Infisical just released Agent Vault, an open-source tool that stops AI agents from leaking your API keys. The problem it solves is real: when you hand credentials directly to an agent, you're trusting a non-deterministic system that can be tricked via prompt injection into coughing up those secrets. Agent Vault never gives credentials to the agent in the first place. Instead, agents route their HTTP requests through a local proxy, and the proxy injects the right credentials at the network layer before forwarding the request upstream.
The tool works as a single binary or Docker container. It supports Claude Code, Cursor, Codex, and any other agent that speaks HTTP. Setup is straightforward: wrap your agent command with `agent-vault run -- claude` and it handles session scoping, proxy configuration, and certificate trust automatically. For tighter security requirements, there's a container sandbox mode that uses iptables to lock down network egress so the agent physically can't bypass the proxy. Credentials are encrypted at rest with AES-256-GCM, and request logging records method, host, path, and latency but excludes headers and bodies.
The catch: it's a research preview. The creators acknowledge on Hacker News that the API and form factor are unstable and subject to change. Build production infrastructure around it at your own risk. But the underlying pattern is sound. Anthropic's Managed Agents and Browser Use's sandboxed architecture already use similar brokered access models. Agent Vault makes the approach available to everyone instead of requiring each team to build custom plumbing.