Comments

Hacker News

Nice. Obviously this is a huge issue many are trying to solve. Providing agents with a keychain is one thing, but how does this solve the issue of using these keys in projects? Does the agent decrypt it and set it in a .env? Is the CLI required to be used in the build process?

by perryraskin

I didn't build Keyhole to solve secret management, there are tools like Doppler for that. It lets the agent handle a secret without having it in context. It can put it where it's needed (e.g. a .env) without ever reading the value.

> Does the agent decrypt it and set it in a .env?

The CLI does it, and the .env can be chmod 600.

> Is the CLI required to be used in the build process?

That's not what I built it for, I'd reach for other tools on the market for that.

by maferland

Join the discussion

Write your take first — we'll ask for email only when you're ready to publish.

  • Hacker News
  • Nice. Obviously this is a huge issue many are trying to solve. Providing agents with a keychain is one thing, but how does this solve the issue of using these keys in projects? Does the agent decrypt it and set it in a .env? Is the CLI required to be used in the build process?
    by perryraskin
  • I didn't build Keyhole to solve secret management, there are tools like Doppler for that. It lets the agent handle a secret without having it in context. It can put it where it's needed (e.g. a .env) without ever reading the value.

    > Does the agent decrypt it and set it in a .env?

    The CLI does it, and the .env can be chmod 600.

    > Is the CLI required to be used in the build process?

    That's not what I built it for, I'd reach for other tools on the market for that.

    by maferland

Related stories