- A prompt injection can talk the agent into sending its keys to an attacker (credential exfiltration).
- Anything in the agent’s environment can end up in its context window, and from there in LLM provider logs and transcripts, or even training data.
- Keys leak sideways into shell history, log files, and error reports as the agent works.
- A stolen key works from anywhere until someone notices and rotates it.
The agent proxy is not limited to AI agents. Any untrusted code execution environment that respects an HTTP proxy can run behind it, with no code changes.
How It Works
- Keep your secrets in Infisical, exactly as you do today. Next to them, define proxied services: small configs that say, for example, “requests to
api.stripe.comgetSTRIPE_API_KEYas a Bearer token”. - Run the agent proxy with one command:
infisical secrets agent-proxy start. - Launch your agent through the wrapper:
infisical secrets agent-proxy connect -- claude. The wrapper points the agent’s traffic at the proxy and starts it. The agent holds none of the brokered credentials, and has no idea any of this is happening.
api.stripe.com. The proxy adds the real STRIPE_API_KEY and forwards the request. Stripe sees a normal authenticated call.
The Whole Platform Comes With It
Standalone credential proxies manage their own keys, users, and permissions in isolation, so you end up running a second secrets manager just for your agents. The agent proxy is different: brokered credentials are ordinary Infisical secrets, so everything the platform does applies to them with zero extra setup.Secret Rotation
Rotate brokered credentials on a schedule. The proxy applies the new value within a minute, with no agent restart and no agent awareness.
Dynamic Secrets
Generate short-lived, per-use credentials on demand for databases, clouds, Kubernetes, and more, so there is no long-lived key to steal in the first place.
Approval Workflows
Require a review before a brokered credential changes, exactly like a code change.
Audit Logs
A complete trail of everything around your proxied services, from configuration changes to activity.
Access Controls
Scope each agent identity to exactly the environments, paths, and services it should reach.
Versioning & Recovery
Every brokered credential keeps its full version history, with point-in-time recovery.
What You Work With
- Proxied Service
- Agent Proxy
- Agent
A small config that lives in a folder next to your secrets. It says which hosts it covers, which secrets to use, and how to apply them (set a header, or swap a placeholder). You manage it in the secrets dashboard like any other resource.
Next Steps
Quickstart
Broker your first credential to an agent in a few minutes.
Proxied Services
Host patterns, header rewriting, and credential substitution.
Security & Architecture
Agent authentication, isolation, certificates, and high availability.