Show HN: AVP – an agent can't leak a secret it never had

wpnews.pro

cd /news/ai-agents/show-hn-avp-an-agent-can-t-leak-a-se… · home › topics › ai-agents › article

[ARTICLE · art-24328] src=github.com pub=2026-06-11T19:10Z topic=ai-agents verified=true sentiment=↑ positive

Show HN: AVP – an agent can't leak a secret it never had

A new open-source tool called AVP prevents AI coding agents from leaking API keys by never giving them access to the real secrets. The tool replaces actual credentials with placeholders in the agent's environment and injects the real values only at the network level when requests are sent upstream. AVP, which initially integrates with Bitwarden as a secret manager, aims to solve the security challenge of running coding agents that require API keys without relying on traditional firewall rules.

read1 min publishedJun 11, 2026

A process can't leak a secret it never had.

Shai-hulud, prompt-injection - you name it. They cannot steal what your agent (or an process) don't have.

I run coding agents (Claude Code, Codex) on my own machines most of the day. Every one of them wants real API keys in env and I was scratching my head for the last few months how to contain it.

The usual answer to this is a firewall. I don't buy it. A firewall tries to contain a secret the process is still holding, and the rules are painful to maintain.

AVP gives the agent a placeholder and injects the real value at the last moment, on the wire: # the agent's env holds only a placeholder STRIPE_API_KEY=avp-placeholder # agent sends: Authorization: Bearer avp-placeholder # AVP forwards upstream: Authorization: Bearer sk_live_...real...

Keep your passwords in your vault where they belong. AVP initially relies on Bitwarden as a secret manager. It's MIT licensed.

Appreciate any feedback.

Comments URL: https://news.ycombinator.com/item?id=48495018

Points: 1

source & further reading

github.com — original article

~/api · this article 200

$curl api.wpnews.pro/v1/news/show-hn-avp-an-agent-can…

Read original on github.com → github.com/inflightsec/agent-vault-proxy

mentioned entities

AVP

Bitwarden

Claude Code

Codex

Shai-hulud

Hacker News

metadata

slugshow-hn-avp-an-agent-can-t-leak-a-secret-it-never-had

topic#ai-agents

secondary4 topics

sentimentpositive

langen

canonicalgithub.com

navigation

← prevDoes it feel like your predictiv…

next →How ERGO Hestia reduced time-to-…

── more in #ai-agents 4 stories · sorted by recency

zdnet.com · 13 Jun · #ai-agents

Visa is handling AI-prompted transactions for OpenAI - but can you trust it?

dev.to · 13 Jun · #ai-agents

KeepAI: a local, open-source API hub that lets AI agents use your apps safely

dev.to · 13 Jun · #ai-agents

Show HN: NeuralBridge - Self-Healing SDK for LLM-Powered AI Agents

dev.to · 13 Jun · #ai-agents

Playwright MCP: cómo dar navegador a un agente de IA sin convertir tus tests en una caja negra

sponsored brought to you by zahid.host 4,200+ EU-deployed projects

reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main

→ Live at https://your-agent.zahid.host ✓

Get free account → Pricing

from €0/mo · no card required