Keep raw keys out of camp
Permanent credentials never enter the prompt, transcript, shell history, or project files. The model sees a handle—not the secret.
Agent-safe secret brokering
Secure passage through the Wild West of AI development.
Env Holster pulls permanent credentials out of plaintext .env files and gives AI coding agents short-lived, scoped access instead. No raw keys in prompts. No long-lived secrets in chat history.
eh_live_7K4••••••R9Master credential remains sealed
Permanent secrets leave permanent tracks
Plaintext secrets were already easy to leak. Agentic tools multiply the places a credential can land: context windows, shared chats, tool output, logs, and copied commands.
DATABASE_URL=postgres://prod...STRIPE_KEY=sk_live_...OPENAI_KEY=sk-proj-...One permanent key. Three new places to lose track of it.
A smaller blast radius
Give agents enough access to finish the job without handing over credentials that outlive the conversation.
Permanent credentials never enter the prompt, transcript, shell history, or project files. The model sees a handle—not the secret.
Issue access for minutes instead of months. If a temporary key wanders, its useful life is already counting down.
Scope each grant to the provider, task, environment, and agent that requested it. Revoke one without rotating the whole herd.
A safer handoff
Env Holster sits between the agent and the service. It turns intent into a temporary capability, then makes that access disappear automatically.
Move the credentials scattered across .env files into one encrypted, local-first vault.
Your LLM asks for a named capability with a clear purpose—not a copy of your master key.
Env Holster generates or brokers scoped, short-lived access and injects it only where the command runs.
One boundary for the whole stack
Rides with the tools already in your terminal: Codex, Claude Code, Cursor, and your existing CLIs.
Private beta
Join the design partner list for early builds, architecture notes, and a voice in the workflows Env Holster protects first.