API keys? Isn't the simplest way to write a function they can call that accesses the API key.
I agree adding API keys to the environment variables can be dangerous. An option is to never let agents read environment variables. When they try kill the agent.
Instead of environment variables have a encrypted file or files and a decrypt function. And that decrypt function can only be called by other functions.
What if there are multiple keys for a service?
Yes, you could write a function call that accesses the API without exposing the key! That's what Janee is basically! Except that instead of writing the function you install the package and load up the credentials - no function writing needed.
You can define multiple services so if you have cloudflare keys, for example, with different permissions you could define cloudflare-read-dns and cloudflare-write-pages or whatever.
While I think it is a nice tool. It does too much for me. It is a secrets manager and an http client. I rather keep concerns separated.
I think it is good to create more security content when it comes to AI, because that seems to be the first thing that got thrown overboard.
Thanks! It works great as a local-only tool if you just ignore the HTTP features :) It doesn't open any ports or make anything available over HTTP by default, its just there if you're running agents in docker and want to centralise secrets