A HTTP credential proxy and vault for AI agents like Claude Code, OpenClaw, Hermes, custom agents + harnesses, and more.
1.9k
Stars
105
Forks
45
Open issues
15
Contributors
AI Analysis
Agent Vault is an open-source HTTP credential proxy and vault designed to prevent credential exfiltration from AI agents through prompt injection attacks. It brokers access to external APIs (LLMs, GitHub, etc.) by intercepting requests and injecting credentials transparently, eliminating the need for agents to hold real credentials directly. This tool is specialized for AI agent operators and security-conscious teams deploying autonomous agents; it is not a general-purpose secrets manager and...
Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.
AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.
Infisical launches HTTP credential proxy to keep secrets out of AI agent memory
Agent Vault is an open-source HTTP MITM proxy that brokers credentials to AI agents without ever exposing those credentials directly to the agent process. It intercepts outbound requests and injects real API keys in place of dummy placeholders, addressing the prompt-injection credential-exfiltration problem specific to LLM-based agents. Built by Infisical — a known secrets management company with an established open-source track record — it targets teams running coding agents (Claude Code, etc.) or custom agent harnesses in semi-trusted or remote environments where an agent being jailbroken could otherwise leak production secrets.
Created in late March 2026 by Infisical, which already maintains a 27k-star secrets platform. Agent Vault appears to be a direct product response to the rapid proliferation of autonomous AI coding and task agents in 2025–2026 and the credential-exfiltration threat they introduced.
Reached ~1,694 stars in under three months, driven primarily by Infisical's existing audience, a launch blog post, and organic concern in the AI-agent security space. The 35 stars/week pace suggests steady but not viral growth — consistent with a tool that solves a real but still-emerging problem recognized mainly by security-conscious engineering teams.
Adoption not verified from public evidence beyond star count. The Infisical Slack community likely contains early adopters, and the tool is purpose-built around real agent platforms (Claude Code, etc.), but no documented production deployments or case studies are publicly available as of this analysis.
Appears to implement a MITM forward proxy in Go that bootstraps agent environments via HTTPS_PROXY, intercepts TLS traffic, substitutes credential placeholders, and forwards requests to target APIs. Likely ships as a single binary with both server and CLI client modes. Pluggable credential store design suggests an interface/adapter pattern, with Infisical as a first-class backend. Multi-tenancy and token-based sandbox access are mentioned, implying some form of lightweight auth layer.
Not documented in README.
Last push was 2026-06-19 — the current date — indicating active, ongoing development. The project is under three months old but has dedicated documentation site, video demo, Slack channel, and a structured README, suggesting Infisical is treating this as a maintained product rather than an experiment. Backed by a funded company, which reduces abandonment risk.
ADOPT IF: you are running AI coding agents or task agents in environments where prompt injection is a realistic threat and you need to prevent credential exfiltration without rewriting agent code. AVOID IF: your agents run in fully air-gapped or already tightly sandboxed environments where credential exposure is not a realistic attack vector, or if you need a mature, battle-tested tool with documented production deployments. MONITOR IF: you are building agent infrastructure and want to track whether this becomes a standard security layer before committing to it.
Independent dimensions
Mainstream potential
6/10
Technical importance
8/10
Adoption evidence
2/10
- Project is under three months old with no publicly verified production deployments — maturity and edge-case handling are unproven.
- MITM architecture introduces a single point of failure: if Agent Vault goes down, all agent API calls fail. High-availability deployment patterns are not documented in the README.
- TLS interception can conflict with certificate pinning in some SDKs or APIs, potentially causing hard-to-debug failures in specific agent toolchains.
- Reliance on Infisical as the primary commercial backer means roadmap may prioritize Infisical platform integration over standalone use cases over time.
- The threat model (prompt injection leading to credential exfiltration) is real but still underappreciated by many teams — adoption may grow slowly until a high-profile incident drives urgency.
Likely to become a standard reference architecture for AI agent credential isolation if the Infisical team sustains investment. May consolidate into the broader Infisical platform offering rather than remaining fully independent.
Newsletter
Get analyses like this every Monday
Free weekly digest of the most interesting open-source discoveries.
Languages
Information
- Website
- https://docs.agent-vault.dev
- Language
- Go
- License
- NOASSERTION
- Last updated
- 5d ago
- Created
- 3mo ago
- Analyzed with
- anthropic/claude-haiku-4-5
Stars over time
Contributors over time
Top 100 contributors only — repos with more will plateau at 100.
Open issues
Top contributors
Similar repos
bank-vaults/bank-vaults
Bank-Vaults is a CNCF Sandbox project providing tools for cloud-native secret...
| Repository | Stars | Week Δ | Language | Score | Updated |
|---|---|---|---|---|---|
|
|
1.9k | +66 | Go | 7/10 | 5d ago |
|
|
1.2k | — | Python | 7/10 | 3w ago |
|
|
2.5k | — | TypeScript | 8/10 | 3d ago |
|
|
35.9k | — | Go | 9/10 | 12h ago |
|
|
2.3k | — | Go | 8/10 | 5d ago |
|
|
3.3k | — | TypeScript | 7/10 | 1mo ago |
Vault manages secrets centrally but returns them to the calling process — exactly the pattern Agent Vault is designed to prevent. They are complementary: Vault can serve as a credential backend while Agent Vault handles the proxy layer. Not direct competitors.
aws-vault brokers AWS credentials to subprocesses via environment injection, a conceptually similar pattern but scoped to AWS CLI. Agent Vault generalizes the concept to arbitrary HTTP APIs and LLM agent toolchains.
mitmproxy is a general-purpose MITM tool that could theoretically do this, but requires custom scripting and lacks agent-specific ergonomics. Agent Vault is a purpose-built, opinionated layer on top of the same idea.
The parent project — a secrets platform. Agent Vault integrates with it as a pluggable backend but solves a distinct problem: brokering rather than distributing secrets. Positioning them together strengthens the Infisical platform story.
Superagent is an agent orchestration framework, not a credential security layer. Different problem space; not a direct competitor, though both operate in the AI agent infrastructure category.