Do you trust AI agents with API keys / private keys?
are you ok sharing secrets or api keys to you ai agent via .env?
or is there any other tool or mechanism that one use to safegaurd from potential exploit or leaks
nope. too dangerous - i'm personally working for an agent project and i know from personal experience they do collect your session log - especially in china lol. one approach i use for my own agent is that to use keyring to store all secrets. agent will call a tool to request for it, and it will be something like . the substitution happens at tool execution time so the llm never sees or logs the actual value.
As a precaution I would probably never pass secrets directly to the agent at all. Something like a placeholder format where the actual substitution happens at execution time so the LLM never sees the real value. Keeps things cleaner if something ever goes wrong.
I wanted to ask almost this question, then saw that it is on #1 right now.
My use case is ssh. I would like to stick my private key into a local Docker container, have a ssh-identical cli that reverse proxies into the container, and have some rules about what ssh commands the container may proxy or not.
Does anyone know of something like this?
Like everything else. You don't share you private, personal data, credit card numbers with the rest of the world, just like that. ;)
i am okay, i trust that they have great guards to prevent leak any api