Infisical

Infisical/agent-vault

Go No license Security License not recognized by GitHub

A HTTP credential proxy and vault for AI agents like Claude Code, OpenClaw, Hermes, custom agents + harnesses, and more.

1.9k stars
105 forks
active
GitHub +66 / week

1.9k

Stars

105

Forks

45

Open issues

15

Contributors

v0.39.0 24 Jun 2026

AI Analysis

Agent Vault is an open-source HTTP credential proxy and vault designed to prevent credential exfiltration from AI agents through prompt injection attacks. It brokers access to external APIs (LLMs, GitHub, etc.) by intercepting requests and injecting credentials transparently, eliminating the need for agents to hold real credentials directly. This tool is specialized for AI agent operators and security-conscious teams deploying autonomous agents; it is not a general-purpose secrets manager and...

Security Security Tool Discovery value: 6/10
Documentation 8/10
Activity 9/10
Community 7/10
Code quality 5/10

Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.

Overall score 7/10

AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.

ai-agents credential-management security proxy agent-orchestration
Actively maintained Well documented Niche/specialized use case Production ready
Deep Analysis · Based on README and public signals
3w ago

Infisical launches HTTP credential proxy to keep secrets out of AI agent memory

Agent Vault is an open-source HTTP MITM proxy that brokers credentials to AI agents without ever exposing those credentials directly to the agent process. It intercepts outbound requests and injects real API keys in place of dummy placeholders, addressing the prompt-injection credential-exfiltration problem specific to LLM-based agents. Built by Infisical — a known secrets management company with an established open-source track record — it targets teams running coding agents (Claude Code, etc.) or custom agent harnesses in semi-trusted or remote environments where an agent being jailbroken could otherwise leak production secrets.

Origin

Created in late March 2026 by Infisical, which already maintains a 27k-star secrets platform. Agent Vault appears to be a direct product response to the rapid proliferation of autonomous AI coding and task agents in 2025–2026 and the credential-exfiltration threat they introduced.

Growth

Reached ~1,694 stars in under three months, driven primarily by Infisical's existing audience, a launch blog post, and organic concern in the AI-agent security space. The 35 stars/week pace suggests steady but not viral growth — consistent with a tool that solves a real but still-emerging problem recognized mainly by security-conscious engineering teams.

In production

Adoption not verified from public evidence beyond star count. The Infisical Slack community likely contains early adopters, and the tool is purpose-built around real agent platforms (Claude Code, etc.), but no documented production deployments or case studies are publicly available as of this analysis.

Code analysis
Architecture

Appears to implement a MITM forward proxy in Go that bootstraps agent environments via HTTPS_PROXY, intercepts TLS traffic, substitutes credential placeholders, and forwards requests to target APIs. Likely ships as a single binary with both server and CLI client modes. Pluggable credential store design suggests an interface/adapter pattern, with Infisical as a first-class backend. Multi-tenancy and token-based sandbox access are mentioned, implying some form of lightweight auth layer.

Tests

Not documented in README.

Maintenance

Last push was 2026-06-19 — the current date — indicating active, ongoing development. The project is under three months old but has dedicated documentation site, video demo, Slack channel, and a structured README, suggesting Infisical is treating this as a maintained product rather than an experiment. Backed by a funded company, which reduces abandonment risk.

Honest verdict

ADOPT IF: you are running AI coding agents or task agents in environments where prompt injection is a realistic threat and you need to prevent credential exfiltration without rewriting agent code. AVOID IF: your agents run in fully air-gapped or already tightly sandboxed environments where credential exposure is not a realistic attack vector, or if you need a mature, battle-tested tool with documented production deployments. MONITOR IF: you are building agent infrastructure and want to track whether this becomes a standard security layer before committing to it.

Independent dimensions

Mainstream potential

6/10

Technical importance

8/10

Adoption evidence

2/10

Risks
  • Project is under three months old with no publicly verified production deployments — maturity and edge-case handling are unproven.
  • MITM architecture introduces a single point of failure: if Agent Vault goes down, all agent API calls fail. High-availability deployment patterns are not documented in the README.
  • TLS interception can conflict with certificate pinning in some SDKs or APIs, potentially causing hard-to-debug failures in specific agent toolchains.
  • Reliance on Infisical as the primary commercial backer means roadmap may prioritize Infisical platform integration over standalone use cases over time.
  • The threat model (prompt injection leading to credential exfiltration) is real but still underappreciated by many teams — adoption may grow slowly until a high-profile incident drives urgency.
Prediction

Likely to become a standard reference architecture for AI agent credential isolation if the Infisical team sustains investment. May consolidate into the broader Infisical platform offering rather than remaining fully independent.

0 found this helpful

Newsletter

Get analyses like this every Monday

Free weekly digest of the most interesting open-source discoveries.

Languages

Go
77.4%
TypeScript
21.2%
HTML
0.6%
Shell
0.5%
CSS
0.1%
Dockerfile
0.1%
Makefile
0.1%

Information

Language
Go
License
NOASSERTION
Last updated
5d ago
Created
3mo ago
Analyzed with
anthropic/claude-haiku-4-5

Stars over time

Loading…

Contributors over time

Top 100 contributors only — repos with more will plateau at 100.

Loading…

Similar repos

tophant-ai

tophant-ai/ClawVault

ClawVault is a security vault system designed to protect AI agents and...

1.2k Python Security
onecli

onecli/onecli

OneCLI is an open-source credential gateway that acts as a proxy between AI...

2.5k TypeScript Security
hashicorp

hashicorp/vault

Vault is HashiCorp's centralized secrets management and encryption platform,...

35.9k Go Security
bank-vaults

bank-vaults/bank-vaults

Bank-Vaults is a CNCF Sandbox project providing tools for cloud-native secret...

2.3k Go DevOps
breferrari

breferrari/obsidian-mind

Obsidian Mind is a specialized vault system that provides persistent memory for...

3.3k TypeScript Dev Tools
vs. alternatives
HashiCorp Vault

Vault manages secrets centrally but returns them to the calling process — exactly the pattern Agent Vault is designed to prevent. They are complementary: Vault can serve as a credential backend while Agent Vault handles the proxy layer. Not direct competitors.

99designs/aws-vault

aws-vault brokers AWS credentials to subprocesses via environment injection, a conceptually similar pattern but scoped to AWS CLI. Agent Vault generalizes the concept to arbitrary HTTP APIs and LLM agent toolchains.

mitmproxy

mitmproxy is a general-purpose MITM tool that could theoretically do this, but requires custom scripting and lacks agent-specific ergonomics. Agent Vault is a purpose-built, opinionated layer on top of the same idea.

Infisical/infisical

The parent project — a secrets platform. Agent Vault integrates with it as a pluggable backend but solves a distinct problem: brokering rather than distributing secrets. Positioning them together strengthens the Infisical platform story.

superagent-ai/superagent

Superagent is an agent orchestration framework, not a credential security layer. Different problem space; not a direct competitor, though both operate in the AI agent infrastructure category.