Y
Hacker News
new
|
ask
|
show
|
jobs
by
jossclimb
90 days ago
This sounds like the approach the nono project took: it injects a phantom token, so the sandboxed agent never gets to see the real key, it has a session scoped, time limited dummy key
https://nono.sh/docs/cli/features/credential-injection