Keep values out of files
Move credentials out of .env, shell profiles, and tool config that an agent can read while it works.
Agent-specific secrets management
The secrets manager built for AI agent runs
Agents need tools. Tools need credentials. The model does not need to see the secret. Automic Vault stores sensitive values locally and injects them only into approved executables.
Last updated: May 15, 2026
Automic Vault is a local secrets manager for AI agent runs on macOS. It keeps sensitive values out of plaintext files and model context, then injects approved credentials only into trusted command-line tools for the execution that needs them.
The agent gap
Most secrets managers stop before the dangerous moment.
Central vaults can store and issue credentials. The local risk starts when an agent can read files, inspect environment variables, or ask a CLI to print a token.
Give access to the executable
The approved command gets the named secret. The model does not receive a copy to paste, log, or summarize.
Use the Mac keychain
Secrets stay behind local keychain-backed storage instead of becoming another retrieval step in the chat.
Approve risky tool use
Pair injection with command gates so secret-backed actions stay visible before they run.
How it works
Store once. Inject only when a trusted tool runs.
Use av save KEY to store the value outside the repo and away from normal file reads.
Use av inject +KEY /abs/tool so the selected executable receives the value for that run only.
Use av contain when an agent session needs mediated access to host tools.
Related protections
Choose the next runtime control.
ScannerAI agent secret scanner
Find plaintext local credentials before an agent run starts.
DotenvStop agents reading .env filesReplace convenient plaintext with approved runtime access.
API keysAPI key management for AI agentsProtect tokens used by CLIs, SDKs, and deploy scripts.
Vault layerHashiCorp Vault and Automic VaultAdd local agent-runtime control beside central secret stores.