HackerTrans
トップ新着トレンドコメント過去質問紹介求人

akropp99

no profile record

コメント

akropp99
·5 か月前·議論
Built a solution for this last night: credwrap (https://github.com/akropp/credwrap)

TCP client-server model. Server holds credentials (encrypted at rest with age), injects them into a pre-approved allowlist of commands. Agent calls credwrap gog gmail search ... — server injects the API key and executes, agent never sees the credential.

Features:

Tool allowlist with argument validation Token / IP whitelist / Tailscale auth Full audit logging Works on Linux and macOS Two deployment modes: run as your own user with encryption (simple), or run as a separate system user for full privilege separation (more secure).

Had the thought that this was needed, and then saw this thread, so I figured I'd share.