|
|
|
|
|
|
by ivannovazzi
114 days ago
|
|
|
This is a real gap. I've seen teams adopt Claude Code and immediately start pasting API keys into .env files that the agent can read — zero access control, zero audit trail. We built KeyEnv (keyenv.dev) to handle this: secrets are encrypted at rest, pulled via CLI, and injected at runtime. The agent gets the env vars it needs without ever seeing the raw secret values stored anywhere on disk. The approach works well with AI coding tools because: (1) no secrets in any file the agent can read/commit, (2) rotation happens server-side without touching the dev environment, (3) audit trail shows exactly which secrets were accessed and when. |
|
|