agent-zero icon indicating copy to clipboard operation
agent-zero copied to clipboard
verified publisher icon frdel

Add/connect to secret store, and make available to local commands

Open mustafamohsen opened this issue 6 months ago • 2 comments

Many commands require API keys, tokens, etc. for example:

wpscan --api-token abcdefg

It's insecure to include a secrets in the LLM prompt. Rather, an environment variable reference may be passed in the prompt, which gets returned in the execution instructions. Example prompt:

scan example.com using wpscan. Use $WPSCAN_API for the API token

Which may return a command like

wpscan --api-token $WPSCAN_API --url example.com

These variables are ought to be set on the front end, and/or pulled from a local or remote secret management platform (e.g. infiscal)

Update

Example use cases

  • Proxy credentials
  • Services API tokens
  • SSH keys
  • Server accounts

mustafamohsen avatar Jun 20 '25 07:06 mustafamohsen

This is on the roadmap.

frdel avatar Jun 20 '25 09:06 frdel

This is on the roadmap.

@frdel Good to hear so. Is the roadmap public? I couldn't find it

mustafamohsen avatar Jun 20 '25 16:06 mustafamohsen