|
|
|
|
Show HN: Airlock – container agents should never hold credentials
(github.com)
|
|
2 points
by kalib_tweli
91 days ago
|
|
|
I built Airlock to move policy enforcement for credentialed CLI access out of agent containers and onto the host. In Dockerized agent setups, prompt files, skills, and other in-container controls are not a real boundary. The agent can ignore or rewrite them. Airlock replaces sensitive CLIs in the container with shims that send requests to a host daemon over a Unix socket. The host validates the request against policy and, if allowed, executes the real command there. The goal is to let a containerized agent use tools like git, ssh, aws, terraform, or docker without the container holding the real credentials. It’s not a general sandbox or a complete agent security solution. It solves a narrower problem: host-side enforcement for credentialed CLI access. |
|
|