frontpage.

I built tswap after noticing that Claude Code, while genuinely useful for managing a Kubernetes cluster, was pulling plaintext secrets from every manifest it touched. I wanted the AI to be able to do its job without ever seeing the actual values.

tswap keeps secrets in an AES-encrypted vault file on disk. The decryption key is derived from a YubiKey via HMAC challenge-response. At init you pair two YubiKeys — either unlocks the vault, so you have no single point of hardware failure.

Config files use a comment-based placeholder that keeps them valid YAML:

    stringData:
      DB_PASSWORD: # tswap: db-password

Deployment is a pipe:

    tswap apply values.yaml | helm upgrade myapp ./chart -f -

The privilege split is the key design decision: `apply`, `run`, and `check` need no elevation (AI agent gets these). `get`, `list`, `delete`, and `export` require sudo/admin (human gets these). The AI can deploy; it can't read or enumerate secrets.

Other features: burn tracking for rotation, `redact` for stripping values from logs, `check` for pre-deploy validation, `export`/`import` for vault migration.

Single binary, no daemon. Tested on Linux, macOS, and Windows.

https://github.com/stevedcc/TokenSwap

Show HN: I Built Imgur for Markdown

Show HN: Citatra – Opensource AI visibility tracker for Google AI Overview

OpenAI uncovers Chinese intimidation operation through official's use of ChatGPT

The Eschatian Hypothesis

Startup idea validator – Get brutal verdict

Banks weigh risks of agentic AI in payment systems

We Audited the Security of 7 Open-Source AI Agents – Here Is What We Found

The Purges Within China's Military Are Even Deeper Than You Think

Sandboxed or bare metal? Statistics and study on AI agent deployment

Sneak Peek at the Redesigned Stack Overflow

The AI Is the Computer

BMW deploys the humanoid robot AEON in production sites in Germany

Scavenger genius Shigeru Ban: building cathedrals and quake shelters with paper

Anonymous Authentication: Creating access tokens for guest accounts

Open Source in the Age of AI

Experts sound alarm after ChatGPT Health fails to recognise medical emergencies

Pakistan's defense minister says that there is an 'open war' with Afghanistan

Show HN: Let your OpenClaw find you clients

My Month Using Claude Code

Show HN: Pmpt-CLI – from one-off AI prompts to reproducible decision logs

I gave Claude free time after client work – it asked for a blog

Show HN: Browser extension that takes you to the HN discussion for current page

We gave terabytes of CI logs to an LLM

Show HN: Code Architecture Visualization

FlyTrap disables autonomous targeting drones with an umbrella

Show HN: Pitch An App – Crowdsourced app ideas with voting and revenue sharing

Open source calculator firmware DB48X forbids CA/CO use due to age verification

Show HN: Can you hack my agent, but in real-time with friends?

Any Swiss devs found a "cheap" way to acces Banking APIs for a small project?

Have your cake and decompress it too

Show HN: Tswap–Yubikey-backed secret injection for IaC and AI-assisted workflows