WeSearch

I built a tool to stop AI coding agents from leaking my secrets

·6 min read · 0 reactions · 0 comments · 17 views
#technology#security#software
I built a tool to stop AI coding agents from leaking my secrets
TL;DR · WeSearch summary

Veil is a tool designed to protect sensitive API keys from being accessed by AI coding agents. It moves Bearer API keys from .env files into the operating system's keychain while leaving placeholders behind for the agents to use. This ensures that the agents do not see the actual credentials, filling a gap that previous tools like .gitignore did not address.

Key facts
Original article
GitHub
Read full at GitHub →
Opening excerpt (first ~120 words) tap to expand

.gitignore protected your secrets from git. Veil protects them from AI. Veil moves the Bearer API keys in your .env into your OS keychain, leaves format-preserving placeholders behind, and injects the real values at a local HTTPS proxy so the agent never sees them. One promise, one wire, no daemon. What's in scope. v1 mediates HTTP Authorization: Bearer credentials for the providers listed below, sourced from .env files. HTTP Basic, keyed-crypto schemes (AWS SigV4, GitHub App JWTs, HMAC webhooks), shell environment variables, MCP config files, and non-HTTP protocols are not in scope — Veil leaves them alone. See docs/MVP.md for the full contract. Demo Want to run it yourself? make build && ./scripts/record-demo.sh records this end-to-end against a synthetic .env.

Excerpt limited to ~120 words for fair-use compliance. The full article is at GitHub.

Anonymous · no account needed
Share 𝕏 Facebook Reddit LinkedIn Threads WhatsApp Bluesky Mastodon Email

Discussion

0 comments

More from GitHub