[theozero]

You will probably like varlock - it helps get your keys out of plaintext, while giving your agents a schema and additional tools so it can interact with env vars safely. The next step is injecting your keys via proxy, but just varlock is a huge improvement as a first step. Generally provides a ton of quality of live improvements as well, whether working solo or on a team.

[devendra116]

if a agent has the keys in the same process, it can easily extract them

[theozero]

Totally - the only completely safe way is to inject keys in a proxy and keep them out of the process. But getting them totally out of plaintext is a great first step, both to keep it from AI and malicious scripts that are looking for keys.