Why environment variables are the problem
The simplest way to give an AI agent credentials is to mount them as environment variables. It works, but anything in that process can read them: the agent, a rogue dependency, or a prompt-injected payload. There is no record of what was called, and rotating a key means editing every environment template.
How a credential gateway fixes it
A local proxy sits between your agents and the outside world. The agent makes a normal API call with a placeholder, and the gateway injects the real credential only as the request leaves the machine.
- The key never enters the agent process.
- Every request is checked against a policy before any secret is read.
- Each credential use produces a verifiable audit event.
Try it in one command
npx skills add agentrhq/authsomePoint your agent at a task and it authenticates through the gateway. See the quickstart for the full setup.
Authsome is provider-side, not framework-side. It manages credentials for the
services your agents call.
Further reading
GitHub token hygiene for AI agents: PATs, fine-grained tokens, GitHub Apps, and OAuth
GitHub offers four ways to authenticate an AI agent and they are not interchangeable. A ranked deep-dive on scope, lifetime, revocation, and audit attribution, with copy-pasteable examples.
Read postMay 28, 2026Secrets managers vs credential brokers for AI agents: Doppler, Vault, Infisical, and where each fits
Doppler, HashiCorp Vault, and Infisical solve storage, rotation, and access control for AI agents, but they still deliver the raw key into the agent process. Here is where each secrets manager stops, where a credential broker starts, and why you want both.
Read postMay 27, 2026Safe API access for LangChain and LlamaIndex agents
LangChain and LlamaIndex agents load API keys from os.environ, where any prompt injection or compromised tool can read them. Two safe patterns to keep real secrets out of the process.
Read postPriyansh