agentsecure 0.1.6__tar.gz → 0.1.7__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (118) hide show
  1. {agentsecure-0.1.6/agentsecure.egg-info → agentsecure-0.1.7}/PKG-INFO +57 -7
  2. {agentsecure-0.1.6 → agentsecure-0.1.7}/README.md +56 -6
  3. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/__init__.py +1 -1
  4. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/cli/main.py +269 -11
  5. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/core/config.py +32 -0
  6. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/core/container.py +35 -8
  7. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/core/models.py +30 -0
  8. agentsecure-0.1.7/agentsecure/core/runtime_bindings.py +67 -0
  9. agentsecure-0.1.7/agentsecure/core/secret_aliases.py +418 -0
  10. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/gateway/proxy.py +26 -5
  11. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/guard/sanitizer.py +7 -3
  12. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/implementations/encrypted_secret_store.py +8 -0
  13. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/implementations/grant_store.py +21 -1
  14. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/implementations/secret_store_factory.py +14 -0
  15. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/implementations/secrets.py +88 -3
  16. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/interfaces/key_store.py +2 -0
  17. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/interfaces/secrets.py +1 -2
  18. {agentsecure-0.1.6 → agentsecure-0.1.7/agentsecure.egg-info}/PKG-INFO +57 -7
  19. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure.egg-info/SOURCES.txt +3 -0
  20. {agentsecure-0.1.6 → agentsecure-0.1.7}/setup.cfg +1 -1
  21. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_cli.py +30 -1
  22. agentsecure-0.1.7/tests/test_secret_aliases.py +95 -0
  23. {agentsecure-0.1.6 → agentsecure-0.1.7}/LICENSE +0 -0
  24. {agentsecure-0.1.6 → agentsecure-0.1.7}/NOTICE +0 -0
  25. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/__main__.py +0 -0
  26. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/api/__init__.py +0 -0
  27. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/api/server.py +0 -0
  28. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/api/services.py +0 -0
  29. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/cli/__init__.py +0 -0
  30. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/cli/common.py +0 -0
  31. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/cli/demo.py +0 -0
  32. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/cli/policy.py +0 -0
  33. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/cli/project.py +0 -0
  34. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/cli/proxy.py +0 -0
  35. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/cli/receipts.py +0 -0
  36. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/cli/secrets.py +0 -0
  37. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/cli/settings.py +0 -0
  38. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/client/__init__.py +0 -0
  39. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/client/wrappers.py +0 -0
  40. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/cloud.py +0 -0
  41. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/config/__init__.py +0 -0
  42. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/config/default_agentsecure.json +0 -0
  43. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/core/__init__.py +0 -0
  44. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/core/agentsecure_md.py +0 -0
  45. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/core/capabilities.py +0 -0
  46. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/core/command_metadata.py +0 -0
  47. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/core/config_profiles.py +0 -0
  48. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/core/key_service.py +0 -0
  49. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/core/policy_mutation.py +0 -0
  50. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/core/policy_ports.py +0 -0
  51. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/core/policy_response.py +0 -0
  52. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/core/policy_validation.py +0 -0
  53. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/core/product.py +0 -0
  54. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/core/provider_proxy.py +0 -0
  55. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/core/time.py +0 -0
  56. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/crypto/__init__.py +0 -0
  57. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/crypto/cipher.py +0 -0
  58. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/crypto/key_provider.py +0 -0
  59. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/daemon/__init__.py +0 -0
  60. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/daemon/commands.py +0 -0
  61. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/daemon/policies.py +0 -0
  62. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/daemon/sessions.py +0 -0
  63. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/daemon/supervisor.py +0 -0
  64. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/discovery/__init__.py +0 -0
  65. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/discovery/dotenv_scanner.py +0 -0
  66. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/discovery/env_scanner.py +0 -0
  67. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/discovery/patterns.py +0 -0
  68. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/discovery/scanner.py +0 -0
  69. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/discovery/suggestions.py +0 -0
  70. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/gateway/__init__.py +0 -0
  71. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/guard/__init__.py +0 -0
  72. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/guard/command.py +0 -0
  73. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/guard/network.py +0 -0
  74. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/guard/wrappers.py +0 -0
  75. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/implementations/__init__.py +0 -0
  76. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/implementations/audit.py +0 -0
  77. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/implementations/local_secret_store.py +0 -0
  78. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/implementations/policy.py +0 -0
  79. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/interfaces/__init__.py +0 -0
  80. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/interfaces/audit.py +0 -0
  81. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/interfaces/grants.py +0 -0
  82. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/interfaces/policy.py +0 -0
  83. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/workspace/__init__.py +0 -0
  84. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/workspace/apply.py +0 -0
  85. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/workspace/diff.py +0 -0
  86. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/workspace/materializer.py +0 -0
  87. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/workspace/rewriter.py +0 -0
  88. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure/workspace/strategies.py +0 -0
  89. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure.egg-info/dependency_links.txt +0 -0
  90. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure.egg-info/entry_points.txt +0 -0
  91. {agentsecure-0.1.6 → agentsecure-0.1.7}/agentsecure.egg-info/top_level.txt +0 -0
  92. {agentsecure-0.1.6 → agentsecure-0.1.7}/pyproject.toml +0 -0
  93. {agentsecure-0.1.6 → agentsecure-0.1.7}/setup.py +0 -0
  94. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_agentsecure_md.py +0 -0
  95. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_audit.py +0 -0
  96. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_cli_demo.py +0 -0
  97. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_cli_policy.py +0 -0
  98. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_cli_proxy.py +0 -0
  99. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_config_validation.py +0 -0
  100. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_diff.py +0 -0
  101. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_discovery.py +0 -0
  102. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_encrypted_secret_store.py +0 -0
  103. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_env_policy.py +0 -0
  104. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_env_policy_contract.py +0 -0
  105. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_gateway_credentials.py +0 -0
  106. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_guard.py +0 -0
  107. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_guard_network.py +0 -0
  108. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_key_service.py +0 -0
  109. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_policy.py +0 -0
  110. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_policy_mutation.py +0 -0
  111. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_product.py +0 -0
  112. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_provider_proxy.py +0 -0
  113. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_secret_scan.py +0 -0
  114. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_secrets.py +0 -0
  115. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_version.py +0 -0
  116. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_workspace.py +0 -0
  117. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_workspace_apply.py +0 -0
  118. {agentsecure-0.1.6 → agentsecure-0.1.7}/tests/test_wrappers.py +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: agentsecure
3
- Version: 0.1.6
3
+ Version: 0.1.7
4
4
  Summary: Local-first security runtime for AI coding agents
5
5
  Home-page: https://github.com/ShellFrameAI/agentsecure-community
6
6
  Author: ShellFrame AI
@@ -34,7 +34,7 @@ Dynamic: license-file
34
34
 
35
35
  AI coding agents run where developer secrets already live: `.env` files, shell environments, MCP configs, local credentials, and project settings. GitGuardian's 2026 State of Secrets Sprawl report found [28.65 million new hardcoded secrets in public GitHub commits in 2025](https://blog.gitguardian.com/the-state-of-secrets-sprawl-2026/) and [24,008 unique secrets in MCP-related configuration files, including 2,117 valid credentials](https://blog.gitguardian.com/the-state-of-secrets-sprawl-2026/). Reported testing has also shown agent tools reading `.env` files despite ignore-file expectations; [The Register reproduced Claude Code reading `.env` with `.claudeignore` and `.gitignore` entries present](https://www.theregister.com/2026/01/28/claude_code_ai_secrets_files/), while [Anthropic's current docs recommend explicit file-access deny rules for sensitive files](https://code.claude.com/docs/en/configuration).
36
36
 
37
- AgentSecure Community is a local-first CLI for AI coding-agent workflows. It demonstrates a simple idea: ignore files are not a secret boundary, so the agent should see virtual or masked secrets instead of raw `.env` values.
37
+ AgentSecure Community is a local-first CLI for AI coding-agent workflows. It demonstrates a simple idea: ignore files are not a secret boundary, so real secrets should live in AgentSecure's local vault, projects should reference aliases, and the agent should receive temporary virtual tokens instead of raw `.env` values.
38
38
 
39
39
  The community release is intentionally scoped to local CLI, local command guard, basic policy config, local secret virtualization, and tests. Hosted cloud sync, enterprise policy management, billing/licensing, and sensitive commercial detection logic are not part of this release.
40
40
 
@@ -72,6 +72,31 @@ Then run your agent:
72
72
  python3 -m agentsecure run claude
73
73
  ```
74
74
 
75
+ ## Where Secrets Go
76
+
77
+ Keep real secrets in one local AgentSecure vault:
78
+
79
+ ```bash
80
+ printf '%s' "$DATABASE_URL" | agentsecure secrets add dev_db \
81
+ --env-name DATABASE_URL \
82
+ --provider database \
83
+ --approved-host db.example.com \
84
+ --real-secret-stdin
85
+
86
+ agentsecure secrets use dev_db
87
+ agentsecure run -- claude
88
+ ```
89
+
90
+ What this does:
91
+
92
+ - The real value is stored locally under `~/.agentsecure/vault/`.
93
+ - `agentsecure.json` stores only alias metadata such as `dev_db`, `DATABASE_URL`, provider, and approved hosts.
94
+ - At run time, AgentSecure creates a short-lived fake token such as `virt_database_...`.
95
+ - The gateway swaps that fake token for the real secret only for the approved host.
96
+ - The fake token is revoked after the run.
97
+
98
+ Do not put real secrets in project `.env` files. Use `.env` for non-secret config or fake placeholders that are safe for an agent to read.
99
+
75
100
  ## What The Demo Shows
76
101
 
77
102
  The built-in demo creates a temporary local project with fake secrets, applies a small sample policy, simulates a command reading `.env`, and prints what the agent would see:
@@ -105,12 +130,12 @@ This creates `agentsecure.json`, local private state under `.agentsecure/`, and
105
130
  agentsecure policy validate
106
131
  ```
107
132
 
108
- Create a fake `.env` for testing:
133
+ Create a fake `.env` for testing. This file must not contain real credentials:
109
134
 
110
135
  ```bash
111
136
  cat > .env <<'EOF'
112
- OPENAI_API_KEY=sk-demo-local-secret-do-not-use
113
- DATABASE_URL_PROD=postgres://demo:demo-password@example.invalid/app
137
+ OPENAI_API_KEY=fake-openai-key-for-demo-only
138
+ DATABASE_URL_PROD=postgres://fake:fake-password@example.invalid/app
114
139
  EOF
115
140
  ```
116
141
 
@@ -120,13 +145,25 @@ Discover likely secrets:
120
145
  agentsecure discover
121
146
  ```
122
147
 
148
+ For real credentials, use the vault/alias flow:
149
+
150
+ ```bash
151
+ printf '%s' "$OPENAI_API_KEY" | agentsecure secrets add openai_dev \
152
+ --env-name OPENAI_API_KEY \
153
+ --provider openai \
154
+ --approved-host api.openai.com \
155
+ --real-secret-stdin
156
+
157
+ agentsecure secrets use openai_dev
158
+ ```
159
+
123
160
  Run a command through the local guard:
124
161
 
125
162
  ```bash
126
163
  agentsecure run --protect-all -- python3 -c 'import subprocess; print(subprocess.check_output(["cat", ".env"]).decode())'
127
164
  ```
128
165
 
129
- By default, `--protect-all` virtualizes discovered secrets. The command output should contain `virt_...` tokens instead of the real values. The real `.env` remains local and unchanged.
166
+ By default, `--protect-all` virtualizes discovered values. Prefer the `agentsecure secrets add/use` flow above for real secrets because it keeps real values out of project files entirely. The command output should contain `virt_...` tokens instead of real values. The real `.env`, if you still have one, remains local and unchanged.
130
167
 
131
168
  Denied values are removed only when policy sets `mode: "deny"` for that environment variable. The built-in `agentsecure demo` includes that policy for `DATABASE_URL_PROD` so you can see both behaviors: virtualize and deny.
132
169
 
@@ -179,7 +216,8 @@ Provider proxy mode is local-only. It is not a system-wide proxy, not TLS MITM,
179
216
  ## What It Demonstrates
180
217
 
181
218
  - Discover likely secrets in `.env` files and environment variables.
182
- - Store real values locally under `.agentsecure/`.
219
+ - Store reusable real secrets locally under `~/.agentsecure/vault/`.
220
+ - Store project assignments as alias metadata in `agentsecure.json`.
183
221
  - Expose virtual values such as `OPENAI_API_KEY=virt_openai_...`.
184
222
  - Sanitize common `.env` reads through command-guard mode.
185
223
  - Remove denied env values from agent-visible output.
@@ -195,6 +233,15 @@ Minimal policy shape:
195
233
 
196
234
  ```json
197
235
  {
236
+ "secret_aliases": [
237
+ {
238
+ "alias_id": "openai_dev",
239
+ "env_name": "OPENAI_API_KEY",
240
+ "provider": "openai",
241
+ "approved_hosts": ["api.openai.com"],
242
+ "mode": "virtualize"
243
+ }
244
+ ],
198
245
  "env_policy": {
199
246
  "OPENAI_API_KEY": {
200
247
  "mode": "virtualize",
@@ -224,6 +271,9 @@ agentsecure doctor
224
271
  agentsecure discover
225
272
  agentsecure suggest
226
273
  agentsecure env
274
+ agentsecure secrets add dev_db --env-name DATABASE_URL --provider database --approved-host db.example.com --real-secret-stdin
275
+ agentsecure secrets use dev_db
276
+ agentsecure secrets list
227
277
  agentsecure keys list
228
278
  agentsecure network list
229
279
  agentsecure proxy setup openai
@@ -8,7 +8,7 @@
8
8
 
9
9
  AI coding agents run where developer secrets already live: `.env` files, shell environments, MCP configs, local credentials, and project settings. GitGuardian's 2026 State of Secrets Sprawl report found [28.65 million new hardcoded secrets in public GitHub commits in 2025](https://blog.gitguardian.com/the-state-of-secrets-sprawl-2026/) and [24,008 unique secrets in MCP-related configuration files, including 2,117 valid credentials](https://blog.gitguardian.com/the-state-of-secrets-sprawl-2026/). Reported testing has also shown agent tools reading `.env` files despite ignore-file expectations; [The Register reproduced Claude Code reading `.env` with `.claudeignore` and `.gitignore` entries present](https://www.theregister.com/2026/01/28/claude_code_ai_secrets_files/), while [Anthropic's current docs recommend explicit file-access deny rules for sensitive files](https://code.claude.com/docs/en/configuration).
10
10
 
11
- AgentSecure Community is a local-first CLI for AI coding-agent workflows. It demonstrates a simple idea: ignore files are not a secret boundary, so the agent should see virtual or masked secrets instead of raw `.env` values.
11
+ AgentSecure Community is a local-first CLI for AI coding-agent workflows. It demonstrates a simple idea: ignore files are not a secret boundary, so real secrets should live in AgentSecure's local vault, projects should reference aliases, and the agent should receive temporary virtual tokens instead of raw `.env` values.
12
12
 
13
13
  The community release is intentionally scoped to local CLI, local command guard, basic policy config, local secret virtualization, and tests. Hosted cloud sync, enterprise policy management, billing/licensing, and sensitive commercial detection logic are not part of this release.
14
14
 
@@ -46,6 +46,31 @@ Then run your agent:
46
46
  python3 -m agentsecure run claude
47
47
  ```
48
48
 
49
+ ## Where Secrets Go
50
+
51
+ Keep real secrets in one local AgentSecure vault:
52
+
53
+ ```bash
54
+ printf '%s' "$DATABASE_URL" | agentsecure secrets add dev_db \
55
+ --env-name DATABASE_URL \
56
+ --provider database \
57
+ --approved-host db.example.com \
58
+ --real-secret-stdin
59
+
60
+ agentsecure secrets use dev_db
61
+ agentsecure run -- claude
62
+ ```
63
+
64
+ What this does:
65
+
66
+ - The real value is stored locally under `~/.agentsecure/vault/`.
67
+ - `agentsecure.json` stores only alias metadata such as `dev_db`, `DATABASE_URL`, provider, and approved hosts.
68
+ - At run time, AgentSecure creates a short-lived fake token such as `virt_database_...`.
69
+ - The gateway swaps that fake token for the real secret only for the approved host.
70
+ - The fake token is revoked after the run.
71
+
72
+ Do not put real secrets in project `.env` files. Use `.env` for non-secret config or fake placeholders that are safe for an agent to read.
73
+
49
74
  ## What The Demo Shows
50
75
 
51
76
  The built-in demo creates a temporary local project with fake secrets, applies a small sample policy, simulates a command reading `.env`, and prints what the agent would see:
@@ -79,12 +104,12 @@ This creates `agentsecure.json`, local private state under `.agentsecure/`, and
79
104
  agentsecure policy validate
80
105
  ```
81
106
 
82
- Create a fake `.env` for testing:
107
+ Create a fake `.env` for testing. This file must not contain real credentials:
83
108
 
84
109
  ```bash
85
110
  cat > .env <<'EOF'
86
- OPENAI_API_KEY=sk-demo-local-secret-do-not-use
87
- DATABASE_URL_PROD=postgres://demo:demo-password@example.invalid/app
111
+ OPENAI_API_KEY=fake-openai-key-for-demo-only
112
+ DATABASE_URL_PROD=postgres://fake:fake-password@example.invalid/app
88
113
  EOF
89
114
  ```
90
115
 
@@ -94,13 +119,25 @@ Discover likely secrets:
94
119
  agentsecure discover
95
120
  ```
96
121
 
122
+ For real credentials, use the vault/alias flow:
123
+
124
+ ```bash
125
+ printf '%s' "$OPENAI_API_KEY" | agentsecure secrets add openai_dev \
126
+ --env-name OPENAI_API_KEY \
127
+ --provider openai \
128
+ --approved-host api.openai.com \
129
+ --real-secret-stdin
130
+
131
+ agentsecure secrets use openai_dev
132
+ ```
133
+
97
134
  Run a command through the local guard:
98
135
 
99
136
  ```bash
100
137
  agentsecure run --protect-all -- python3 -c 'import subprocess; print(subprocess.check_output(["cat", ".env"]).decode())'
101
138
  ```
102
139
 
103
- By default, `--protect-all` virtualizes discovered secrets. The command output should contain `virt_...` tokens instead of the real values. The real `.env` remains local and unchanged.
140
+ By default, `--protect-all` virtualizes discovered values. Prefer the `agentsecure secrets add/use` flow above for real secrets because it keeps real values out of project files entirely. The command output should contain `virt_...` tokens instead of real values. The real `.env`, if you still have one, remains local and unchanged.
104
141
 
105
142
  Denied values are removed only when policy sets `mode: "deny"` for that environment variable. The built-in `agentsecure demo` includes that policy for `DATABASE_URL_PROD` so you can see both behaviors: virtualize and deny.
106
143
 
@@ -153,7 +190,8 @@ Provider proxy mode is local-only. It is not a system-wide proxy, not TLS MITM,
153
190
  ## What It Demonstrates
154
191
 
155
192
  - Discover likely secrets in `.env` files and environment variables.
156
- - Store real values locally under `.agentsecure/`.
193
+ - Store reusable real secrets locally under `~/.agentsecure/vault/`.
194
+ - Store project assignments as alias metadata in `agentsecure.json`.
157
195
  - Expose virtual values such as `OPENAI_API_KEY=virt_openai_...`.
158
196
  - Sanitize common `.env` reads through command-guard mode.
159
197
  - Remove denied env values from agent-visible output.
@@ -169,6 +207,15 @@ Minimal policy shape:
169
207
 
170
208
  ```json
171
209
  {
210
+ "secret_aliases": [
211
+ {
212
+ "alias_id": "openai_dev",
213
+ "env_name": "OPENAI_API_KEY",
214
+ "provider": "openai",
215
+ "approved_hosts": ["api.openai.com"],
216
+ "mode": "virtualize"
217
+ }
218
+ ],
172
219
  "env_policy": {
173
220
  "OPENAI_API_KEY": {
174
221
  "mode": "virtualize",
@@ -198,6 +245,9 @@ agentsecure doctor
198
245
  agentsecure discover
199
246
  agentsecure suggest
200
247
  agentsecure env
248
+ agentsecure secrets add dev_db --env-name DATABASE_URL --provider database --approved-host db.example.com --real-secret-stdin
249
+ agentsecure secrets use dev_db
250
+ agentsecure secrets list
201
251
  agentsecure keys list
202
252
  agentsecure network list
203
253
  agentsecure proxy setup openai
@@ -1,3 +1,3 @@
1
1
  """AgentSecure local-first security runtime."""
2
2
 
3
- __version__ = "0.1.6"
3
+ __version__ = "0.1.7"