{"slug": "show-hn-avp-an-agent-can-t-leak-a-secret-it-never-had", "title": "Show HN: AVP – an agent can't leak a secret it never had", "summary": "A new open-source tool called AVP prevents AI coding agents from leaking API keys by never giving them access to the real secrets. The tool replaces actual credentials with placeholders in the agent's environment and injects the real values only at the network level when requests are sent upstream. AVP, which initially integrates with Bitwarden as a secret manager, aims to solve the security challenge of running coding agents that require API keys without relying on traditional firewall rules.", "body_md": "A process can't leak a secret it never had.\n\nShai-hulud, prompt-injection - you name it. They cannot steal what your agent (or an process) don't have.\n\nI run coding agents (Claude Code, Codex) on my own machines most of the day. Every one of them wants real API keys in env and I was scratching my head for the last few months how to contain it.\n\nThe usual answer to this is a firewall. I don't buy it. A firewall tries to contain a secret the process is still holding, and the rules are painful to maintain.\n\nAVP gives the agent a placeholder and injects the real value at the last moment, on the wire: ``` # the agent's env holds only a placeholder STRIPE_API_KEY=avp-placeholder # agent sends: Authorization: Bearer avp-placeholder # AVP forwards upstream: Authorization: Bearer sk_live_...real... ```\n\nKeep your passwords in your vault where they belong. AVP initially relies on Bitwarden as a secret manager. It's MIT licensed.\n\nAppreciate any feedback.\n\nComments URL: [https://news.ycombinator.com/item?id=48495018](https://news.ycombinator.com/item?id=48495018)\n\nPoints: 1\n\n# Comments: 0", "url": "https://wpnews.pro/news/show-hn-avp-an-agent-can-t-leak-a-secret-it-never-had", "canonical_source": "https://github.com/inflightsec/agent-vault-proxy", "published_at": "2026-06-11 19:10:08+00:00", "updated_at": "2026-06-11 19:24:25.749919+00:00", "lang": "en", "topics": ["ai-agents", "ai-safety", "ai-tools", "ai-infrastructure", "ai-products"], "entities": ["AVP", "Bitwarden", "Claude Code", "Codex", "Shai-hulud", "Hacker News"], "alternates": {"html": "https://wpnews.pro/news/show-hn-avp-an-agent-can-t-leak-a-secret-it-never-had", "markdown": "https://wpnews.pro/news/show-hn-avp-an-agent-can-t-leak-a-secret-it-never-had.md", "text": "https://wpnews.pro/news/show-hn-avp-an-agent-can-t-leak-a-secret-it-never-had.txt", "jsonld": "https://wpnews.pro/news/show-hn-avp-an-agent-can-t-leak-a-secret-it-never-had.jsonld"}}