frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Ask HN: Anyone Using a Mac Studio for Local AI/LLM?

50•UmYeahNo•2d ago•31 comments

Ask HN: Ideas for small ways to make the world a better place

23•jlmcgraw•1d ago•25 comments

Ask HN: Who wants to be hired? (February 2026)

140•whoishiring•5d ago•528 comments

Ask HN: Opus 4.6 ignoring instructions, how to use 4.5 in Claude Code instead?

3•Chance-Device•14h ago•0 comments

Ask HN: 10 months since the Llama-4 release: what happened to Meta AI?

46•Invictus0•2d ago•11 comments

Ask HN: Non AI-obsessed tech forums

36•nanocat•1d ago•31 comments

Ask HN: Who is hiring? (February 2026)

314•whoishiring•5d ago•515 comments

LLMs are powerful, but enterprises are deterministic by nature

6•prateekdalal•23h ago•8 comments

Tell HN: Another round of Zendesk email spam

105•Philpax•3d ago•54 comments

AI Regex Scientist: A self-improving regex solver

7•PranoyP•1d ago•1 comments

Ask HN: Is Connecting via SSH Risky?

19•atrevbot•3d ago•38 comments

Ask HN: Has your whole engineering team gone big into AI coding? How's it going?

18•jchung•3d ago•14 comments

Ask HN: Non-profit, volunteers run org needs CRM. Is Odoo Community a good sol.?

3•netfortius•1d ago•1 comments

Ask HN: Is it just me or are most businesses insane?

9•justenough•2d ago•7 comments

Ask HN: Is there anyone here who still uses slide rules?

123•blenderob•4d ago•122 comments

Kernighan on Programming

171•chrisjj•5d ago•62 comments

Ask HN: Mem0 stores memories, but doesn't learn user patterns

9•fliellerjulian•3d ago•6 comments

Ask HN: How does ChatGPT decide which websites to recommend?

5•nworley•2d ago•11 comments

Ask HN: Why LLM providers sell access instead of consulting services?

5•pera•1d ago•13 comments

Ask HN: What is the most complicated Algorithm you came up with yourself?

3•meffmadd•1d ago•7 comments

Ask HN: Does a good "read it later" app exist?

8•buchanae•4d ago•18 comments

Ask HN: Have you been fired because of AI?

17•s-stude•5d ago•15 comments

We built a serverless GPU inference platform with predictable latency

5•QubridAI•3d ago•1 comments

Ask HN: Anyone have a "sovereign" solution for phone calls?

12•kldg•4d ago•1 comments

Ask HN: Anyone Seeing YT ads related to chats on ChatGPT?

2•guhsnamih•2d ago•4 comments

Ask HN: Does global decoupling from the USA signal comeback of the desktop app?

5•wewewedxfgdf•2d ago•3 comments

Ask HN: Cheap laptop for Linux without GUI (for writing)

15•locusofself•4d ago•16 comments

GitHub Actions Have "Major Outage"

53•graton•5d ago•17 comments

Ask HN: Has anybody moved their local community off of Facebook groups?

23•madsohm•5d ago•20 comments

Ask HN: OpenClaw users, what is your token spend?

15•8cvor6j844qw_d6•5d ago•6 comments
Open in hackernews

Ask HN: Best practice securing secrets on local machines working with agents?

10•xinbenlv•2w ago
When building with autonomous / semi-autonomous agents, they often need broad local access: env vars, files, CLIs, browsers, API keys, etc. This makes the usual assumption — “the local machine is safe and untampered” — feel shaky.

We already use password managers, OAuth, scoped keys, and sandboxing, but agents introduce new risks: prompt injection, tool misuse, unexpected action chains, and secrets leaking via logs or model context. Giving agents enough permission to be useful seems at odds with least-privilege.

I haven’t seen much discussion on this. How are people thinking about secret management and trust boundaries on dev machines in the agent era? What patterns actually work in practice?

Comments

deflator•2w ago
I've been having success using Doppler for secret storage. Takes it off the filesystem.
xinbenlv•2w ago
My question is not about on or off storage, is more about when you give agent access, it assume the environment agent runs is safe
algebra-pretext•2w ago
I’m not too familiar with the space, but a friend of mine works at Descope[0] where they offer IAM solutions for agents.

[0] https://www.descope.com/

xinbenlv•2w ago
is the permission device+client based or role based?
nojs•2w ago
Run the agent in a sandbox without access to production secrets.
xinbenlv•2w ago
What if you simply need to give them access. E.g if you want them to do code review you have to at least give them code repo read access. But you don't know if the environment where agent runs will be compromised
mejutoco•1w ago
If you give read access with their own api key they will only get read access, the access that you gave them. Not sure what is the issue.
CriptoSeguro25•2w ago
TBH, the best pattern I've seen is just nuking the secrets at the input level. Run a local regex watcher in-memory that flags anything looking like a PK or seed phrase before it even hits the agent's context window. Keeps it off the network stack entirely
xinbenlv•2w ago
Any prompt injection attack could by pass this by simply do a base64 or any encoding, I guess?
CriptoSeguro25•2w ago
You ar absolutely right. Obfuscation like Base64 or rot13 will always beat static Regex. I was thinking more in terms of a seatbelt for accidental leaks user error rather than a defense against adversarial prompt injection. It's about reducing the blast radius of clumsy mistakes, not stopping a determined attacker.
bilbo-b-baggins•2w ago
The solution that Anthropic uses for Claude Code Web for repository access is to not give the LLM any secrets at all - anything requiring escalated privilege is done through a proxy which holds the credentials.
varshith17•2w ago
Concrete setup: (1) All secrets in 1Password/Bitwarden with CLI, (2) Agent sandbox with no env var access, (3) Wrapper scripts that fetch secrets on-demand and inject at runtime, (4) Context scrubbers that strip secrets before LLM sees logs. Key insight: don't prevent agent access to secrets, prevent secrets from entering agent context/logs. Different problem, solvable with tooling.