Introduction
AGENTSECURE.md
A small Markdown file generated by agentsecure start that tells humans and AI coding agents how
to use the local vault and MCP broker in a repo.
The goal is simple: agents can read placeholders like ${API_KEY}, while real values stay local
and are resolved only for approved API calls.
The file
Keep the generated guidance in the repo root. Do not paste real credentials, raw `.env` contents, private keys, customer data, prompts, or request bodies into this file.
# AGENTSECURE.md
## Start
agentsecure start
## What agents see
OPENAI_API_KEY=${OPENAI_API_KEY}
STRIPE_SECRET_KEY=${STRIPE_SECRET_KEY}
## Codex MCP
codex mcp add agentsecure -- agentsecure --config ./agentsecure.json mcp serveLocal vault
Import .env
Real values move into the local AgentSecure vault.
Backup
The original file is saved so humans can restore it.
Rewrite
The repo keeps safe placeholders like ${API_KEY}.
Guide
AGENTS.md explains how agents request secret-backed calls.
MCP broker
Agents should use the MCP broker for API calls that require a secret, not ask users to paste values into prompts.
tool: agentsecure.http.request
url: https://api.example.com/v1/resource
auth: ${API_KEY}
purpose: short reason for the requestApproved destinations
AgentSecure resolves placeholders from the local vault only for destinations approved by the developer or team.
approved_destinations:
api.openai.com:
secrets:
- OPENAI_API_KEY
api.stripe.com:
secrets:
- STRIPE_SECRET_KEYAudit without values
Logs can show the placeholder, destination, MCP tool, and whether a request was sent. They should not include
real secret values, raw .env files, prompts, request bodies, private keys, or customer data.
{
"tool": "agentsecure.http.request",
"placeholder": "STRIPE_SECRET_KEY",
"destination": "api.stripe.com",
"value_logged": false
}