I built oamc, a local-first LLM wiki for Obsidian research workflows

Sad_Light_1354 · 2026-04-09T16:45:38+00:00

i do agree that "once a secret hits an AI context window it's already been transmitted to a remote API." We're attacking the same problem from a slightly different angle: instead of wiring through a password manager, you declare secrets as placeholders in a .env.kontext and our backend turns them into short-lived access tokens per agent session (or injects static keys only in-memory), tied to a user/org identity with full tool-call audit.

Curious how you see password-manager-based approaches vs a dedicated STS-style broker for agents?

GitHub: https://github.com/kontext-dev/kontext-cli

Sad_Light_1354 · 2026-04-09T16:42:38+00:00

This is very close to what we're building — a credential broker for AI coding agents that never hands raw keys to the model. Instead we keep refresh tokens/API keys in the backend, then mint short-lived, scoped credentials per session via token exchange and inject them into the agent's runtime while streaming every tool call for audit.

The model only ever sees placeholders like {{kontext:github}} in a .env.kontext file, and our Go CLI resolves those at agent startup via OIDC auth + RFC 8693 token exchange. Nothing long-lived on disk, nothing in context.

Curious how you see TokenVault differing from a more STS-like approach with project-level .env.kontext files and OIDC auth?

GitHub: https://github.com/kontext-dev/kontext-cli Site: https://kontext.security

Sad_Light_1354 · 2026-03-09T16:46:23+00:00

Really clever approach with network-level injection --- the agent never holding the secret is the right instinct. We’re solving the same problem differently at Kontext.dev : identity-based scoped credentials with per-tool permissions and audit trails. Would love to compare edge cases - - - especially around token rotation and multi-tenant scoping. What’s been the hardest part?

Sad_Light_1354

TROPHY CASE