DealForge autonomously sources, scores, and writes investment memos on venture deals. Stop manually hunting.

1,180+ deals tracked  ·  22 AI investment memos  ·  Updated daily

← Back to leaderboard

Agent Vault

Show HN: Agent Vault – Open-source credential proxy and vault for agents

82 AI Score
Show_hn other Added Apr 23, 2026

Details

Sector
other
Total Funding
$0
Last Round
$0

About

Hey HN! Today we&#x27;re launching Agent Vault - an open source HTTP credential proxy and vault for AI agents. Repo is at <a href="https:&#x2F;&#x2F;github.com&#x2F;Infisical&#x2F;agent-vault" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;Infisical&#x2F;agent-vault</a>, and there&#x27;s an in-depth description at <a href="https:&#x2F;&#x2F;infisical.com&#x2F;blog&#x2F;agent-vault-the-open-source-credential-proxy-and-vault-for-agents">https:&#x2F;&#x2F;infisical.com&#x2F;blog&#x2F;agent-vault-the-open-source-crede...</a>.<p>We built Agent Vault in response to a question that been plaguing the industry: How do we give agents secure access to services without them reading any secrets?<p>Most teams building agents have run into this exact problem: They build an agent or agentic system and come to realize at some point that it needs credentials in order to access any services. The issue is that agents, unlike traditional workloads, are non-deterministic, highly-prone to prompt injection, and thus can easily be manipulated to leaking the credentials that they need to operate. This is the problem of credential exfiltration (not to be confused with data exfiltration).<p>In response to this, some teams we&#x27;ve seen have implemented basic guardrails and security controls to mitigate this risk in their agentic environments including using short-lived access tokens. The more advanced teams have started to converge toward a pattern: credential brokering, the idea being to separate agents from their credentials through some form of egress proxy. In this model, the agent makes a request to a proxy that attaches a credential onto it and brokers it through to the target service. This proxy approach is actually used in Anthropic&#x27;s Managed Agents architecture blog with it being that &quot;the harness is never made aware of the credentials.&quot; We&#x27;ve seen similar credential brokering schemes come out from Vercel and in Cloudflare&#x27;s latest Outbound Workers.<p>Seeing all this made us think: What if we could create a portable credential brokering service plugged seamlessly into agents&#x27; existing workflows in an interface agnostic way, meaning that agents could continue to work with APIs, CLIs, SDKs, MCPs without interference and get the security of credential brokering.<p>This led to Agent Vault - an open source HTTP credential proxy and vault that we&#x27;re building for AI agents. You can deploy this as a dedicated service and set up your agent&#x27;s environment to proxy requests through it. Note that in a full deployment, you do need to lock down the network so that all outbound traffic is forced through Agent Vault<p>The Agent Vault (AV) implementation has a few interesting design decisions:<p>- Local Forward Proxy: AV chooses an interface agnostic approach to credential brokering by following a MITM architecture using HTTPS_PROXY as an environment variable set in the agent&#x27;s environment to redirect traffic through it; this also means that it runs its own CA whose certificate must be configured on the client&#x27;s trust store.<p>- MITM architecture: Since AV terminates TLS in order to do credential brokering its able to inspect traffic and apply rules to it before establishing a new TLS connection upstream. This makes it a great to be able to extend AV to incorporate firewall-like features to be applied at this proxy layer.<p>- Portable: AV itself is a single Go binary that bundles a server and the CLI; it can be deployed as a Docker container as well. In practice, this means that you can self-host AV on your own infrastructure and it should work more universally than provider specific approaches like that of Vercel and Cloudflare.<p>While the preliminary design of Agent Vault is a bit clunky to work with and we’d wished to have more time to smoothen the developer experience around it, particularly around the configuration setup for agents to start proxying requests through it, we figured it would be best to open source the technology and work with the community to make gradual improvements for it to work seamlessly across all agentic use cases since each has its own nuances.<p>All in all, we believe credential brokering is the right next step for how secrets management should be done for agents and would love to hear your views, questions, feedback!

AI Score Reasoning

Agent Vault addresses a critical security bottleneck for the enterprise adoption of AI agents: the risk of credential exfiltration via prompt injection. Developed by the experienced Infisical team, the tool leverages a provider-agnostic approach that differentiates it from platform-locked solutions, though it faces technical friction and competition from native LLM provider features.

Investment Memo

## Executive Summary Agent Vault (AV) is an open-source credential proxy designed to prevent "credential exfiltration" in AI agents by decoupling secrets from the agentic runtime. By utilizing a Man-in-the-Middle (MITM) architecture, it allows non-deterministic agents to interact with third-party services without ever possessing the underlying API keys. This is a critical security primitive for the "Agentic Economy," and we view it as a high-potential infrastructure play by an established team in the secrets management space. ## Founder / Team Assessment The project is developed by the Infisical team, a high-growth startup already established in the secrets management vertical. They possess deep domain expertise in security infrastructure and a proven track record of building developer-centric open-source tools. The primary team risk is focus—ensuring Agent Vault receives the dedicated resources necessary to compete with platform-native solutions while Infisical scales its core vault product. ## Market Analysis The market for AI Agent Infrastructure is expanding rapidly as enterprises move from "Chat" to "Action." However, security remains the primary bottleneck for production deployment; prompt injection attacks that leak credentials represent a catastrophic risk. Agent Vault sits at the intersection of the $200B+ Cybersecurity market and the nascent AI Orchestration layer. The timing is optimal as the industry converges on "credential brokering" as the standard for secure agentic workflows. ## Product / Traction Agent Vault differentiates itself through a provider-agnostic, portable Go binary that can be self-hosted or containerized. Unlike Vercel or Cloudflare’s proprietary solutions, AV works across any environment (on-prem, multi-cloud). * **Traction:** Strong initial developer signal with multiple high-scoring "Show HN" threads (110+ points) and immediate community engagement. * **Moat:** The MITM architecture allows AV to act as a "Firewall for Agents," inspecting traffic and applying rules beyond simple credential injection, creating a potential "sticky" security layer. ## Competitive Landscape * **Cloud Incumbents:** Cloudflare (Outbound Workers) and Vercel are building similar brokering schemes but lock users into their respective ecosystems. * **LLM Providers:** Anthropic (Managed Agents) and OpenAI are increasingly building "harnesses" that manage credentials natively. * **Differentiator:** Agent Vault’s open-source, interface-agnostic approach (supporting APIs, CLIs, and SDKs via `HTTPS_PROXY`) appeals to enterprise security teams who demand control over their own CA (Certificate Authority) and data residency. ## Investment Thesis **Bull Case:** 1. **Critical Bottleneck:** Security is the #1 hurdle for enterprise AI adoption; AV solves the most dangerous failure mode (credential theft). 2. **Platform Agnosticism:** As agents become multi-cloud, a portable proxy that isn't tied to a specific LLM provider or hosting platform will become the preferred enterprise standard. 3. **Team Pedigree:** Infisical has already demonstrated the ability to win developer mindshare in the crowded secrets management space. **Bear Case:** 1. **Implementation Friction:** The MITM/CA configuration is "clunky" and creates significant developer friction compared to native provider features. 2. **Vertical Integration:** If OpenAI/Anthropic standardize credential management within their own APIs, the need for a third-party proxy diminishes for 80% of use cases. 3. **Monetization Path:** As an open-source proxy, the path to high-margin recurring revenue is less clear than a centralized vault or platform. ## Recommended Action **Conduct Deeper Diligence.** We need to validate the technical friction of the MITM setup with enterprise DevOps teams and assess whether this will be integrated into Infisical’s core enterprise offering or remain a standalone utility.

Source

Show_hn — View original →