GoKawiilHTTP credential proxy and vault
An open-source credential broker by Infisical that sits between your agents and the APIs they call.
Agents should not possess credentials. Agent Vault eliminates credential exfiltration risk with brokered access.
New here? The launch blog post has the full story behind Agent Vault.
Documentation | Installation | CLI Reference | Slack
Why Agent Vault
Traditional secrets management relies on returning credentials directly to the caller. This breaks down with AI agents, which are non-deterministic systems vulnerable to prompt injection that can be fooled into leaking its secrets.
Agent Vault takes a different approach: Agent Vault never reveals vault-stored credentials to agents. Instead, agents route HTTP requests through a local proxy that injects the right credentials at the network layer.
Brokered access, not retrieval - Your agent gets a scoped session and a local HTTPS_PROXY . It calls target APIs normally, and Agent Vault injects the right credential at the network layer. Credentials are never returned to the agent.
- Your agent gets a scoped session and a local . It calls target APIs normally, and Agent Vault injects the right credential at the network layer. Credentials are never returned to the agent. Works with any agent - Custom Python/TypeScript agents, sandboxed processes, and coding agents like Claude Code, Cursor, and Codex. Anything that speaks HTTP.
... continue reading