authsome run -- python my_agent.py
It launches the child behind a local auth proxy and the proxy intercepts outbound HTTPS and injects Auth headers at request time. the child process never has the secret in its environment, so it can't leak through os.environ, ps -e, or anything that dumps a subprocess env and the agent code doesn't change as well.