HN Showcase
Back to browse
GitHub Repository

🔱 API key protection for AI agents. Credentials stay in your vault, never in the agent's memory.

32 starsTypeScript

Aquaman keeping your OpenClaw secrets safe

by tech4242·Feb 12, 2026·1 point·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidNiche GemSolve My Problem
The Take

The plugin-proxy split is smart: credentials live in a backend (Keychain/1Password/Vault/etc.) and a separate proxy injects auth headers over a UDS so the agent process never handles raw keys. It autosurveys plugin configs and channels to migrate plaintext secrets and even ships a Docker image and CLI for local setups — very practical for anyone already on OpenClaw, though it’s narrowly focused and adds an extra trusted component that deserves an audit.

Category
Security
Target Audience

Developers and security-conscious operators running OpenClaw or similar AI agents who need to protect API credentials from compromised agents

Post Description

Created this proxy & plugin setup to isolate credentials. Hope this is a welcome patch for anyone worried about their credentials and supply chain attacks. OpenClaw is cool being as open as it is but here are some batteries.

Similar Projects

Security●●●Banger

I made a local proxy for AI tool calls to keep my API keys safe

Finally, a way to use MCP tools without hardcoding API keys in every prompt.

Solve My ProblemSlick
jsherer
521mo ago
Security●●●Banger

ClawShell, Process-Level Isolation for OpenClaw Credentials

Moves credential security from prompt-injection hope to OS process isolation for agents.

Solve My ProblemZero to One
guanlan
1014mo ago