Show HN: AVP – an agent can't leak a secret it never had

A new open-source tool called AVP prevents AI coding agents from leaking API keys by never giving them access to the real secrets. The tool replaces actual credentials with placeholders in the agent's environment and injects the real values only at the network level when requests are sent upstream. AVP, which initially integrates with Bitwarden as a secret manager, aims to solve the security challenge of running coding agents that require API keys without relying on traditional firewall rules.

A process can't leak a secret it never had. Shai-hulud, prompt-injection - you name it. They cannot steal what your agent or an process don't have. I run coding agents Claude Code, Codex on my own machines most of the day. Every one of them wants real API keys in env and I was scratching my head for the last few months how to contain it. The usual answer to this is a firewall. I don't buy it. A firewall tries to contain a secret the process is still holding, and the rules are painful to maintain. AVP gives the agent a placeholder and injects the real value at the last moment, on the wire: the agent's env holds only a placeholder STRIPE API KEY=avp-placeholder agent sends: Authorization: Bearer avp-placeholder AVP forwards upstream: Authorization: Bearer sk live ...real... Keep your passwords in your vault where they belong. AVP initially relies on Bitwarden as a secret manager. It's MIT licensed. Appreciate any feedback. Comments URL: https://news.ycombinator.com/item?id=48495018 https://news.ycombinator.com/item?id=48495018 Points: 1 Comments: 0