Show HN: Cloak – let AI agents use your API keys without ever seeing them
Category: security
Tags: api-keys, security, ai-agents
Score: 7.5/10 (Innovation: 8, Technical: 7, Documentation: 8, Utility: 7)
Cloak is a local encrypted vault daemon that lets AI agents use API keys via MCP tools without the keys ever being exposed to the model, addressing the critical security gap of secret leakage from prompt injection. Its innovative approach of combining an MCP proxy with a policy-enforced vault and signed, SLSA L3 releases makes it a practical and well-engineered solution for secure agent workflows.
Target audience: backend devs, devops, ai engineers
Repository: https://github.com/cloakward/cloak · Rust · Apache-2.0 · 12 stars
View on Hacker News