HackerTrans
TopNewTrendsCommentsPastAskShowJobs

dhblumenfeld1

no profile record

Submissions

Show HN: Keypo – Secure Enclave encrypted secrets for AI coding agents

github.com
5 points·by dhblumenfeld1·4 ay önce·1 comments

comments

dhblumenfeld1
·4 ay önce·discuss
Every developer using Claude Code, Codex or Cursor has the same problem: your agent runs your code but it can also read your .env files. API keys, database credentials, anything on disk is visible to the agent.

I built keypo-signer, an open-source CLI that encrypts secrets in a vault backed by your Mac's Secure Enclave. The key command is vault exec: it decrypts secrets via Touch ID, injects them as environment variables into a child process, and the agent gets back stdout and an exit code. It never sees the secret values. They never touch disk, shell history, or the agent's context window.

See it in action: https://youtu.be/rOSyWQ3gw70

It's open source and self-custody: no cloud provider, no accounts to maintain.

There are three vault tiers: open (no auth), passcode and biometric (Touch ID).

Two demos showing what you can build on top of this:

1. Secure Agent Checkout (https://github.com/keypo-us/keypo-cli/tree/main/demo/checkou...): Tell your agent "buy me a hat" and it completes a real Shopify checkout with your actual credit card. Card details live in the biometric vault. The agent calls a wrapper script, Touch ID pops up on your Mac, and a headless browser fills the payment form inside a child process the agent can't inspect. You get an order confirmation email. The agent never sees your card number.

2. Agent Wallet (https://github.com/keypo-us/keypo-cli/tree/main/demo/hermes-...): A hardware wallet for your agent. Uses EIP-7702 smart accounts with the Mac Secure Enclave so your agent can send on-chain transactions but the private key never leaves the hardware. Touch ID gates every signature.

macOS/Apple Silicon only (Secure Enclave is the point). Swift + Rust. brew install keypo-us/tap/keypo-signer

https://github.com/keypo-us/keypo-cli
dhblumenfeld1
·4 ay önce·discuss
This is dope. Love local-first tools. Would be dope to have an iOS/macOS version that I can just buy through the app store (and is hence synced across my devices).
dhblumenfeld1
·4 ay önce·discuss
Increasingly convinced that most AI doomerism is coming from the VC / Startup ecosystem because the industry, or game, they've been playing for the last 20 years is undergoing the most disruption.
dhblumenfeld1
·4 ay önce·discuss
wouldn't signal fall under this category (same entity control the client and server in between) but they have no way of peaking inside any envelopes?
dhblumenfeld1
·4 ay önce·discuss
I recently dealt with something similar with a CDN I used for a project 3 years ago. They kept charging me $0.01/month after I got all of my content off of their servers. Took months to resolve, luckily was pennies so it wasn't a big deal but very frustrating.
dhblumenfeld1
·4 ay önce·discuss
Have you found that using a frontier model for planning and small local model for writing code to be a solid workflow? Been wanting to experiment with relying less on Claude Code/Codex and more on local models.
dhblumenfeld1
·4 ay önce·discuss
this is great. The environment variable control is particularly interesting to me. I've been working on a related problem but different approach: encrypting/decrypting secrets using the Mac's secure enclave (https://github.com/keypo-us/keypo-wallet/tree/main/keypo-sig...). The two approaches seem complementary: Ash controls the perimeter, encrypted vaults protect the values themselves.
dhblumenfeld1
·4 ay önce·discuss
V interesting. Does the passport have history of what the agent has done in the past and if so, how are you able to verify that work? Specifically thinking about agents that may work across different systems.

Might be worth checking this out: https://www.8004.org/ it's more crypto specific but trying to tackle the problem of verifying an agent cross platforms.