Hacker News new | ask | show | jobs
by jvqv 62 days ago
As a precaution I would probably never pass secrets directly to the agent at all. Something like a placeholder format where the actual substitution happens at execution time so the LLM never sees the real value. Keeps things cleaner if something ever goes wrong.
1 comments
devendra116 62 days ago
is there any tool that can do this ?
link
para_parolu 62 days ago
I use mitmproxy outside of agent vm
link
devendra116 62 days ago
interesting, how do you use mitmproxy for calling openAI llm ? or what exactly you use it for ?
link
para_parolu 57 days ago
Mitmproxy it to avoid giving model access to secrets.

My assistant lives in ubuntu vm. When I ask it to “check email” it uses imap with password “xyz” and fetches emails.

But my mail password is actually “abc”. Mitmproxy outside of vm replaces all “xyz” to “abc” for outgoing requests. And reverse for incoming

link