Ask HN: Best practice securing secrets on local machines working with agents?

When building with autonomous / semi-autonomous agents, they often need broad local access: env vars, files, CLIs, browsers, API keys, etc. This makes the usual assumption — “the local machine is safe and untampered” — feel shaky.

We already use password managers, OAuth, scoped keys, and sandboxing, but agents introduce new risks: prompt injection, tool misuse, unexpected action chains, and secrets leaking via logs or model context. Giving agents enough permission to be useful seems at odds with least-privilege.

I haven’t seen much discussion on this. How are people thinking about secret management and trust boundaries on dev machines in the agent era? What patterns actually work in practice?

7 points | by xinbenlv 9 hours ago

4 comments

  • algebra-pretext 1 hour ago
    I’m not too familiar with the space, but a friend of mine works at Descope[0] where they offer IAM solutions for agents.

    [0] https://www.descope.com/

    [-]
    • xinbenlv 1 hour ago
      is the permission device+client based or role based?
  • CriptoSeguro25 1 hour ago
    TBH, the best pattern I've seen is just nuking the secrets at the input level. Run a local regex watcher in-memory that flags anything looking like a PK or seed phrase before it even hits the agent's context window. Keeps it off the network stack entirely
    [-]
    • xinbenlv 1 hour ago
      Any prompt injection attack could by pass this by simply do a base64 or any encoding, I guess?
      [-]
      • CriptoSeguro25 43 minutes ago
        You ar absolutely right. Obfuscation like Base64 or rot13 will always beat static Regex. I was thinking more in terms of a seatbelt for accidental leaks user error rather than a defense against adversarial prompt injection. It's about reducing the blast radius of clumsy mistakes, not stopping a determined attacker.
  • deflator 1 hour ago
    I've been having success using Doppler for secret storage. Takes it off the filesystem.
    [-]
    • xinbenlv 1 hour ago
      My question is not about on or off storage, is more about when you give agent access, it assume the environment agent runs is safe
  • nojs 1 hour ago
    Run the agent in a sandbox without access to production secrets.
    [-]
    • xinbenlv 1 hour ago
      What if you simply need to give them access. E.g if you want them to do code review you have to at least give them code repo read access. But you don't know if the environment where agent runs will be compromised