Some secret management belongs in your HTTP proxy
9 points by carlana
9 points by carlana
Clever idea.
Curious why build specific integrations (like the mentioned GitHub App) instead of using a secrets API backend? A tool like Vault could handle the logic of static vs. dynamic keys, while the proxy handles the 'blind' injection.
Smart idea - just don't know what it has to do with agents or vibecoding :P The downside is obviously that you need to monitor the availability of your proxy - if it's down, you will not be able to access the upstream service. If it's overload with requests, it will not be available as well.
A classic example of moving complexity from code/config to the infrastructure, I guess.
It has to do with agents and LLMs, as you build automations but don't really want to just give them your actual API keys, and some models (claude) refuse to work if you do give them. This acts as a nice middle ground. In similar vein: https://docs.deno.com/sandbox/security/#secret-redaction-and-substitution