At a glance
| Authsome | Hardcoded .env | SaaS secrets manager (Vault, Doppler, 1Password) | DIY auth code | |
|---|---|---|---|---|
| Automatic OAuth2 refresh | Yes | No | No (stores values, doesn’t run flows) | Build it |
| Built-in OAuth2 + API-key flows | Yes | No | No | Build it |
| Headless agent runtime | Yes | Yes | Yes | Varies |
| Local, no SaaS dependency | Yes | Yes | No | Yes |
| Built-in providers, zero config | Yes (see bundled providers list) | None | None | None |
| Multi-account per provider | Yes | No (one env per key) | Sometimes | Build it |
| Encrypted at rest | Yes (AES-256-GCM) | No (plaintext file) | Yes | Varies |
| Secrets out of child env | Yes (proxy injection) | No | No | Build it |
| Per-account scoping (vaults) | Yes | No | Per-tenant | Build it |
| Auditable action log | Yes (SQLite DB) | No | Yes | Build it |
Hardcoded environment tokens (.env, shell exports)
The default state for most projects: a .env file or shell config with OPENAI_API_KEY=... lines.
Where it wins. Zero infrastructure. Works everywhere. No new mental model.
Where it loses.
- Tokens are plaintext on disk, in shell history, in
ps, in/proc/<pid>/environ, in subprocess env inheritance. - OAuth refresh tokens require manual handling: build a refresh loop or accept periodic re-authentication.
- One key per project leads to credential sprawl as the number of services grows.
- Rotation is manual. Compromise blast radius is unbounded because the token has no expiry and nothing watches it.
SaaS secrets managers (HashiCorp Vault, Doppler, 1Password Secrets Automation, AWS Secrets Manager)
Centralized secret storage in a cloud (or self-hosted) service. Pull secrets at runtime by name. Where they win. Centralized rotation, role-based access control, audit trails, hardware-backed key management on the enterprise tier, integration with CI/CD platforms. Where they lose for agent workflows.- They store values; they don’t run OAuth flows. You still have to do the OAuth dance yourself, then put the resulting tokens in the manager. Refresh is your problem.
- Each agent needs network access to the manager. Local-first is not the design.
- Latency hits every agent invocation. Authsome’s vault is on the same disk.
- License cost grows with team size. Authsome is free.
- The trust boundary is the manager’s network. If the agent runs on a laptop and the manager is in your cloud, that’s a network hop with all the failure modes.
OS keychains (Keychain, libsecret, Credential Manager)
The macOS, Linux, and Windows keychains. Store secrets in the OS, retrieve programmatically. Where they win. Native, well-trusted, hardware-backed on modern OSes. Where they lose.- No OAuth flow runner. They store strings.
- No provider model. Every consumer rolls its own naming convention.
- No refresh. No expiry tracking. No multi-account semantics.
- Headless server use is awkward. Linux without a graphical session often has no usable keychain backend.
encryption.mode = "keyring". The keychain holds one secret (the master key); authsome holds the rest. See Encryption at rest.
DIY auth code
Write your own OAuth client, token cache, and refresh loop in every project. Where it wins. Maximum control. No external dependency. Fits exactly your shape. Where it loses.- You write the same code in every project.
- Edge cases (token revocation mid-flow, refresh-token expiry, provider clock skew, PKCE state, device code polling intervals) are easy to get wrong.
- Security review burden is on you. Mistakes leak credentials.
- No standard place for other tools to find your credentials.
Other local credential brokers
There are a handful of credential-management tools in adjacent spaces. Worth a quick honest comparison:pass,gopass. Excellent password managers. No OAuth flow runner. Treat them like a keychain.aws-vault,awsume. Specific to AWS. Authsome is general-purpose.- OAuth2 client libraries (
httpx-oauth,authlib). Building blocks, not a complete broker. They’re what authsome uses internally. onecli/ OneCLI. Closest comparison: also an open-source credential vault for AI agents. Different design choices around hosting, dashboard, and the policy layer.
Authsome vs other agent credential brokers
For teams deciding between open-source agent credential brokers, the useful comparison is less “who has OAuth?” and more “which operating model fits your agents, team, and deployment?”| Authsome | OneCLI | Agent Vault | |
|---|---|---|---|
| Core model | Provider-centric credential broker for OAuth, API keys, and browser credentials | Dashboard-backed gateway for project/org-scoped secrets and app connections | Vault-scoped credential proxy with user/agent grants and proposal workflow |
| Runtime delivery | Proxy resolves the matching provider and injects auth headers at request time | Gateway swaps placeholders and injects credentials into matching outbound requests | MITM proxy attaches credentials through vault service rules |
| OAuth token lifecycle support | Yes: PKCE, device code, DCR, callback/token exchange, and refresh handling | Yes: OAuth app connections, callback/token exchange, and refresh-aware credentials where supported by the app definition | Yes: OAuth credential type with connect, token paste/import, and refresh handling |
| Default client-app ergonomics | Bundled provider definitions; DCR-capable providers can avoid manual app setup, while other OAuth providers use your client app credentials | App registry with configurable OAuth app credentials and environment/default resolution paths | Provider URL presets help fill OAuth endpoints; operators typically supply client credentials or paste/import existing tokens |
| API-key workflows | Yes | Yes | Yes |
| Bundled provider / app registry | Yes: provider definitions | Yes: app/integration registry with OAuth, API-key, and import methods | Service + credential model rather than a fixed app registry |
| Beyond auth-header injection | Focuses on provider-routed auth injection and token lifecycle | Supports gateway injection plus credential stubs for some tool bootstrapping workflows | Supports service-scoped placeholders in paths, query strings, headers, bodies, and WebSocket frames |
| Main deployment posture | Local-first CLI + daemon, with server components available for shared setups | Web dashboard/API + Rust gateway + Postgres, commonly run through Docker/local mode | Single Go binary or container running API/UI + MITM proxy, often deployed as a separate broker host |
| Team / multi-user | Principals, identity claims, per-principal vaults, admin/user roles, and multi-account provider connections | Org/project/team model with web UI, agents, policy rules, audit/request logs, and scoped secrets/app connections | Multi-user instance and vault model with users, agents, instance roles, vault roles, and proposal approvals |
OAuth nuance that is easy to miss
A binary “OAuth: yes/no” row is usually misleading. A better split is:- OAuth protocol support: can it do authorize/callback/token exchange/refresh?
- Client app ergonomics: how are OAuth client apps supplied, resolved, or overridden?
- Authsome emphasizes reusable provider definitions and flow handling as first-class concepts.
- OneCLI emphasizes app connections, gateway policy context, and app credential resolution from project config or defaults.
- Agent Vault emphasizes vault-scoped credentials/services, approval workflows, and flexible service rules.
When to choose each
Choose Authsome when
- You want OAuth-heavy agent workflows with provider-centric login and token lifecycle handling.
- You want a local-first CLI/daemon flow for developer machines, with room to grow into shared setups.
- You want one broker that handles API-key and OAuth flows under the same provider model.
Choose OneCLI when
- You want a dashboard-first, team-oriented deployment with org/project abstractions.
- You want a Rust gateway with web-managed agents, app connections, policies, and request logs.
- You prefer operations centered around a web dashboard and Postgres-backed service.
Choose Agent Vault when
- You want a single-binary control plane + MITM runtime with explicit vault/user/agent roles.
- You want proposal-based access expansion and strong vault-level governance workflows.
- You want static, OAuth, external-store, and dynamic credential strategies in one vault model.
Caveats for fair comparisons
- Feature names differ across tools (
provider,app,service,credential) and are not one-to-one. - Deployment shape matters as much as features (local-first vs multi-user service footprint).
- OAuth support does not always mean zero setup: client app requirements vary by provider, integration, and deployment policy.
When authsome is the right tool
You want all of:- A single command (
authsome login <provider>) to handle the OAuth flow correctly. - Refresh that happens silently so agents always get a valid token.
- Credentials never appearing in the agent’s environment or shell history.
- A local-first model with no SaaS dependency.
- Multi-account scoping for personal vs work credentials.
- A standard place every agent on the machine looks for credentials.
When authsome is not the right tool
- You need centralized cloud-managed secrets across a fleet of production servers with strict compliance requirements. Use a SaaS secrets manager.
- The only credential you care about is one short-lived API key in CI. A
.envfile plus a CI secret store is enough. - You’re managing infrastructure-as-code secrets (database passwords, TLS certs). That’s not the agent space.
- You’re operating in an environment that prohibits the mitmproxy CA and you can’t use the env-export fallback. Authsome’s proxy needs CA trust.
What’s next
Quickstart
Five minutes to a working agent with injected credentials.
Threat model
What authsome’s trust assumptions are.
Architecture
The layered model and what each layer owns.
Roadmap
What’s coming.